Security Operations Engineer

Work From Home (24/7 Operation of the SOC and supports Technical Investigation to the DFIR teams), We're seeking an experienced SecOps Engineer to join our wider Security Operations Team. In this role you will support, enhance and operate our monitoring and incident response capabilities. You will initially be required to work unsociable hours, including nights, weekends, and public/religious holidays, depending on your rota. Experience in Digital Forensics and/or Incident Response is essential. A look into the role As a SecOps Engineer within our Security Operations Team, you will be responsible for frontline monitoring, analysis and investigation across client environments, as well as supporting our Digital Forensics and Incident Response (DFIR) teams during active cyber breaches. Monitoring and Triage: Continuously monitor security alerts and events from various sources to detect potential security incidents. Promptly action assigned cases on our case management system by priority.

• Alert Analysis:

Review, analyse, and classify incoming security alerts based on predefined criteria to assess severity and validity. Also, Identify and raise opportunities for detection tuning and development to reduce the number of false positives.

• Incident Response & SecOps Investigation:

Support and deliver alongside the core Incident Response team, in order to provide key investigative deliverables that form a critical part of the response framework. This includes, root cause analysis, data exfiltration detection and analysis, threat activity analysis among other duties. It is essential that comprehensive, detailed notes and resultant findings are recorded for use in reports and communications with high-profile clients. In addition to this, within the SecOps Centre, it will be required to investigate alerts that have resulted in the escalation to an incident needing further, in-depth investigation, ensuring accurate documentation and comprehensive data collection. Create / maintain detailed records of triage performed, and the response actions taken.

• Incident Handling:

Handle basic escalations but be able to escalate when major incidents are identified. Provide support when requested during an incident has been declared. Liaise with internal / external stakeholders, clients during incidents.

• Threat Hunting:

Support the delivery of Threat Hunting across the client environments by contributing to the planning, execution and post activity reporting of proactive adversary hunt for malicious activity using myriad log sources, network- and host-based tools, and threat intelligence to identify the threat actors and their tools and techniques.

• Detection Development & Validation:

Identify potential issues / subsequent improvements with existing detection (e.g., false positives, noise, false negative). Support the analysis of potential or actual intrusions identified because of monitoring activities. Create detections based on available data (e.g., Indicators of Compromise [IOC] and Tools Tactics Procedures [TTP]). Identify and raise opportunities for automation or similar, to improve efficiency and effectiveness of the SOC. Knowing you're right for us.

Do you have experience in Scripting?, Joining us as an experienced SecOps Engineer, the minimum criteria you'll need is previous demonstrable experience of working in a SecOps environment. You should also be able to demonstrate the following during the interview process: Technical Skills

• Triaging alerts generated by various security technologies such as EDR, SIEMs, network and application firewalls, host intrusion prevention and email security tools.
• Knowledge and experience of responding to incidents requiring IR support.
• A detailed understanding of the core subject area, including knowledge of computer networks, operating systems, software, hardware, and security.
• Active and continued development of forensics and investigative knowledge.
• Knowledge of using digital forensic and malware analysis tools, whether that be commercial products or open source.
• Knowledge and experience with Mitre Att&ck Framework.
• Familiar with Case management tooling.
• It is desirable to have some prior experience leveraging common scripting languages (PowerShell, Python, KQL) to parse logs, create detection logic and automate repeatable tasks.
• It is desirable to have completion and certification in: SANS500, SANS504, SANS508, SANS572, or equivalent skills.

Soft Skills

• Communication: Clear and confident communicator with strong written and verbal skills, particularly in high-pressure scenarios. Able to translate technical details to non-technical audiences, including clients, vendors and senior stakeholders.
• Analytical Thinking: Ability to analyse complex data sets, identify patterns and make evidence-based decisions.
• Problem-Solving: Strong troubleshooting skills and the ability to develop solutions quickly and effectively during active incidents.
• Teamwork & Collaboration: Comfortable working closely with SOC, DFIR and other internal teams. Collaboration is essential during incident response.
• Adaptability: Able to embrace and manage change effectively, continuously developing skills to meet the demands of an evolving threat landscape.
• Time Management: Able to prioritise effectively while managing multiple tasks and ensuring SLAs, KPIs and client deadlines are met.
• Attention to Detail: Capable of identifying subtle anomalies in data that may indicate malicious activity, while maintaining high-quality, accurate case notes.

At Grant Thornton we do things differently - looking to the future, driving ambitious growth and pioneering positive change in our industry. Providing audit, tax and advisory services, we empower clients through strategic insight, curiosity, and genuine partnership. And we empower our people with real opportunity, an inclusive culture and work life balance. A true alternative. With over 5,000 people in the UK, and a presence in 150 global markets, we're on an ambitious journey, from great to exceptional, and we need the best people to help us achieve our potential. And with that comes the opportunity to help redefine what our industry looks like, and what you want from your career., The Grant Thornton Cyber Defence Centre is an award-winning MSSP operating at the forefront of Cyber Security, utilising industry-leading technologies to protect and support our clients. Alongside our SOC capability, we have cutting-edge Incident Response teams delivering rapid cyber breach investigations for clients through insurance panels and direct engagements, supporting organisations at their most critical moments. We invest heavily in our people, offering clear progression opportunities and encouraging initiative within a collaborative, cross-functional environment with a strong team ethos. Support is always available across the SOC, DFIR and wider Cyber teams., * Embracing uniqueness, the culture at Grant Thornton thrives on the contributions of all our people, we never settle for what is easy, we look beyond to deliver the right thing, for everyone. Building an inclusive culture, where we value difference and respect our colleagues helps our people to perform at the best of their ability and realise their potential. * Our open and accessible culture means you'll interact with leaders who are interested in you and everything you bring to our firm. The things that set you apart, we value them. That's why we give you the freedom to bring your whole self to work and pursue your passions inside and outside of work. Beyond the job * Life is more than work. The things you do, and the people you're with outside of work matter, that's why we're happy to look at flexible working options for all our roles, and we'll always do our best to keep your work and life in balance. * The impact you can make here will go far beyond your day job. From secondments, to fundraising for local charities, or investing in entrepreneurs in the developing world, you'll be giving back to society. It's that drive to do the right thing that runs through our every move, grounded in our firm's values - purposefully driven, actively curious and candid but kind. * We're looking for people who want to contribute, spark fresh ideas and go beyond expectations. People who want to be able to proudly do what's right, for the firm, our clients, our people and themselves. It's how it should be.   You must create an Indeed account before continuing to the company website to apply