Principal Duties/Responsibilities

Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine whether further investigation is required.Level 1 Analyst will be responsible in confirming that the incident is in fact a true positive requiring an investigation and potentially remediation or mitigation then escalate incidents according to the defined process.Triage alerts, security incidents and seeking out potential security issues through log analysis, and use of tools such as SIEM, UEBA, EDR, etc. Ensure timely response to any cyber incident to minimize risk exposure and production down time, including interacting with different technical teams and business areas where needed.Determine the type of support required, coordinate with the respective team or POC. Attend handover calls to support L2 in communicating handover to next shift. Recommend alert for tuning to minimize false positives. Recommend or assist L2s/L3s with creation or update of KBs, processes and runbooks.

What you will need:

You will be working as part of a 24/7 SOC across different locations and therefore you must be a true team player, with the ability and desire to engage with different internal stakeholders and colleagues to deliver the very highest standards of service and support. 2 - 3 Years’ Experience working as part of a mature cyber defence centre or security operations centre. To be effective, you need to have great troubleshooting skills, the ability to research problems and the ability to effectively communicate during stressful times, while keeping a cool, calm, and friendly approach when dealing with stakeholders and colleagues. Solid time management skills and be dependable. Hands on experience of using a SIEM, UEBA, and EDR as a Level 1 security analyst. Leading Investigations and comfortable talking to stakeholders and colleagues on both a technical and non-technical level. Great verbal and written communication skills, and the ability to write reports in a structured methodology. BSc/MSc in a security field or equivalent experience working within a security related function. To be inquisitive, with a strong sense of personal responsibility for learning and self-development.Being able to identify common attack techniques within the context of specific technologies. Working knowledge of networking protocols/technologies (e.g. TCP, IP, HTTP/HTTPS).

Beneficial: 

Any relevant security certifications (CompTIA Security+, GIAC GSEC (SANS 408), CEH, or industry recognized equivalent). Any relevant network certifications (Network +, CCNA, etc.). Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection). Exposure to attack and penetration methods and tools. Working knowledge of scripts, tools, or methodologies to enhance our incident investigation and processes (such as Python, PowerShell, etc.).
 

WTW is an Equal Opportunity Employer