Principal SOC Analyst(L3) - Sofia

Principal SOC Analyst(L3)

Location:  Sofia

Job type:  Permanent Full-Time

Salary:      Negotiable

Minimum experience required: 5+ years in an equivalent role

About Us

Integrity360 is one of Europe’s leading cyber security specialists operating from office locations spread out across Europe, providing a comprehensive range of professional, support and managed cyber security services for our 300+ clients. With four top-class Security Operation Centers, we offer a complete end-to-end security services covering our clients’ security from every angle. Our services include Managed Security, Cyber Security Testing, Incident Response, Security Integration, PCI Compliance and Cyber Risk & Assurance services.

What sets Integrity360 apart is our excellent team of people that drive the business forward. The company was founded with a focus on technical expertise and that philosophy remains today. The skills and experience in our company are some of the greatest in the industry and clients remain with Integrity360 because they can rely on and trust us to go above and beyond to ensure their needs are met. Listed multiple times on Gartner Market Guides for Managed Security Services.

Job Role / Responsibilities

In this role you will be expected to analyse a range of alerts and incidents, identifying threats and attacks performed by Threat Actors ranging from Cyber criminals, ATPs, and Nation States.. You will leverage various threat intelligence streams to enhance your understanding of emerging threats and vulnerabilities used by Threat Actors, providing customers with your insight and experience.

You will act as a lead investigator and escalation point for security incidents and alerts analysed by the CSOC team, providing keen insights and taking action to protect customer environments. A successful principal analyst will also develop, edit, and deliver security reports to enterprise-level customers.

The role requires flexibility and the ability to work extra hours when the business calls for it, and has an on-call component. A good knowledge of Information Security is required for this role. Proactive client services, such as compromise assessments and evaluating and recommending tools and technology for incident response are also in scope. Demonstration of a strong comprehension of malware, emerging threats and adversary TTPs will be critical to success.

Primary Duties/Responsibilities include:

• Deliver keen insights when reviewing security events, evaluating the risk they present to the customer, in the context of the environment they are in.
• Perform hypothesis led threat hunting to identify anomalies in customer environments.
• Perform in-depth investigation on confirmed security incidents, leading incidents when required and mentoring other CSOC analysts to ensure continual improvement of the team.
• Identify, contain, and eradicate threats in the environment. Engaging with the i360 Incident Response team when the scope of incident has gone outside of CSOC capacity.
• Perform analysis of malicious code and activity.
• Continually assess, review, and tune security tooling to reduce false positives and improve the quality of detections raised by i360 security monitoring tools.
• Drive our incident response process, ensuring incident reports cover the complete details of a given incident, including evidence of investigation and providing reports to incident stakeholders.
• Responsible for generating reports to the partners and stakeholders showing internal threat landscape.
• Continually develop, improve, and refine processes, documentation, and SOPs.
• 24 x 7 on-call support on a rota basis may form part of the role.
• Travel in office may be required from time to time to facilitate training and development individually, and for the wider CSOC team.

Desired Skills

• Experience working with security event detection tools like IPS, SIEM, DLP, Anti-virus, etc.
• Proven ability to perform advanced analysis, correlating alerts across the network, host, and identity plane, applying personal insights and threat intelligence knowledge to your overall assessment..
• Assist in Incident Response investigations, in the event of a major incident, escalating to our Incident Response function should the incident scope go outside of CSOC support. Support and develop security analysts during incident engagements
• Experience in performing analysis on network pcaps and documents for malicious activity or codes.  
• Fundamental knowledge in Networks and Network Security.
• Understanding of Network infrastructure hardware and protocols (TCP/IP, switches, bridges, routers, proxy servers, VPN concentrators).
• Understanding of Security protocols (IPSec), and encryption technologies (3DES, AES, SHA2, TLS).
• Understanding of basic security principles such as Confidentiality, Availability, Integrity.
• Familiar with security best practices.
• A process of on-going certification for the benefit of the business and for self-development is encouraged .
• Review the adequacy of the security controls and their ability to protect the information system and its information.
• Experience with SIEM and SOAR solutions such as; Splunk, Sentinel, Swimlane is a plus.
• Experience with EDR/XDR solutions such as; Defender for Endpoint, Crowdstrike, Rapid7 is a plus.
• Strong Microsoft Word & Microsoft Excel skills required.
• Excellent command of both written and spoken English is a must

Certifications/Qualifications

• Any of the following accreditations/certification will be highly beneficial: 
• Security industry certifications: GSEC, GCIH, GCFA or similar security certifications. CYSA+, SEC+,
• 2+ years in an Incident Handling role or a CSIRT role.
• Ideal candidates will possess a working knowledge of Intrusion Prevention System (IPS), SIEM, SOAR & DLP.
• Experience working with threat hunting tools.

Integrity360 Employee Benefits (Bulgaria) 

At Integrity360 we aim to reflect what’s important through the benefits we offer. We survey our people regularly and encourage discussions around these tops so we can understand what really makes a difference. Our benefits priorities are physical, mental, and financial wellbeing. 

Mental & Physical wellbeing benefits: 

• Premium private healthcare by Uniqa with extended coverages  

• Dental coverage, claim up to 400BGN/year 

• Optical coverage, claim up to 100BGN/year 

• Life insurance  

• MultiSport card fully covered 

Financial wellbeing: 

We guarantee that every employee will have their pay reviewed at least once every year, if not more regularly. We aim to pay within the market range for all roles and keep pace with inflation on average. 

What we offer: 

• Twice yearly salary reviews 

Other benefits include: 

• 4 days additional annual leave (24 in total). Option to carry over up to 12 days in the next year. 

• Our L&D program, we work with various platforms including Cybrary, Udemy, Preply, Pluralsight, Swift and HTB ensuring our people are up to date with their industry knowledge. Offering opportunities to further upskill and gain industry leading certifications.