Overview
The L3 SOC Engineer will be a key player in a financial services organization's Cyber Security team, focusing on complex security incidents and enhancing detection capabilities. This hybrid position offers the chance to work in a mature Security Operations Center, collaborating with security and infrastructure teams to strengthen the organization's cyber defense. The role requires regular attendance at the London office while providing technical expertise in security operations.
Responsibilities
- Act as the primary technical escalation point for high-priority security incidents and investigations.
- Lead the triage, investigation, and response to complex cyber security incidents.
- Develop, maintain, and optimise detection rules and use cases within Google Chronicle SIEM.
- Tune security alerts to reduce false positives and improve detection effectiveness.
- Manage and administer key cyber security technologies across the SOC estate.
- Support continuous improvements to monitoring, threat detection, and incident response processes.
- Collaborate closely with wider security and infrastructure teams to enhance the organisation's cyber defence capability.
Requirements
- Proven experience as an L3 SOC Analyst or Senior SOC Analyst.
- Strong hands-on experience with Google Chronicle SIEM and detection engineering.
- Experience in creating and tuning detection rules and security use cases.
- Solid knowledge of incident response, threat hunting, and security operations.
- Experience administering Microsoft Defender, CrowdStrike EDR, Google Chronicle, Google SecOps, Palo Alto Panorama Firewalls, and Proofpoint.
- Excellent analytical and troubleshooting skills to investigate complex security threats.
- Previous experience in the Financial Services sector, with insurance experience considered a strong advantage.
- Strong stakeholder management and communication skills in a fast-paced SOC environment.