Cyber Security Analyst

About the team The Softcat SIEM team provides our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to help our customers understand the many types of security threats targeting their infrastructure and to offer expert advice on how to mitigate these threats in real-time. At Softcat we understand that every customer is different and within our SIEM Managed Service team we provide threat hunting that is specifically tailored to each individual client’s unique environment. The work is fast moving and ever-changing, just like the threats themselves and no two days are alike. Your role You will support security threat monitoring, detection, event analysis and incident reporting within our 24/7 Security Operations Centre environment. Working on a shift rota, you will monitor customer networks and systems, detect events, analyse alarms and report on threats, resolving or escalating as required. The role requires analysing events to distinguish those that qualify as a legitimate security incident as opposed to non-incidents or false positives. You will be expected to collaborate with customers and the Softcat team to develop metrics based on current awareness and threat monitoring. What you’ll be doing - Monitor our SIEM Management tool for suspicious events, anomalous activity and triage these events for criticality - Validate suspicious events and incidents by using open-source and proprietary intelligence sources - Document and manage incident cases in our ticket handling system - Support Development, building and implementing use cases within the SIEM Management tool as well as developing and delivering reports/visibility to customers in line with service definitions - Report incidents to customers in line with service definitions, and where appropriate provide guidance on corrective actions - Maintain high levels of incident ownership through the incident lifecycle to a satisfactory customer resolution - Working with and supporting our security engineering team with deploying, troubleshooting and managing the security platform for multiple customers