Global SOC L1 Analyst

Principal Duties/Responsibilities

• Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine whether further investigation is required.
• Level 1 Analyst will be responsible in confirming that the incident is in fact a true positive requiring an investigation and potentially remediation or mitigation then escalate incidents according to the defined process.
• Triage alerts, security incidents and seeking out potential security issues through log analysis, and use of tools such as SIEM, UEBA, EDR, etc. 
• Ensure timely response to any cyber incident to minimize risk exposure and production down time, including interacting with different technical teams and business areas where needed.
• Determine the type of support required, coordinate with the respective team or POC. 
• Attend handover calls to support L2 in communicating handover to next shift. 
• Recommend alert for tuning to minimize false positives. 
• Recommend or assist L2s/L3s with creation or update of KBs, processes and runbooks.

What you will need:

• You will be working as part of a 24/7 SOC across different locations and therefore you must be a true team player, with the ability and desire to engage with different internal stakeholders and colleagues to deliver the very highest standards of service and support. 
• 2 - 3 Years’ Experience working as part of a mature cyber defence centre or security operations centre. 
• To be effective, you need to have great troubleshooting skills, the ability to research problems and the ability to effectively communicate during stressful times, while keeping a cool, calm, and friendly approach when dealing with stakeholders and colleagues. 
• Solid time management skills and be dependable. 
• Hands on experience of using a SIEM, UEBA, and EDR as a Level 1 security analyst. 
• Leading Investigations and comfortable talking to stakeholders and colleagues on both a technical and non-technical level. 
• Great verbal and written communication skills, and the ability to write reports in a structured methodology. 
• BSc/MSc in a security field or equivalent experience working within a security related function. 
• To be inquisitive, with a strong sense of personal responsibility for learning and self-development.
• Being able to identify common attack techniques within the context of specific technologies. 
• Working knowledge of networking protocols/technologies (e.g. TCP, IP, HTTP/HTTPS).

Beneficial: 

• Any relevant security certifications (CompTIA Security+, GIAC GSEC (SANS 408), CEH, or industry recognized equivalent). 
• Any relevant network certifications (Network +, CCNA, etc.). 
• Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection). 
• Exposure to attack and penetration methods and tools. 
• Working knowledge of scripts, tools, or methodologies to enhance our incident investigation and processes (such as Python, PowerShell, etc.).
   

WTW is an Equal Opportunity Employer