SOC Cyber Analyst

SOC Cyber Analyst Hereford Based £75.48 hour Umbrella Inside IR35 12 Month Contract initially. This is a great opportunity to work within one of the UK's leading Defence organisations based Hereford. Typical duties include (but are not limited to): * Alert Triage: Review and assess alerts escalated by the outsourced SOC; validate their accuracy and determine potential impact. * Initial Investigation: Perform first-line investigation using available tools (SIEM, Device Logs, firewall logs and SIEM alerts). * User Interaction: Engage with affected end users or asset owners to collect additional information, verify events, or guide immediate containment steps (e.g. asset isolation, password reset). * Escalation: Escalate confirmed or high severity incidents to the Level 2 SOC (outsourced) or internal incident response teams, ensuring complete and accurate handoff documentation. * Incident Documentation: Create and maintain detailed case notes, timelines, and evidence within the case management system to support investigations and compliance requirements. * Collaboration: Serve as the coordination point between the security team and the external SOC partner, maintaining strong communication and situational awareness. * Playbook Execution: follow established triage and escalation playbooks; suggest improvements based on recurring issues or inefficiencies. * Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape. Knowledge: Essential: * 2-4 years of experience in a SOC, IT Operations, or security support role. * Understanding of key security concepts including malware, phishing, lateral movement and privilege escalation. * Working knowledge of network fundamentals, windows/Linux system logs and authentication systems. * Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar). Desirable: * Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001). Skills:- Essential: * Familiarity with ticketing and case management systems (e.g. Jira, The Hive 5, ServiceNow etc). * Strong analytical mindset and the ability to interpret logs and alerts. * Excellent written and verbal communications skills â€" able to communicate technical findings to both technical and non-technical stakeholders. Desirable: * Experience working alongside or within a Managed Security Service Provider (MSSP) or outsourced SOC. * Basic scripting or automation knowledge (PowerShell, Python, or Bash) is a plus. Desirable: * CompTIA Security+, CySA+ or other entry level certification For more information please contact Lauren Morley at JAM Recruitment or click apply