graduate job

Cyber Security Analyst

Job description

About the team
The Softcat SIEM team provides our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to help our customers understand the many types of security threats targeting their infrastructure and to offer expert advice on how to mitigate these threats in real-time. At Softcat we understand that every customer is different and within our SIEM Managed Service team we provide threat hunting that is specifically tailored to each individual client’s unique environment. The work is fast moving and ever-changing, just like the threats themselves and no two days are alike.

Your role
You will support security threat monitoring, detection, event analysis and incident reporting within our 24/7 Security Operations Centre environment. Working on a shift rota, you will monitor customer networks and systems, detect events, analyse alarms and report on threats, resolving or escalating as required. The role requires analysing events to distinguish those that qualify as a legitimate security incident as opposed to non-incidents or false positives. You will be expected to collaborate with customers and the Softcat team to develop metrics based on current awareness and threat monitoring.

What you’ll be doing

  • Monitor our SIEM Management tool for suspicious events, anomalous activity and triage these events for criticality
  • Validate suspicious events and incidents by using open-source and proprietary intelligence sources
  • Document and manage incident cases in our ticket handling system
  • Support Development, building and implementing use cases within the SIEM Management tool as well as developing and delivering reports/visibility to customers in line with service definitions
  • Report incidents to customers in line with service definitions, and where appropriate provide guidance on corrective actions
  • Maintain high levels of incident ownership through the incident lifecycle to a satisfactory customer resolution
  • Working with and supporting our security engineering team with deploying, troubleshooting and managing the security platform for multiple customers

What we are looking for

  • Previous experience in a technical or security role. Those working in a SOC and/or security incident response would be advantageous
  • You’ll be able to effectively multi-task, prioritize work, and handle competing interests
  • Strong communication skills both written and oral with ability to articulate technical information to a non-technical audience
  • Ability to dynamically assess risks, threats and threat actors for new and existing customers
  • The experience with analysing information technology logs and events sources would be advantageous
  • Ability to dynamically assess risks, threats and threat actors for new and existing customers
  • Possess a working knowledge of network communications, routing protocols, common internet applications and standards would be advantageous
  • Hands-on experience with SIEM platforms, such as Alien Vault, Security Analytics, Splunk, or ArcSight, Firewalls, Intrusion Detection/Prevention Systems, Proxies, Web Applications, and/or Penetration Testing would be advantageous

Nice to have

  • Experience of service management environment
  • Relevant Security industry certifications
  • Scripting capability
  • ITIL V3 Foundation training / certification

Accepted degree subjects


Additional job details


plus excellent benefits

How to apply

Click Apply to start your application now. This job will be available on Prospects until 31 July 2020

Don't forget to mention Prospects to employers when you contact them.

Closing date:  Continuous recruitment

To stay safe in your job search we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organisation working to combat job scams. Visit the SAFERjobs website for information on common scams and to get free, expert advice for a safer job search.