Nomios' mission is to build a ‘secure and connected’ future. Organisations across the globe depend on us to help secure and connect their digital infrastructures. 

In support of our continued growth, we are seeking a Senior SOC Analystto join our Security Operations team based in the UK. This is a fantastic opportunity to work with a broad and diverse set of customers who have entrusted Nomios to deliver their security operations.  

As a Senior SOC Analyst, you will be at the forefront of monitoring, investigating, and securing our customers' estates through state-of-the-art tooling. This role would suit an experienced SOC Analyst looking to take the next step in their career or a current Senior Security Analyst looking for their next challenge!

Your role as Senior Security Operations Centre (SOC) Analyst

You will play a pivotal role within the Nomios SOC. Working closely with our analysts and SOC Operations Management, you will have day-to-day responsibility for responding to incidents, ensuring either their swift resolution or escalation if required and helping to maintain and improve best practice and operational efficiency in everything we do.

You will be supported in your role with extensive training both in soft skills and technical, this will be enabled through exposure to innovative technologies and toolsets alongside dedicated Cyber-Ranges and environments, enabling your skills to always develop.

Key Responsibilities

Build

• Drive the development and tuning of security monitoring and detection toolsets, post creation, champion and lead testing and implementation strategies alongside our SOC engineering function to ensure high fidelity rulesets are continually implemented across our customers estates. 

• Aid in the creation, maintenance and updating of internal and external SOC processes and procedures.

Investigate

• Monitor security alerts and incidents using a wide range of security tools and technologies      

• Produce regular reports and updates on customers security posture.

• Conduct identification, analysis, and qualification of security alerts, escalating internally to Tier 3 and externally to customers where required.

• Effectively follow internal SOC procedures and runbooks for incident investigation.

• Aid in conducting Threat Hunting activities as directed.

• Review Vulnerability Management reports and provide analyst insight.

• Aid in the collation, review and implementation of real-time threat intelligence alongside our SOC engineering function to augment newly created rulesets and actionable insights for customers.

Improve

• Participate in SOC improvement projects (tooling, process, increase in SOC coverage)

• Participate in delivering investigation reports, including continual improvement steps to both internal and external stakeholders.

• Stay current with the latest cybersecurity trends, threats, and upcoming technologies.

• Champion and lead internal SOC Cyber-Ranges and Wargaming activities as directed by the SOC operations management team.

We hire smart, high-energy people! You should be organised and rigorous, with excellent analytical skills.

Excellent communication with internal and external stakeholders is vital, as is the ability to work as part of a dynamic team in an agile approach.

Required technical skills include:

Excellent Knowledgeof SIEMs – Focused on day-to-day utilisation with experience in handling critical and high severity incidents from initial detection to resolution, including the general navigation/engineering and creation of rulesets & dashboards aligned to the MITRE ATT&CK framework.

• Preferred vendors: Microsoft Sentinel, Google Chronicle (SecOps), Elastic

Excellent Knowledgeof EDR/XDR – including incident investigation at a priority 1 and 2 severity and general day-to-day usage alongside best-practice configurations for common toolsets.

• Preferred vendors: CrowdStrike, Microsoft, Palo Alto, SentinelOne

Good Knowledgeof incident response, aligned to MITRE ATT&CK with a good knowledge of common tactics, tools and techniques attackers utilise in the wild.

Good Knowledgeof VM – including analysis, classification and prioritisation to create tangible and actionable insights.

• Preferred Solutions: Rapid 7, Tenable, Vulcan

Good Knowledgeof CTI – Including its utilisation within a SOC environment.

• Preferred Solutions: Open CTI, MISP, The Thive, Recorded Future

Highly Desirable

• Highly capable and fluent in at least one query language (YARA-L, KQL)

• Exposure to threat actor Tactics, Techniques, and Procedures (TTPs), either in a professional setting or through practical training platforms such as Blue Team Labs, HackTheBox or TryHackMe.

• Hands-on experience with penetration testing, red teaming, or purple teaming engagements, including Breach and Attack Simulation (BAS) and their utilisation in testing defensive detection rulesets and technologies.

• Possession of practical offensive cybersecurity certifications such as Offensive Security Certified Professional (OSCP).

• Possession of practical defensive cybersecurity certifications such as Blue Team Level 2 (BTL2).

Additional Requirements Include

• 3+ years’ experience working within a Security Operations Centre (SOC) or a strong and diverse background within Infrastructure and Networking (5 + years) orientated towards Cyber Security.

• Experience in ticket handling toolsets (Service Now, Salesforce, JIRA) aligned to ITIL best practices.

• Fluent in English with excellent written and oral communication skills.

• Eligible for SC or DV clearance preferred.

• Ability to use initiative and work independently.

• Strong team player.

Job Specifics

• This is a hybrid role, requiring attendance at our Basingstoke office currently set at a maximum of 2 days a month where activities and internal workshops are conducted (free hot & cold drinks, breakfast items, snacks, lunches, and regular takeaway Fridays are provided to all staff in the office!).

• This role will have an on-call requirement of 1 week in every month, consisting of 7 days.

• Hours are full-time: Monday-Friday, 9:00am-5:30pm.

Why would you choose to come and work with us?

You will get to work in a dynamic, fast-paced environment where you are free to use your initiative in support of our strategic goals, working alongside high calibre sales, technical, and operational experts. We are a supportive, tight-knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary, rewarding success, along with industry-leading benefits.

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex, and sexual orientation.