Job Description

About Ekco

Founded in 2016, Ekco has quickly become one of Europe's fastest-growing cloud solution providers and your trusted security-first Managed Service Provider.


IT leaders choose Ekco to drive operational efficiency, scale smarter and stay ahead of risk - powered by local expertise, delivered at European scale.


We specialise in helping organisations advance their cloud maturity guiding transformation, strengthening security, and maximising the value of their technology investments.


? In simple terms: we help organisations modernise with confidence securing their systems, optimising their cloud, and keeping them resilient in a rapidly changing world.





Today, we're a thriving team of 1,000+ talented and supportive colleagues across the UK, Ireland, Benelux, South Africa, and Malaysia--and we're continuing to grow.


At Ekco, how we work matters as much as what we deliver. Our people live by four core values that shape everything we do:

On It

: We take ownership, follow through, and get things done.

All

In : We collaborate, support each other, and commit fully to shared goals.

Connected

: We build trusted relationships with colleagues, clients, and partners.

Hungry to Grow

: We stay curious, keep learning, and push ourselves to the next level.
If these values resonate with you, you'll feel right at home here.

The Role

We wish to appoint a SOC Engineer to our team. The candidate will be one of the leaders of a team of that delivers a range of advisory and technology services to our clients. This is a great opportunity to become involved in a dynamic and rapidly growing team delivering a leading range of professional services offering.


EKCO will support you and encourage your growth and development to identify further potential and expertise in the cybersecurity field.

Day to day your role will involve:

Develop content for a complex and growing SIEM infrastructure. This includes use cases, dashboards, active channels, reports, rules, filters, trends and active lab sessions. Use SIEM in the daily operational work which includes but not limited to administer, operate, manage SIEM platform and regular activities of ensuring the health of log sources, parsers, alerts, reports etc. and enduring that the platform is operating as planned. Monitor SIEM and other event sources, assess, prioritize, escalate and manage security alerts. Perform analysis of security, network database and application logs, correlate events and activities to create threat scenarios in order to get ahead of threat actors and reduce the exposure. Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms. Track and resolve security incidents on regular frequencies and collaborate with other teams for resolution and suggest areas for improvement. Must have some experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box. Own and operate most important security solutions designed to protect the company from cyber threats and attacks. Lead in deploying new solutions and technologies to improve the security posture of the company. Continuous fine-tuning of our security solutions to reduce the occurrence of false positive and false negative alerts. Working knowledge and experience with the MITRE framework for cyber adversary tactics and techniques Performing other duties as assigned.

To be successful in this role you'll need/ What you'll bring to the role or team/ What we're looking for in a teammate

A Bachelor's degree or equivalent in Computer Science, Computer Engineering, Electrical Engineering, Network Security, Information Security, Information Technology, or Mathematics (or equivalent work experience) Keen problem solving/ troubleshooting skills A can-do attitude Excellent written and verbal communication skills. You should be able to communicate technical details clearly. The ability to adjust and adapt to changing priorities in a dynamic environment A pro-active approach to addressing issues and requests and the ability to multi task The ability to learn new technology and concepts quickly Great organisational skills and attention to detail Experience supporting and administering Splunk 5 to 10 years of professional experience

Bonus points if you have:

Prior experience working with SIEM or EDR - E.g. SPLUNK, IBM QRadar, Sentinel, Rapid7, Carbon Black, ZScaler and Proofpoint Industry recognized certifications - E.g. CompTIA Security+, CySA+, Microsoft SC-200 Demonstrated knowledge of TCP/IP networking and major protocols such as: HTTP, SSL/TLS, DNS, SMTP An understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR) Theoretical or practical knowledge in the following areas: Unix, Linux, Windows, etc. operating systems Exploits, vulnerabilities, network attacks Well-known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP, etc.) Packet analysis tools (tcpdump, Wireshark, ngrep, etc.) o Regular expressions Database structures and queries

Why Ekco

? Microsoft's 2023 Rising Star Security Partner of the Year First Irish Microsoft MSP to achieve all four Microsoft Security Specializations Ranked 4th fastest-growing technology company in the Deloitte Fast50 Awards A culture rooted in diversity, equality, inclusion & belonging A commitment to internal mobility and career progression Flexible, family-friendly working at the heart of our culture * Proud to be your trusted security-first Managed Service Provider chosen by IT leaders to drive operational efficiency, scale smarter and stay ahead of risk.