Senior SOC Analyst

Senior SOC Analyst role of the world’s largest logistics company, provides Maersk with round the clock cyber security monitoring, using cutting edge security technologies, processes, and teams of experts.
Acts as the first point of call for all cyber security related issues for Maersk and its subsidiaries.
Executes the cyber operational activities of the Security Operations Centre (SOC) capabilities and supports the wider cyber team to enable effective detection, analysis, response, and recovery to cyber security incidents.
Plays a key role within the wider business incident management teams, working collectively to identify, contain and eradicate threats towards Maersk.
Provides opportunities to support L1, L2 cyber analysts on shift but also opportunities for self-development and training to the next level of leadership or technical

Responsibilities will include but not be limited to:

• Technical understanding and first-hand approach with a wide range of Cyber Security related toolsets
• Conducting key incident management activities, including creating effective incident timelines and assisting with response activities.
• Creating hypothesis for threat hunts and using the tooling to carry out those hunts
• Working within a team environment in the development, planning and coordination of new and existing aspects of the Incident Response Team, such as creating Incident Response Playbooks.
• Assist in the development of security tools including new playbooks for the SOAR tool.
• Generating requirements for the fine tuning of SIEM rules.
• Mentoring more junior analysts and acting as an escalation point for them.
• Have direct input into the Cyber Security Incident Response Team (CSIRT) process.
• In coordination with the Cyber Security team and other structures, be able to respond to the CSIRT and associated emergency preparedness procedures.
• Assisting with the Development of key relationships with Maersk Forensics, Security Operations Governance, Cyber Defence Engineering, Risk and Compliance, IT and other critical business unit areas.
• Develop, conduct, and participate in Cyber Incident Response exercises.
• Creating and maintaining a good working relationship with key vendor partners.
• Assist SOC Managers and Leaders with ad-hoc requirements such as reports and Route Cause Analysis
• Share, develop and coach L1 and L2 analysts
• Deliver exceptional quality of Incident Response and Tickets but also review and address L1 and L2 ticket quality through coaching and development of team members

The L3 SOC analyst will assist with the delivery of operational security capabilities that enable the detection of and response to security incidents.

The successful candidate will follow a rotating shift pattern, dependant on agreed rotation criteria, to monitoring alert feeds to classify events as incidents where appropriate and follow full NIST Incident Response Lifecycle.

• Protective Monitoring
• Threat & Behavioural Analytics
• Investigative Analysis
• Threat Hunting
• Incident Response
• Incident Management
• Continuous Improvement
• Project engagement

• Head of Cyber Security Operations
• Security Operations Centre Shifts Manager
• Head of Security Operations Centre
• Wider SOC team
• IT leadership
• Security System Administration
• Vulnerability Monitoring
• Cyber Threat Intelligence
• Internal Regulatory
• Data Privacy
• Compliance
• Communications Teams

• Third party vendors
• Service providers

Non-technical skills:

• Ability to manage conflicting priorities and multiple tasks in a high-pressure environment
• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel
• Stakeholder management and people skills (at both a technical and non-technical level)
• Able to work in a collaborative environment
• Outstanding critical reasoning and critical thinking skills – sticks to the problem until it is resolved
• Ability to provide rapid and concise summaries of complex situations

Technical skills:

• Expert in Incident Response, able to demonstrate hand on malware analysis, log data analysis, variety of techniques and techniques utilized by adversaries
• Broad but sufficient understanding of Threat Intelligence, Vulnerability Management, Data Privacy, Cloud, Identity, Compliance, Risk, Process, Technologies.
• Good understanding of cybersecurity standards and frameworks e.g., ISO27001, NIST, CIS, OWASP, SANS
• Qualifications within IT Security (e.g., SANS Blue Team, CISSP, GCIH, GCIA, GMON) are desirable but training also may be provided where necessary
• In-depth knowledge and understanding of how to handle and respond to security incidents as part of a specialised incident response team
• Strong working knowledge and thorough understanding of Protective Monitoring, Vulnerability Monitoring, Threat Intelligence and Threat Hunting
• Knowledge and understanding of a wide variety of security technologies and processes
• Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture

Experience:

• At least 5+ years of relevant experience in Cyber Security Operations
• Considerable experience of Incident Response
• Experience operating within a large-scale enterprise network
• Has worked in Security Operations Centre or similar environments at a senior level
• Exceptional understanding or experience in Threat Intelligence, vulnerability, and threat management
• Has thrived in fast-paced, high-pressure environments

Subject to Leader request, measures may vary and change to meet business requirements

• Building, optimising and continues participation in developing a World Class SOC
• SLA and responsiveness
• % of security events investigated
• % of security incidents resolved in SOC team
• Quality of delivery for all Technical and non-technical requirements
• Enhance operational and technical capabilities
• Professionalism, communication, punctuation
• Technical learning and development
• Policy, Standards, Procedures
• 360 Degree feedback from colleagues
• Achievement of agreed business objects and personal objectives.
• Sharing knowledge and developing L1 and L2 analysts
• Delivery against roadmap milestones and Continues Improvement tasks

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law.
We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing [email protected].