JOB PURPOSE
This position will assist the SecOps Tech Lead and Head of Security Operations in enhancing the SOC & SOAR operations within Kocho. The Security Analyst will collaborate closely with other teams to build services and solutions that align with security best practices and client assurance requirements. This includes, but is not limited to, the use of Microsoft Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, and all other MS Security Stacks. The primary responsibility of the Security Analyst role is to carry out operational SOC and SOAR activities as directed by the SecOps Tech Lead and Head of Security Operations. This includes monitoring and responding to incidents and alerts
within Microsoft Sentinel.
The successful candidate will leverage their KQL knowledge for threat hunting, effectively closing down incidents with comprehensive documentation. Furthermore, they will contribute to the efficient day-to-day operations of the SOC, focusing on personnel, processes, and technology. With a solid foundation in IT Administration and understanding of common corporate technologies, they will ensure all client SLAs are met, maintaining consistently high client satisfaction scores.
You will be required to, work with members of the Security Operations Team to ensure all SOC & SOAR operational tasks
are completed on time and work tickets updated / closed with satisfactory technical details included, and where appropriate escalate suspicious / malicious events to senior team members and Kocho or client incident response personnel in order to identify, contain and remediate active threats. You will also be required to develop and update operational documentation, as necessary. Security Analysts will be comfortable engaging at both technical and non-technical levels, contributing as required in technical workshops and client briefings / service reviews. You will be working in an incredibly passionate environment, with great people in which you can actively contribute to develop and deliver our SOC & SOAR capability.
KEY RESPONSIBILITIES OF THE ROLE
Strategy and Leadership:
- This is not a leadership role though you will be expected to mentor and support Junior Colleagues.
Technical Specialism:
- Advanced knowledge and experience with Microsoft Sentinel, Microsoft Defender for Endpoint, and Microsoft Defender
for CloudFamiliarity with other Microsoft Security Stacks and a broad understanding of common corporate technologies.
- Proficient in using KQL (Kusto Query Language) for threat hunting and other security-related investigations.
- Experience in IT administration, preferably within a Security Operations Center (SOC) environment.
- Experience in incident response and handling, including detailed incident reporting and documentation.
- Ability to analyze complex data and security logs to identify cyber security threats.Ability to communicate in
both technical and non-technical terms, tailoring approach to the audience.
- Self-motivated learner of technologies and methodologies to support best practice.
- Actively contributing to knowledge sharing across the business.
Security Operations:
- Act as an operational point of contact during significant cyber security events
- Assist in the support of major incident handling within the SOC, and where applicable for clients
- Provide support and guidance regarding monitoring activities
- Provide “hands on” resource, working to ensure Kocho objectives and client SLA targets are achieved.
- Provide input and support for stakeholder communication.
- Assist and support the implementation of security controls, threat protection etc for both Kocho and it’s clients
- Assist and support the building and maintenance of security tools and applications e.g., MS Sentinel, MS Defender for Endpoint, and the other elements of the Defender suite
- Support other Security Analysts and clients on rules/policies/filters/use cases and SOC tooling.
- Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned” following incident investigation (cause and affect).
- Assist in the review of incident closures, post incident reports and act upon improvements identified
- Undertake Threat Hunting, to include the development of queries to support improvements to the identification of undetected threats on client estates.
- Contribute to team development through knowledge sharing, briefing and production of guides, incident scenarios and playbooks.
- Show flexibility in developing knowledge of supporting areas and performing their responsibilities during times of operational need.
- Maintain currency in relation to security concepts, tools and best practices
- Willingness to work shifts (including unsociable hours and bank holidays) as part of 24x7 team working.
Business Operations:
- Ability to work effectively with internal systems such as Kimble, Teams, SharePoint and Office 365.
- Effective personal resource and time management with a commercial approach to work.
- Working remotely, or on site
Delivery and KPIs:
- Contribute to the full lifecycle of client solutions and service offerings, from proposition through to delivery and support and maintenance
- Communicate technical solutions in a clear, and concise approach for a variety of audiences from both a technical and business background.
- Contribute to well written and professional documentation, performance, and client reports.
- Assist the SecOps lead and Head of Security Operations in development of new service offerings, procedures, techniques, and policies.
- Assist in the recruitment, training, and development of the security operations team.
- Promoting and practicing high quality outcomes across all aspects of work.
SKILLS AND EXPERIENCE
Essential
- Demonstrable experience of operating within a security operations function.
- Strong IT Security knowledge, understanding the balance of business objectives and information security.
- Experience with or understanding IT Infrastructure - Windows / Linux Servers, Firewalls etc
- A technical understanding of the security components and their impact.
- Experience with or understanding of Microsoft’s security stack, technologies - Microsoft Sentinel, Microsoft
Defender suite etc
- Good working knowledge of multiple SOC tooling including SIEM / SOAR
- Good understanding of network methodologies and OSI Model layers.
- Good understanding of network technologies, Routers, Switches, Firewalls, ID/IPS, WAF & Proxy’s etc.
- Experience of working at technical levels within a Security Operations service.
- Demonstrable ability to troubleshoot and fault find technical issues.
- Good communication and report writing skills.
- Knowledge of Backup and Disaster Recovery methodologies.
Desirable
- Experience in supporting and assisting a Senior Incident Responder.
Education & qualifications
- ITIL V3
- CompTIA Security (or equivalent)
- CompTIA Network (or equivalent)
- SC-200, SC-300, SC-400
- Blue Team Level 1 / 2
PERSON SPECIFICATION
Attribute Expectations
Passion Demonstrate a passion for the business focus and technologies.
Promote the company’s vision and values.
Support innovative solutions.
Expertise Ability to demonstrate a high level of quality, expertise and competence within subject area.
Drive for results, creative problem-solving, the ability to plan, organise and make effective decisions.
A commercial view of the business, ability to see the bigger picture.
Methodologies Ability to follow systems, processes, procedures, supporting best practice.
An agile way of working.
Communication Respectful of opinions of our stakeholders, partners, colleagues and clients.
Doing the right thing and acting in the interests of the wider group.
Relationships Key internal stakeholders – Service desk, architecture and consultants.
Key external stakeholders – Microsoft, clients and any other partners.
Ability to work well as a team and individual.
Leadership If applicable, attributes of a good manager/ coach/ leader.
Ability to listen and learn from leadership
Adaptability Managing or adapting to change, pace, strategic direction
Awareness and empathy to the impact on people
At Kocho, we prioritize transformation and diversity by integrating employment equity goals into our recruitment process. We are committed to fostering a diverse and inclusive workplace, reflecting individuals from all demographics and supporting individuals with disabilities.