L1 SOC Analyst

The ideal candidate is someone currently operating at a Tier 2. Training will also be provided in the solutions that you will be interacting with, however experience within Detect and Response operations within a SOC environment would be essential. Eligible for SC Clearance is necessary for this role. High Level Overview: You will be there to support the L1’s when they escalate true positives and be able to offer confidence in your triage, investigation, escalation and remediation. This is an essential part of our growth as we have already moved to a 24/7 SOC. There will be support available from the on-call supervisor, however we would need you to be confident in identifying the above. Responsibilities. Monitor and analyse traffic and events/alerts and advise on remediation actions. Investigate intrusion attempts and perform in-depth analysis of the attempt by correlating various sources and determining which system or data set is affected. Carry out Incident Response actions upon client infrastructure to mitigate and contain verified incidents or intrusion attempts. Follow standard operating procedures for detecting, classifying, and reporting incidents. Demonstrate security expertise to support timely and effective decision making of when to declare an incident. Conduct proactive threat research, with the goal to ingest additional IoC’s or create detection rules based off threat actor TTP’s. Create detection rules off the emerging threat landscape and new techniques used. Analyse a variety of network and host-based security appliance logs (Windows Security Events, Sysmon, Firewalls, NIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident, or how to effectively tune out false positives without hindering the effectiveness of the ruleset. Create playbooks and workbooks within the Azure Sentinel Solution Track trends and configure systems as required to reduce false positives from true events. Document all activities during an incident in order to ensure that the report and updates escalated to a client provides all necessary information, whilst also offering effective remediation actions and any reference material required. Escalate information regarding intrusion events, security incidents, and other threat indications and warning information to the client in a readable manner. Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions Create monthly Managed Detect and Respond (MDR) reports for clients Create articles for publication based off CTI investigations that have been undertaken Modify use cases and manage tuning for multiple clients Provide a daily shift change report Essential Experience Required Experience with SIEM & EDR solutions (Azure Sentinel/AlienVault/Carbon Black/Defender for Endpoint), specifically with investigations and remediation actions. Organizational skills and time management/prioritization. Pro-active in maintaining their workload. Comfortable working against deadlines in a fast-paced environment. Solid foundation of core Information Security aspects (General Investigation process, overview knowledge of surrounding technologies and frameworks to improve an organisations security posture, pain points faced within the industry). Prior SOC experience. Qualifications: Any industry recognized certifications are highly desirable, however we are very big on training and offer a generous training package. 

*Unfortunately we're unable to offer sponsorship of this opportunity, you will need to be eligible for SC clearance* Trident Search have exclusively partnered with a award winning MSSP who have seen great growth over the last 24 months. They are now one of the largest consultancies that offer offensive and defensive security services. You'll work fully remote as a L1 SOC Analyst – this isn’t your typical L1 where you act as a “ticket monkey”. You will be fully emerged in the investigation, and you’ll work with your seniors through to remediation. This is a 24/7 SOC and you'll work 4 on 4 off, days and nights: 7am-7pm, 7pm-7am. Responsibilities • Continuous monitoring of MS tooling: Sentinel and Defender included. You will also get access to Darktrace, Crowdstrike and a bit of Elastic • Proactive threat hunting, utilizing KQL • Risk remediation and mitigation through technical controls within the stack mentioned above • Proactive security assessments - Phishing campaigns, SSO, etc.. Experience: • We’re looking for a minimum of 6-12 months experience as a SOC analyst • Sentinel experience is mandatory, if you can bring experience across Defender, Crowdstrike and Darktrace – that’d be a huge bonus. • Basic KQL query ability – greedy searches, filtering etc. • Experience of deploying, managing, and supporting of endpoint security platforms • Ability to standardize processes for efficiency and productivity, leveraging automation where applicable/possible Bonus: • Industry certs SC100, SC200 etc. • Powershell experience Please reach out to Gareth Davies @ Trident Search

We are exclusively partnering with a company that is integral to the UK CNI. Our client has received significant funding from the government and are looking to grow their existing team by 200% by the end of 2026. Your role will report directly in to the SOC Manager, and you will have a significant influence on how the SOC is built and run. The vision for this position is to be the lead escalation point for all incidents and that you lead the IR team too. Location: West Sussex On Site Requirement: 5 days during probation, 2-3 days there after Salary: £75,000 + 7.5% bonus + 10% pension contribution Responsibilities You will lead on all high-severity cyber incident. This will be from initial triage, expediate a containment, eradication and recovery strategy to minimise business impact Contribute to the continuous improvement or IR playbooks Produce new workflows for automation using SOAR tools Advanced Threat Hunting: Hypothesis and IoC based hunting. Aid the SOC Manager in developing and creating SOC policies Guide L1 and L2, providing guidance and training Engage with c-suite level stakeholders across a number of different sections of the business and be able to articulate security lingo to non-technical folks. Be comfortable delivering presentations to articulate technical cyber concepts Collaborate with internal and 3rd party providers, suppliers and partners Skills and Experiences The most important thing is that you have evidence of advanced threat hunting and IR. This will include leading on P1 IR engagements either as a L2 or L3. SOC related certifications are a bonus: SANS GIAC/GCIH/GCIA etc. Knowledge of adversarial TTPs and frameworks Experience with: Darktrace, Microsoft Defender and Microsoft Sentinel experience an advantage. Advantageous: Ran tabletop exercises & have experience with security architecture If you're excited about the opportunity to contribute towards the safety of UK CNI, please reach out to Gareth Davies @ Trident Search

Trident Search have exclusively partnered with one of the strongest security teams in the UK to bring in a L3 analyst to their team. They are integral to the UK CNI and are a household name. You will investigate and validate threats through data analysis, using a wide range of security tolls and defense products. A stand out candidate might come from a malware/threat hunting strong environment, or might have a keen interest in the field. Job Title: L3 SOC Analyst Location: 4 days on site per MONTH in Berkshire / Central London Hours: 09:00-17:30 Key Responsibilities: Lead the resolution of escalated security incidents such as sophisticated malware, APTs, and complex intrusions. Use expert-level forensic analysis and threat hunting techniques to contain and recover from incidents. Drive security event analysis to address emerging cyber threats and ensure comprehensive post-incident analysis.. Fine-tune SIEM configurations to filter false positives, detect advanced threats, and optimize alerting. Refine SOAR playbooks to automate response actions and improve incident response efficiency. Act as an escalation point for junior analysts, offering guidance and promoting knowledge sharing within the team. Contribute to threat response activities and collaborate with blue team efforts to identify threat group activities. Skills and Experience Proven SOC analyst experience (Level 2 or above) with extensive hands-on experience in security event analysis and incident response. If you have a passion for malware or come from a DFIR background, that would be advantageous. Strong understanding of networking protocols Expertise in Windows/Linux o/s and a variety of security technologies Familiarity with SOAR technologies Experience with security frameworks such as MITRE, Cyber Kill Chain, and APT strategies. Knowledge of cloud platforms (Azure, AWS, Google Cloud) and cloud security best practices. If you're seeking a opportunity where you'll be working with one of the strongest security teams in the UK, please reach out to Gareth Davies @ Trident Search.