Ascot Group
Overview
Cybersecurity Defense SOC Analyst (L2) role at Ascot Group. This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations. The Ascot Way guides our people and our organization, with a collaborative, inclusive, and entrepreneurial culture focused on underwriting excellence, integrity, and client-focused service.
As part of our 24x7 Cybersecurity Defense function, the SOC Analyst (L2) will investigate security incidents, improve detection content, and support monitoring, detection, and incident response activities. This role works with the internal Cybersecurity team and our MSSP and will require shift work to support the global footprint across UK and US time zones. The position is in-office with a hybrid schedule.
Responsibilities
Monitor security tools to triage and respond to suspicious events and perform deep-dive incident investigations.
Escalate for L1/L2 SOC Analysts and coordinate response efforts with MSSP and stakeholders such as IT, Legal, and business units.
Develop and implement advanced security protocols and incident response procedures and improve threat intelligence processes.
Stay current with evolving threats, vulnerabilities, tools, and threat actor TTPs to enhance detection and response capabilities.
Provide governance over the daily operations of the MSSP and SOC team at a global level.
Mentor and train junior SOC team members.
Develop and refine standard operating procedures, run books, and playbooks for incident response and threat detection; manage technical analysis and log reviews.
Collaborate with end users on security-related incidents and requests; document and manage incident cases for stakeholder engagement and lessons learned.
Work in scheduled shifts as required and conduct in-depth investigations across logs, network, and other data sources to identify root causes and mitigate actions.
Implement detection use cases within the SIEM and manage log sources and SIEM health, including ingestion volumes and upgrades.
Assist with ad hoc projects as required.
Requirements
Cybersecurity related bachelor’s degree or related field.
Minimum of 8 years of experience in a security operations role or similar
Experience with building/migrating log sources onto a SIEM, creating detection content, log parsers, and detection engineering; MSSP background preferred.
Certifications such as Security+, CSA, CEH, CySA+, CISSP, GSEC, GCIH, CCSP, SC-200, CISSP-ISSMP, OSCP or equivalent preferred.
Solid experience with enterprise technologies, on-premises and cloud, Windows and Linux OS, Microsoft Azure, and M365; ability to detect signs of compromise in these systems.
Growth mindset with willingness to learn and a genuine interest in cybersecurity.
Detail-oriented with a structured approach to procedures and working instructions; ability to stay calm under pressure.
Strong written communication, critical thinking, and analysis skills; ability to explain complex problems to non-technical audiences.
Working understanding of security concepts and attack types (phishing, malware, vulnerabilities, MITRE ATT&CK, kill chain, attack stages).
Experience with SIEM, IDS/IPS, EDR/XDR, log analysis, and malware analysis; familiarity with MITRE ATT&CK framework.
Willingness to learn and adapt with a curious, creative growth mindset.
Compensation Actual base pay may vary based on experience, expertise, and skills. Base pay is one component of Ascot’s total compensation; additional rewards may include an annual bonus and other discretionary compensation. The salary range for this role in the NY Metro and Chicago, IL area is $105,000 – $120,000.
Company Benefits The company provides a competitive benefits package (eligibility requirements apply):
Health and Welfare Benefits: Medical, Dental, Vision, HSA, FSA, Life Insurance, AD&D, EAP, and more
Leave Benefits: Paid holidays, annual Paid Time Off, disability leave, and other leaves (Bereavement, FMLA, Adoption, Maternity, Military, caregiver leaves)
Retirement Benefits: 401(k) plan
Note: This position may be filled at a different level depending on experience.
#J-18808-Ljbffr
As part of our 24x7 Cybersecurity Defense function, the SOC Analyst (L2) will investigate security incidents, improve detection content, and support monitoring, detection, and incident response activities. This role works with the internal Cybersecurity team and our MSSP and will require shift work to support the global footprint across UK and US time zones. The position is in-office with a hybrid schedule.
Responsibilities
Monitor security tools to triage and respond to suspicious events and perform deep-dive incident investigations.
Escalate for L1/L2 SOC Analysts and coordinate response efforts with MSSP and stakeholders such as IT, Legal, and business units.
Develop and implement advanced security protocols and incident response procedures and improve threat intelligence processes.
Stay current with evolving threats, vulnerabilities, tools, and threat actor TTPs to enhance detection and response capabilities.
Provide governance over the daily operations of the MSSP and SOC team at a global level.
Mentor and train junior SOC team members.
Develop and refine standard operating procedures, run books, and playbooks for incident response and threat detection; manage technical analysis and log reviews.
Collaborate with end users on security-related incidents and requests; document and manage incident cases for stakeholder engagement and lessons learned.
Work in scheduled shifts as required and conduct in-depth investigations across logs, network, and other data sources to identify root causes and mitigate actions.
Implement detection use cases within the SIEM and manage log sources and SIEM health, including ingestion volumes and upgrades.
Assist with ad hoc projects as required.
Requirements
Cybersecurity related bachelor’s degree or related field.
Minimum of 8 years of experience in a security operations role or similar
Experience with building/migrating log sources onto a SIEM, creating detection content, log parsers, and detection engineering; MSSP background preferred.
Certifications such as Security+, CSA, CEH, CySA+, CISSP, GSEC, GCIH, CCSP, SC-200, CISSP-ISSMP, OSCP or equivalent preferred.
Solid experience with enterprise technologies, on-premises and cloud, Windows and Linux OS, Microsoft Azure, and M365; ability to detect signs of compromise in these systems.
Growth mindset with willingness to learn and a genuine interest in cybersecurity.
Detail-oriented with a structured approach to procedures and working instructions; ability to stay calm under pressure.
Strong written communication, critical thinking, and analysis skills; ability to explain complex problems to non-technical audiences.
Working understanding of security concepts and attack types (phishing, malware, vulnerabilities, MITRE ATT&CK, kill chain, attack stages).
Experience with SIEM, IDS/IPS, EDR/XDR, log analysis, and malware analysis; familiarity with MITRE ATT&CK framework.
Willingness to learn and adapt with a curious, creative growth mindset.
Compensation Actual base pay may vary based on experience, expertise, and skills. Base pay is one component of Ascot’s total compensation; additional rewards may include an annual bonus and other discretionary compensation. The salary range for this role in the NY Metro and Chicago, IL area is $105,000 – $120,000.
Company Benefits The company provides a competitive benefits package (eligibility requirements apply):
Health and Welfare Benefits: Medical, Dental, Vision, HSA, FSA, Life Insurance, AD&D, EAP, and more
Leave Benefits: Paid holidays, annual Paid Time Off, disability leave, and other leaves (Bereavement, FMLA, Adoption, Maternity, Military, caregiver leaves)
Retirement Benefits: 401(k) plan
Note: This position may be filled at a different level depending on experience.
#J-18808-Ljbffr