Senior SOC Analyst- Cyber Threat Analysis Center

at  DXC Technology

JOB DESCRIPTION:

The main goal of a Senior Analyst within the CTAC is to proactively identify cyber threats affecting DXC and its customers. The Senior Analyst will be responsible for providing technical support to the Tier 1 and Tier 2 analysts.
They will have experience in working closely with junior analysts, management and customers. They will be able to assist in the creation and delivery of multiple technology solutions designed to support each customers needs and requirements.
They will be using both industry standard technology, OSINT and previous experience to help foster an environment of trust and respect between the SOC and its customers. Further, they will participate in the continued development of the required infrastructure to maintain these services.
A strong familiarity with the principles of network and endpoint security, current threat landscape, and attack trends is required. The Senior Analyst is accountable for consistent results and ensuring that all events that are fed into the SOC tooling are investigated, triaged, communicated and rectified within tight time constraints.

Responsibilities:

• Analyse and correlate results from various technology platforms. This entails investigating and assessing the impact of security events resulting from hits on indicators of compromise (IOCs), indicators of attack (IOA), or behavioural patterns (TTP’s - Tactics, Techniques, and Procedures) derived from bespoke queries within available technology platforms
• Understand a broad spectrum of the DXC’s technologies to deliver part of a Cyber Defence security service, which meets both DXC’s and their customers’ requirements
• Assist in the development of innovative ways to detect threats and anomalous behaviour leveraging logs and/or functionality within available technology platforms
• Develop an understanding of security event analysis from a range of data sources including network traffic attributes, host and network-based attributes (to identify security incidents)
• Delivery of assigned tasks within the delivery cycle as determined by customer or management.
• Drive and participate in proactive hunting campaigns to proactively identify potential security gaps and emerging threats across customer environments
• Lead technical deep-dive investigations of complex security incidents and create comprehensive post-incident analysis reports with actionable recommendations
• Follow procedures to communicate, report, and escalate incidents to appropriate DXC operational management units, technical leads, and/or engineering specialists
• Participate as part of a team, maintaining good relationships with team members, DXC colleagues and DXC customers
• Understand the company strategy and values, and the role that the individual plays Tier 3 Analyst Roles and Responsiblilties DXC Public 2
• Use the available knowledge and training tools and platforms to maintain and improve current skill level for the benefit of assigned projects, and professional development
• Make use of experience and tools to mentor more junior analysts to enhance individual growth for the CTAC
• Use and contribute appropriately to technical forums within the company environment and local professional communities and technical user groups
• Able to travel to DXC sites as per contract
• Participation in an on-call rota Knowledge and Skills
• Excellent knowledge of basic Networking and how traffic crosses a network
• Strong knowledge of Windows and Linux environments
• Strong knowledge of analysis tools such as SIEM / XDR / Wireshark along with OSINT
• Working knowledge of query languages (e.g., KQL, SQL) for security log analysis and threat detection
• Good communication skills and customer centric focus - ability to communicate clearly and in a timely manner with all customers, partners and users, internal and external
• Able to explain technical problems to non-technical people
• Able to compile and understand technical and non-technical reports
• Organise both themselves and others
• Must be a Team Player and be willing to understand that people junior to you may know more about a subject than them
• Able to learn new technologies with minimum oversight and able to pass that knowledge on
• Flexible and self sufficient. Able to function when under pressure Education and Professional Experience
• University Degree/Diploma in Cyber Security or Equivalent experience Desirable

• Any SIEM / XDR / SOAR training or certification • Other IT certifications or experience such as CISSP, COMPTIA CySA+, GCIA, GCIH

• At least 4 years experience in a SOC or SOC equivalent
• SC / DV clearance Other Requirement
• Be willing to undertake SC and / or DV clearance with multiple agencies
• Full Driving Licence Tier 3 Analyst Roles and Responsiblilties DXC Public 3
• Fluent in written and spoken English

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.

• Analyse and correlate results from various technology platforms. This entails investigating and assessing the impact of security events resulting from hits on indicators of compromise (IOCs), indicators of attack (IOA), or behavioural patterns (TTP’s - Tactics, Techniques, and Procedures) derived from bespoke queries within available technology platforms
• Understand a broad spectrum of the DXC’s technologies to deliver part of a Cyber Defence security service, which meets both DXC’s and their customers’ requirements
• Assist in the development of innovative ways to detect threats and anomalous behaviour leveraging logs and/or functionality within available technology platforms
• Develop an understanding of security event analysis from a range of data sources including network traffic attributes, host and network-based attributes (to identify security incidents)
• Delivery of assigned tasks within the delivery cycle as determined by customer or management.
• Drive and participate in proactive hunting campaigns to proactively identify potential security gaps and emerging threats across customer environments
• Lead technical deep-dive investigations of complex security incidents and create comprehensive post-incident analysis reports with actionable recommendations
• Follow procedures to communicate, report, and escalate incidents to appropriate DXC operational management units, technical leads, and/or engineering specialists
• Participate as part of a team, maintaining good relationships with team members, DXC colleagues and DXC customers
• Understand the company strategy and values, and the role that the individual plays Tier 3 Analyst Roles and Responsiblilties DXC Public 2
• Use the available knowledge and training tools and platforms to maintain and improve current skill level for the benefit of assigned projects, and professional development
• Make use of experience and tools to mentor more junior analysts to enhance individual growth for the CTAC
• Use and contribute appropriately to technical forums within the company environment and local professional communities and technical user groups
• Able to travel to DXC sites as per contract
• Participation in an on-call rota Knowledge and Skills
• Excellent knowledge of basic Networking and how traffic crosses a network
• Strong knowledge of Windows and Linux environments
• Strong knowledge of analysis tools such as SIEM / XDR / Wireshark along with OSINT
• Working knowledge of query languages (e.g., KQL, SQL) for security log analysis and threat detection
• Good communication skills and customer centric focus - ability to communicate clearly and in a timely manner with all customers, partners and users, internal and external
• Able to explain technical problems to non-technical people
• Able to compile and understand technical and non-technical reports
• Organise both themselves and others
• Must be a Team Player and be willing to understand that people junior to you may know more about a subject than them
• Able to learn new technologies with minimum oversight and able to pass that knowledge on
• Flexible and self sufficient. Able to function when under pressure Education and Professional Experience
• University Degree/Diploma in Cyber Security or Equivalent experience Desirabl