Principal SOC Analyst

About Ekco 

🚀 Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!  

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients’ existing technology investments.  

☁️ In a few words, we take businesses to the cloud and back!  

🌍 We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.  

About The Role

• Conducting expert-level analysis and investigation of security incidents across various security toolsets, such as SIEM/EDR/VM etc
• Acting as a senior resource for the SOC team, handling customer escalations & investigating incidents.
• Providing expert guidance and mentoring to SOC team members and contribute to the continuous development of SOC team skillsets.
• Establishing detailed operational processes and procedures for analysing, escalating, and supporting the remediation of critical security issues.
• Performing Advanced event and incident trend analysis in SOC security tooling, and contribute to improving the efficacy of the SOC through rule tuning.
• Collaborating with our CTI function to understand the shifting Cyber Threat landscape, using threat intelligence to conduct advanced Threat Hunting queries across our tooling.
• Collaborating with our SOC Engineering department to develop detection rules based on the latest attacker TTP’s.
• Fostering a culture of continuous improvement and provide guidance to SOC stakeholders to mature existing processes & procedures.
• Developing & document playbooks to contain and eradicate threats within customer environments, using the MITRE ATT&CK Framework.
• Acting as a senior investigator for Incident Response scenarios when required.
• Providing On-Call out-of-hours escalation support for the SOC.
• Performing other duties as assigned by SOC Leadership

About You

• 5+ years experience working in a SOC environment.
• Practical working knowledge in the following areas:
  • Incident response, SIEM
  • Unix, Linux, Windows, etc. operating systems
  • Exploits, vulnerabilities, network attacks
  • Packet analysis tools (tcpdump, Wireshark, ngrep, etc.)
  • Digital Forensic Investigations
• Prior work experience creating, modifying and tuning rules in SIEM & EDR platforms.
• Keep abreast with the latest Cyber Security Trends and Threat Intelligence resources.
• Provide expert-level countermeasures for Cyber Security vulnerabilities, exploits and other malicious activity.
• Effective communication, teamwork and time management skills
• Provide expert-level incident reporting for customers when required.
• The ability to adjust and adapt to changing priorities in a dynamic environment
• A pro-active approach to addressing issues and requests and the ability to multitask
• The ability to learn new technologies and concepts quickly
• Great organisational skills and attention to detail

Bonus points if you have:

• Prior work experience working with IBM QRadar, Carbon Black, SentinelOne, Rapid7 InsightIDR & Microsoft Sentinel
• Prior work experience working with SOAR, and the development of automation workflows
• Vulnerability Management Experience
• Offensive Security Experience
• Vendor specific certifications – GCIH, GCIA, GCFA etc.
• Practical working knowledge in the following areas:
  • Digital Forensics
  • Memory Forensics
  • Mobile Forensics
  • eDiscovery

Benefits/Perks 

• ☀️ Time off - 25 days leave + public holidays  
• 🎂 x1 day Birthday leave per year  
• 💰 Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice  
• 📞 Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice  
• 🏃‍♀️ EkcOlympics - a global activity for fun!  
• 📚 Learning & development - Unlimited access to Udemy learning platform  

• 🌱 A lot of responsibilities & opportunities to grow (also internationally)  

Why Ekco 

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the year  
• 🚀 VMware & Veeam top partner status  
• 🏅 Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards  
• 🌈Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging  
• 🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression  
• ✨ Flexible working with a family friendly focus are at the core of our company values