Security Operations Centre Analyst

Summary: Reporting to the Director of Info Sec and Cyber Operations, the Security Operations Centre (SOC) Analyst will be an integral part of the team s success.

As a security operations center (SOC) engineer, you will help build and manage services that detect and automate the mitigation of cybersecurity threats across Waystone infrastructure. You will work with software engineers, DevOps engineers, IT Engineering, internal audit and compliance teams, and other security engineers across multiple teams to protect Waystone.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Monitor and analyse security alerts from various sources, including AWS, Azure, O365, Okta, Zscaler and SIEM tools, to identify potential security threats.

Perform incident detection, analysis, and response for cloud-native environments, utilizing Security Hub (AWS) and Defender for Cloud (Azure).

Collaborate with internal teams to address security incidents and ensure timely resolution, including coordination with IT, Security Engineering, and other stakeholders.

Develop and refine security monitoring policies, rules, and alerting configurations for enhanced detection capabilities.

Conduct investigations into security incidents, identifying root causes and recommending remediation steps.

Maintain and optimise DLP solutions for the organisation to prevent unauthorised data exposure.

Generate regular reports on security incidents, key metrics, and recommendations for security improvements.

Proactively identify security risks and work with various teams to mitigate potential threats.

Participate in threat hunting activities to identify advanced threats and vulnerabilities within the cloud and on-premises environments.

Provide input into the SOC s continuous improvement processes, including playbook development and toolset enhancement.

REQUIREMENTS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Experience:

3+ years of experience in a Security Operations Centrr (SOC) or similar environment.

Hands-on experience with AWS, Azure, Zscaler and O365 security tools and technologies.

Strong familiarity with cloud native tools, cloud security posture management, and application security (Security Hub, Defender for Cloud).

Experience with SIEM platforms (CrowdStrike NG-SIEM or similar) including alert tuning, query development, and integration with cloud environments.

Proficient in data loss prevention (DLP) strategies and tools, with the ability to customise and maintain DLP policies.

Strong understanding of incident response processes and best practices.

Demonstrated ability to conduct thorough investigations and report on complex security incidents.

Familiarity with cloud security principles, tools, and techniques, including identity and access management (IAM) and network security.

Strong problem-solving skills, attention to detail, and ability to work under pressure in a fast-paced environment.

Education:

Bachelor s degree in information security, Computer Science, or related field (or equivalent work experience).

CCSP

AWS certification

Azure Certification