Configuration Analyst (Permanent)

Join a Leading Cyber Defence Operations Team and help safeguard against global cyber risks! Location: Reading – 2 Days a week on site Employment Type: Permanent The Cyber Defence Operations team is responsible for protecting customers against cyber threats worldwide. The team’s mission is to enhance the global cyber defence posture and reduce cyber risks through operational leadership and capabilities. We’re looking for a Level 3 SOC Analyst to join our client\’s team, offering expertise in security analysis and incident response to help drive the success of their Cyber Security Operations Center (CSOC). As a Senior Analyst, you will also work to mentor and uplift analyst skills and act as a key escalation point. Advanced Incident Response: Handle escalated security incidents that L1 and L2 analysts cannot resolve, such as sophisticated malware infections, APTs, and complex intrusions. Lead forensic analysis and threat hunting efforts to ensure rapid containment and recovery. Security Analysis and Root Cause Analysis: Conduct detailed analysis of security events to address current cyber threats. Participate in or lead security event analysis activities. Residual Risk Assessment: Deliver post-incident analysis, technical lessons learned, and reporting to assess residual risk. Advanced SIEM Tuning: Refine and tune SIEM tools to reduce false positives and detect more sophisticated threats, ensuring optimal alert configurations. 4+ years of experience in SOC analysis, security event analysis, and incident response (Level 2 or above). ~ Extensive hands-on experience in security event analysis and incident response. ~ Deep knowledge of IPv4/IPv6, TCP networking protocols, and the OSI model. ~ SIEM (ArcSight, Sentinel, QRadar, Splunk), EDR (Microsoft Defender, FireEye), IDS/IPS, firewalls, proxies, web application firewalls, and anti-virus technologies. ~ Strong knowledge of Linux and Windows operating systems. ~ IBM Resilient, Splunk Phantom, SIEMplify) and cloud platforms (e.g., AWS, Azure, O365). ~ Experience investigating intrusions in Linux and cloud environments. ~ Kusto, SQL).