Security Analyst- Tier 2

About Kocho

We believe specialist UK firms deserve the same level of service they would give their own clients. We know that clients want expertise, a service they can rely on and intimate support from a named individual who knows their business.

Our relentless commitment to finding the best solution, our sense of pride in helping our clients achieve their goals and our thirst for understanding how technology improves business are what make us successful. With us it’s Personal We are seeking a highly capable 3rd Line Azure engineer, you will be responsible to remotely deliver senior 3rd line support and project services to multiple international customers, in line with contractual SLAs and KPIs.

Job Purpose

This position will assist the SecOps Tech Lead and Head of Security Operations in enhancing the SOC & SOAR operations
within Kocho. The Security Analyst will collaborate closely with other teams to build services and solutions that align with
security best practices and client assurance requirements. This includes, but is not limited to, the use of Microsoft
Sentinel, Microsoft Defender for Endpoint, Microsoft Defender for Cloud, and all other MS Security Stacks.

The primary responsibility of the Security Analyst role is to carry out operational SOC and SOAR activities as directed by
the SecOps Tech Lead and Head of Security Operations. This includes monitoring and responding to incidents and alerts
closing down incidents with comprehensive documentation. Furthermore, they will contribute to the efficient day-to-day
operations of the SOC, focusing on personnel, processes, and technology. With a solid foundation in IT Administration
and understanding of common corporate technologies, they will ensure all client SLAs are met, maintaining consistently
high client satisfaction scores.

You will be required to, work with members of the Security Operations Team to ensure all SOC & SOAR operational tasks
are completed on time and work tickets updated / closed with satisfactory technical details included, and where
appropriate escalate suspicious / malicious events to senior team members and Kocho or client incident response
personnel in order to identify, contain and remediate active threats. You will also be required to develop and update
operational documentation, as necessary.

Security Analysts will be comfortable engaging at both technical and non-technical levels, contributing as required in
technical workshops and client briefings / service reviews. You will be working in an incredibly passionate environment,
with great people in which you can actively contribute to develop and deliver our SOC & SOAR capability.

Key responsibilities of the role:
Strategy and Leadership:

- This is not a leadership role though you will be expected to mentor and support Junior Colleagues.

Technical Specialism:

- Advanced knowledge and experience with Microsoft Sentinel, Microsoft Defender for Endpoint, and Microsoft

Defender for Cloud familiarity with other Microsoft Security Stacks and a broad understanding of common
corporate technologies.
- Proficient in using KQL (Kusto Query Language) for threat hunting and other security-related investigations.
- Experience in IT administration, preferably within a Security Operations Center (SOC) environment.
- Experience in incident response and handling, including detailed incident reporting and documentation.
- Ability to analyze complex data and security logs to identify cyber security threats. Ability to communicate in

both technical and non-technical terms, tailoring approach to the audience.
- Self-motivated learner of technologies and methodologies to support best practice.
- Actively contributing to knowledge sharing across the business.

Security Operations:

- Act as an operational point of contact during significant cyber security events.
- Assist in the support of major incident handling within the SOC, and where applicable for clients.
- Provide support and guidance regarding monitoring activities.
- Provide “hands on” resource, working to ensure Kocho objectives and client SLA targets are achieved.
- Provide input and support for stakeholder communication.
- Assist and support the implementation of security controls, threat protection etc. for both Kocho and it’s clients.
- Support other Security Analysts and clients on rules/policies/filters/use cases and SOC tooling.
- Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned”

following incident investigation (cause and affect).
- Assist in the review of incident closures, post incident reports and act upon improvements identified.
- Undertake Threat Hunting, to include the development of queries to support improvements to the

identification of undetected threats on client estates.
- Contribute to team development through knowledge sharing, briefing and production of guides, incident

scenarios and playbooks.
- Show flexibility in developing knowledge of