Apply now!
L2 SOC Analyst in London


Job Description                                                                   Job title: L2 SOC Analyst – No shift... Function:... Reports to: Cyber Security Operations...

Job description

Job Description                                                                  

Job title: L2 SOC Analyst – No shift duty

Function: IT

Reports to: Cyber Security Operations Manager

Sub Function:  Service and Operations

Level / Grade: 4

Location: London

Job purpose: Support the management and ownership of security services and operations within Thomas Cook.

Key accountabilities and decision ownership [max 8]:

  • Analyse information and intelligence relevant to threats facing the systems, infrastructure, and critical resources to our environment
  • Review alerts generated by Tier1 Analysts and deliver 2nd/3rd level investigation and remediation activities.
  • As a member of SOC team to conduct research and assessments of security events; provide analysis of firewall, IDS, anti-virus, Proxies and other network sensor produced events; present findings as input to CSIRT
  • Assist in Cyber Security Incident Response activities and investigate ; work with 1st, 2nd and 3rd line security analysts (internal and external) to identify and resolve the incident.
  • Use SIEM and security tools to monitor the security posture of the IT estate and identify anomalous activity and behaviours.
  • Support the development of the Cyber Security Operations function by adopting a proactive and innovative approach to continuous improvement
  • Assist in creating use cases for new content, fine tuning or recommendations on existing content.
  • Streamlining the process and procedures of SIEM to operate with various vendors among TCG.
  • Maintain proper documentation and review/modify existing documentation.


Additional Information:

  • Some travel may be required.
  • Out of hours working to cover incidents and on-call duty may be required.

Skills, know-how, and experience [max 8]:

Must have:

  • Proven experience of working in Cyber Security environments with strong technical background and relevant security domain, capable of analysing complex technical information to identify patterns, trends and linkage.
  • Proven experience of SIEM tools such as QRadar or similar, for analysing logs, network traffic, and security incidents
  • Understanding of Incident Handling/Response, IDS/IPS Monitoring, Forensics/Malware Analysis, Malware/Anti-malware techniques, Threat Hunting, exploits, attack vectors and defensive / preventative measures
  • Understanding of vulnerability assessment in terms of Zero day and report Vulnerability advisories
  • Basic understanding of security architecture, including encryption and encoding, network file sharing, web server operations, load balancers, and their security implications
  • Ability to work under pressure, managing multiple priorities in a rapidly changing and dynamic environment
  • Excellent verbal and written communication skills in English


  • Previous security operations centre (SOC) experience is desired
  • Understanding of ITIL - incident management, change management, and Problem management processes.
  • Experience in scriptings such as JavaScript, PowerShell or Python is desirable
  • The ability to work across various cultures internationally

Technical / professional qualifications:

  • University degree level education or equivalent work experience
  • CSA+, CEH,CCNA Security, Security+, GCIA or other equivalent certification

Further Information

Published at
Full UK/EU driving license preferred
Car Preferred
Must be eligible to work in the EU
Cover Letter Required