SOC Analyst Remote Summary Today, it is an unavoidable fact that your business-critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. When you do not have enough internal resources, time, or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activities. NCC Group provides a range of managed and hosted services delivered from our Global Security Operations Centre (SOC), which operates 24/7, 365 days a year. Our team of over 100 accredited security experts is available around the clock, dealing daily with over 200 million log events and providing support for thousands of network devices. NCC Group’s MXDR Team provides world-class Extended Detection and Response (XDR) services, detecting, responding to, and mitigating cyber-attacks on our customers' networks in our Security Operations Centres. We use a plethora of detection tools such as the Microsoft Security Stack, Splunk, EDR, IDS & IPS tools, and many more, all integrated with NCC Group's Unified Cyber Platform (UCP). The MXDR Team is looking for L2 SOC Analysts with a passion for security to join the team, helping customers get the most out of our services and protect their networks. This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world-class services to our customers. This role is ideal for a seasoned SOC Analyst with experience in cybersecurity looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents. Responsibilities - Monitor global systems for potential threats, vulnerabilities, and indicators of compromise. - Perform in-depth analysis of security alerts utilising both NCC Group's UCP and explore further using the underlying detection platform where necessary. - Provide incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. - Document and adhere to processes related to security monitoring procedures. - Provide customer service that always exceeds our customers’ expectations. - Initiate escalation procedures to counteract potential threats, vulnerabilities, and threat actors. - Compile and review service-focused reports. - Act as an escalation point for junior team members, aiding and mentoring where necessary. - Contribute to the continuous improvement of SOC procedures and documentation. - Perform other SOC duties as assigned. Core Technical Skills & Experience - Practical experience with security and networking tools such as Microsoft XDR (Sentinel, Defender) and Splunk Enterprise/Cloud/Enterprise Security - Strong understanding of network protocols, endpoint detection, and digital forensics - In‑depth knowledge of Windows and Linux operating systems - Hands‑on experience analysing common security incidents and supporting endpoint security - Ability to remain calm and effective during high‑pressure and sensitive security situations Desirable Certifications Not mandatory, but a strong advantage if held or equivalent knowledge demonstrated. - Microsoft: SC‑200, AZ‑500, AZ‑900, MS‑500 - Splunk: Certified User, Power User, Advanced Power User, Enterprise Security Administrator - CrowdStrike: CCFR, CCFH - CREST: CPSA, CRIA, CMRE, CNIA, CHIA - CompTIA: Security+, Network+, CySA+ - Cisco: CCNA - SANS: GCIA, GCIH, GSEC - Other relevant certifications Ways of Working - Focusing on Clients and Customers. - Working as One NCC. - Always Learning. - Being Inclusive and Respectful. - Delivering Brilliantly. What do we offer in return? We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits: - Flexible Working: Balance your work and personal life with our flexible working options. - Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave (differs for SOC shift workers, please speak to your TA partner for more information). - Medicash & Critical Illness Scheme - Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme. - Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities. - Green Car Scheme: Drive green and save money with our eco-friendly car scheme. - Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme. - Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet. - Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments. So, what’s next? If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global.ta@nccgroup.com . About your application We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles. If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.

• The SOC Analyst is responsible for maintaining the organization’s cybersecurity posture through continuous monitoring, detection, and incident response. • Monitor and analyze security alerts from SIEM, EDR, NDR, FIM, and Antivirus platforms to detect potential threats. • Perform correlation and pattern analysis across multiple data sources to identify anomalies and sophisticated attack behaviors. • Continuously tune and optimize detection rules to reduce false positives and improve fidelity. • Execute incident response lifecycle activities including triage, containment, eradication, and recovery following NIST standards. • Document incidents thoroughly, providing root cause analysis, attack vectors, and corrective actions. • Support post-incident reviews to identify control gaps and recommend security improvements. • Develop, maintain, and enhance incident response playbooks and runbooks to ensure standardized handling of recurring alerts and use cases. • Collaborate with senior analysts to build SOAR playbooks for automated enrichment, containment, and notification workflows. • Conduct regular vulnerability assessments and coordinate with IT teams for timely remediation. • Manage and optimize EDR, SIEM, SOAR, FIM, NDR, and Antivirus tools to ensure operational readiness.

About Protera Welcome to Protera Technologies, where we’re reimagining how SAP-centric organizations work in the cloud. Since 1998, we’ve been pioneers in bringing SAP and related applications to the cloud—think Microsoft Azure and AWS. Our global crew, spanning the US with offices in Chicago (HQ), Athens, Greece, and Mumbai, India, is on a mission to make IT smoother, faster, and more fun for our clients. But here’s the thing: we’re not your typical “serious tech company.” While we’re obsessed with delivering top-notch IT solutions, we’re all about keeping it real, approachable, and enjoyable. We work hard, but we also play hard—whether we’re collaborating on cloud optimizations, enhancing security, or just hanging out as a team. At Protera, we believe in empowering SAP-centric organizations with the best tools and tech to drive growth, and we love what we do. Our values? Simple: stay curious, stay authentic, and make meaningful connections. We celebrate wins big and small, whether it's a successful project or a fun team event. If you’re looking for a place where tech and fun collide, come join us and see what makes Protera a great place to work. Shift Timing- Rotational (24*7) What You’ll Do The SOC Analyst is responsible for maintaining the organization’s cybersecurity posture through continuous monitoring, detection, and incident response. Using advanced technologies such as Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Network Detection and Response (NDR), File Integrity Monitoring (FIM), and Next-Gen Antivirus (NGAV), the analyst identifies and mitigates security threats in real time. This role also contributes to the design and development of automated playbooks using Security Orchestration, Automation, and Response (SOAR) platforms to streamline response workflows and improve SOC efficiency. The analyst collaborates across teams to strengthen detection logic, enhance processes, and ensure proactive defense against evolving cyber threats. Threat Monitoring & Detection - Monitor and analyze security alerts from SIEM, EDR, NDR, FIM, and Antivirus platforms to detect potential threats. - Perform correlation and pattern analysis across multiple data sources to identify anomalies and sophisticated attack behaviors. - Continuously tune and optimize detection rules to reduce false positives and improve fidelity. Incident Response & Management - Execute incident response lifecycle activities including triage, containment, eradication, and recovery following NIST standards. - Document incidents thoroughly, providing root cause analysis, attack vectors, and corrective actions. - Support post-incident reviews to identify control gaps and recommend security improvements. Playbook Development & Automation - Develop, maintain, and enhance incident response playbooks and runbooks to ensure standardized handling of recurring alerts and use cases. - Collaborate with senior analysts to build SOAR playbooks for automated enrichment, containment, and notification workflows. - Align playbooks with MITRE ATT&CK and Cyber Kill Chain frameworks to ensure comprehensive coverage of adversarial tactics. Vulnerability & Risk Management - Conduct regular vulnerability assessments and coordinate with IT teams for timely remediation. - Evaluate system configurations and network architecture for potential risks and ensure secure baselines. - Track and report on vulnerability remediation metrics. Security Tooling & Integration - Manage and optimize EDR, SIEM, SOAR, FIM, NDR, and Antivirus tools to ensure operational readiness. - Integrate data sources and automate workflows between platforms for improved incident visibility and response time. - Provide input on the design and deployment of new security solutions. File Integrity & Endpoint Protection - Monitor File Integrity Monitoring (FIM) systems to detect unauthorized modifications in critical files and directories. - Analyze and respond to Antivirus/NGAV alerts to prevent and contain endpoint infections. - Validate cleanup and verify systems post-remediation. Network Detection & Threat Intelligence - Leverage NDR tools to identify lateral movement, command-and-control (C2) traffic, and exfiltration attempts. - Incorporate Threat Intelligence Feeds (STIX/TAXII) for enhanced situational awareness and detection context. - Conduct proactive threat hunting based on known TTPs (Tactics, Techniques, and Procedures). Reporting & Compliance - Generate detailed reports and dashboards highlighting incident metrics, trends, and SOC performance (MTTD, MTTR, volume by category). - Ensure compliance with standards like ISO 27001, SOC 2, GDPR, HIPAA, and NIST CSF. - Support audits and assist in evidence gathering for compliance activities.

Lead the design and development of risk modeling tools, define and improve cybersecurity risk assessment methodologies, and ensure compliance with ISO/SAE 21434 standards while collaborating cross-functionally to integrate assessments into vehicle...