SOC Analyst

Job Title: SOC Analyst

Location: Reading, United Kingdom (Hybrid- 1-2 days/week)

Job Type: Contract Inside IR35

Client: Wipro

Job Overview:

As an OT Senior Cyber Security Analyst, you will be responsible for maintaining SecOps (Security Operations) solutions, controls and processes across the organisation. You will be mentoring and assisting with leading the SOC team to ensure appropriate prioritisation and remediation of OT alerts and incidents.

This role requires a deep understanding of SecOps concepts, technologies and best practices across IT and OT environments, as well as the ability to collaborate effectively with cross-functional teams. The ideal candidate will possess strong communication and incident management skills and will be committed to ensuring the highest level of security, compliance, and user experience.

Responsibilities:

Investigate security alerts from our SIEM tool and 3rd party MSSPs, and to provide appropriate incident response actions.

Liaise with technology and business stakeholders in relation to cyber security issues/incidents providing clear descriptions and actions.

Support the Cyber Security Operations Lead for security and privacy incidents, triaging events and performing root cause analysis to understand how incidents arise.

Acting as the key contact and escalation point for the SOC and Thames Water Digital teams.

Supporting out-of-hours incident investigations via an On-Call rota, covering 24*7*365 alongside our 3rd party MSSP.

Monitor, analyse and optimise SecOps tool performance (e.g. SIEM, PAM), identify potential issues, and recommend and implement proactive solutions.

Develop and maintain SecOps documentation, policies, and procedures.

Collaborate with stakeholders to understand business requirements and implementing security controls that are proportionate to the risk.

Maintain cyber security solutions with existing systems, applications, and infrastructure.

Evaluate and recommend technologies, tools, and vendors to meet business needs.

Perform proactive threat hunting for new and emerging cyber threats.

Specialist in Operational Technology systems, defining monitoring alerts and ensuring the operation of effective security controls.

Collect data that drives cyber security compliance metric dashboards.

Support compliance with relevant industry standards, regulations, and best practices, such as GDPR, NIS and ISO 27001.

Stay current on industry trends, emerging technologies, and best practices to continuously improve security operations.

This job involves:

Key Responsibilities

Expectations

Contextualize OT specific threats

Responsible for understanding the Operational Technology estate, specific OT threats and controls and mitigations that are in place. To be able to use tools such as Claroty to understand network traffic and OT hardware limitations to avoid downtime due to active scans.

Understand OT specific architecture frameworks

Reduce risks with overlaying context

Build direct relationships with Operations of the essential service alongside the OT team to understand and articulate operational risk and cyber risk.

Maintain Security Operations

Responsible for maintaining our security operations processes, including supporting an effective continuous improvement process surrounding the services provided. Familiarity desired with Microsoft security operations tools (e.g. Sentinel), and extensive knowledge of other security tools such as SOAR, EDR / XDR and IDAM.

Reductions over time in repetitive tickets/alerts demonstrating successful tuning of security tooling and processes.

Reduction over time in average time it takes to investigate and resolve security incidents demonstrating an increasing efficiency in SecOps processes.

Operational metrics evidencing the effectiveness of security controls.

Proactive Risk Remediation

Follow a risk-based approach to continually identify, analyse and evaluate the effectiveness of security controls and relate them to appropriate (and proportionate) security controls. Responsible for helping the business to deliver new security controls and for performing proactive activities (e.g. threat hunting) to continuously evaluate and uncover vulnerabilities throughout the technology stack.

Act as an ambassador within the Cyber Security team for the application of a risk-based approach and continuous risk reduction.

Collate the data supporting dashboards with robust SecOps metrics that evidence the tangible reduction in risk and technical debt.

4

Incident Readiness & Response

The Security Operations team holds primary responsibility for cyber security incident triage, management, and response. A consistent and reliable level of service is provided around both preparing the business for a significant cyber security incident (e.g. ransomware attack) and actual responses to live incidents. Responses to incidents are run in a structured, measured and auditable manner with continuous improvement integrated into incident management processes to ensure processes are always adapting to the changing threat landscape.

Reduction over time in business impacts experienced as a result of cyber security incidents.

Time between incident identification and remediation/closure reduces over time.

The business is periodically educated on incident management procedures and readiness activities.

All staff are aware of what constitutes a cyber security incident and how it should be reported.

5Continuous Improvement

Demonstrate an ability to improve processes over time whether that be increases in efficiency or using automation. The more efficient SecOps processes are the shorter response time to incidents will be and the more time will be available to proactive security activities such as threat hunting.

Gradual improvement over time of operational efficiencies as reporting in metrics/KPIs/dashboards.

Demonstrable use of automation to eliminate manual processes.

The qualifications, experience, technical skills, competencies, and values required are:

Strong analytical and problem-solving abilities

Some hands-on exposure to cyber security concepts and principles

Experience in working with third party delivery partners and MSSPs

Decision making and judgement

Ability to innovate technical solutions

Excellent planning and organising capabilities

Essential Experience

Minimum of 3 years of experience working with technical Cyber Security controls, preferably in an enterprise environment

Minimum of 3 years of experience in control systems of essential service (ICS, SCADA, CNI)

Exposure to working in or with a security operations centre (SOC)

Triaging problems or issues in a structured and disciplined manner

Experience in remediating cyber risks in ever-changing digital environments

Essential Technical Skills & Qualifications

Ability to explain complex IT / Security problems in a simple manner to non-technical audiences

Strong understanding of OT infrastructure, networking, and end-user computing.

Experience writing Kusto Query Language (KQL) for creating and tuning SIEM queries and alerts.

Proficient in configuration and troubleshooting of multi-factor authentication (MFA), Privileged Access Management (PAM) and Security Information & Event Management (SIEM) systems, in particular Microsoft Sentinel.

Desirable Experience

Familiarity with managing network security capabilities such as NAC (Network Access Control), Firewalls, Proxies/VPN, IDS/IPS, etc.

Leading and mentoring a team to deliver operational excellence.

Desirable Technical Skills & Qualifications

Degree in Cyber Security, Computer Science, Information Technology, Engineering, or related field.

Microsoft SecOps specific certification(s) e.g. Microsoft Security Operations Analyst (SC-200, AZ-900)

Any generic cyber security industry certification(s) such as CCSP, OT-specific certification(s) e.g. Claroty Cybersecurity Analyst