SOC L2 Analyst responsible for security monitoring and incident investigation. Analyzing escalated alerts, conducting correlation with SIEM, and executing response actions.
About the role
- Security Operations Analyst at PPRO responsible for detecting, analyzing, and responding to security threats. Involves developing and refining detection capabilities in a dynamic, cloud-native environment.
Responsibilities
- Design, develop and implement custom detection rules, alerts and dashboards within our SIEM platform to identify emerging threats across both end-user and production environments
- Continuously tune and optimize existing rules to improve detection accuracy and reduce false positives
- Proactively hunt for threats within our environment by analyzing logs and security data from various sources
- Conduct thorough investigations of security alerts generated by endpoint detection & response systems, SIEM and cloud platforms
- Manage the full lifecycle of security events from initial detection and triage to containment, eradication and post-incident analysis
- Clearly document and report on lessons learned from security events and incidents
- Monitor, maintain and enhance our security tooling, ensuring optimal performance and coverage
- Collaborate with Technology teams to integrate security monitoring and alerting into the CI/CD pipeline
- Evaluate and recommend new security technologies and tools to address both known and unknown gaps in our defenses
Requirements
- Strong hands-on experience with SIEM platforms, including the creation and tuning of complex detection rules
- Demonstrable experience with Endpoint Detection and Response (EDR) tools
- Solid understanding of cloud security principles, CI/CD processes and DevSecOps environments
- In-depth knowledge of incident response methodologies and best practices
- A proactive mindset with the ability to take ownership of tasks and projects and drive them to completion
- Excellent analytical and problem-solving skills, with a keen eye for detail
- Scripting or programming skills (e.g., Python, PowerShell) for automation and analysis
- Empathetic, thoughtful and business-focused approach to understand how Security controls impact other business functions and customers
- An understanding of regulatory compliance frameworks such as PCI DSS, DORA, SOC2, GDPR is a bonus
Benefits
- Hybrid working - We offer a hybrid structure with a 3 days / week on site expectation, so you can strike the balance between office and home working.
- 28-day holiday allowance
- Work from abroad policy, enabling employees to work remotely for up to another 30 days per year
- GBP 1,000 annual budget to support your professional growth
- Leadership cafés, on-the-job training
- Various insurances including a medical insurance (BUPA health care plan)
- 5% matching pension plan through Now Pensions
- Enhanced family leave to support you during key life moments
- Workplace nursery scheme
- Gym membership contribution
- Mental Health Platform access for therapy and courses
- Pet-friendly office
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Cyber Security Specialist protecting digital estate from threats at the University of Edinburgh. Focused on identifying and mitigating cyber risks while supporting teaching and research services.
Cybersecurity Incident Response Analyst detecting and responding to cyber threats at NOV. Collaborating using AI tools to enhance cybersecurity operations across IT, cloud, and OT environments.
Lead Specialist in Security Operations, enhancing detection engineering and incident response at Pearson. Collaborate with teams and drive process improvements in a high - paced environment.
Security Engineer II at AvidXchange enhancing security operations and incident response. Collaborating with teams to develop, tune and improve security monitoring and automation capabilities.
Director leading security operations strategy and overseeing investigations at Ford Motor Company. Responsible for global investigations, crisis management, and team leadership.
Cloud Security Engineer at Artemys designing and maintaining secure Azure infrastructures, overseeing security monitoring and incident management.
Lead global Cyber Detect and Respond team at Assa Abloy, ensuring timely incident response and security compliance. Oversee operations while collaborating across IT and business functions for effective threat management.
Lead Cybersecurity Analyst responsible for technical leadership of a 24x7 SOC team at AT&T. Drive operational standards, incident response, and continuous improvement initiatives.
Security Engineer safeguarding AWS environments for Genesys Cloud mission. Handling advanced threats and collaborating with SecDev, PenTest, DevOps, and SRE teams.