Security Operations Centre Analyst (SOC)

Grade: HEO

Reference: 369138

Location: Can be based at any Defra office in England

Salary: £32,136 to £38,551

Closing Date: 07 Oct 2024

Defra’s Security Operations Centre (SOC) is accountable for protecting DEFRA against cyber threats. Our SOC analysts monitor the network and investigate any potential security incidents.

We are seeking an individual to help build our capability. Working as part of a small team you will be accountable for providing security monitoring and incident response. Using cyber security techniques, you will be ensuring that the DEFRA’s security is maintained.

Our Analysts are accountable for the day-to-day handling of alerts in our Security Information and Event Management (SIEM), incidents assigned to the Security Operations Centre and investigating indicators of compromise provided by Threat Intelligence.

As a SOC Analyst you will use a wide range of tools and technical expertise, currently focusing primarily on user behaviour, cloud security & application security.

Defra is transforming its IT security processes via a security improvement plan and approach in line with our new multi-supplier IT operating model. As we develop and grow against this plan the range of services that are protectively monitored by Defra’s SOC will increases.

The SOC team is based in Reading and London. The successful applicant will be expected to travel into one of either office on regular basis working a shift pattern during the day to ensure continuous monitoring of the organisation.

We welcome applicants with experience of working in a Security Operations Centre and other technological backgrounds or graduates in a relevant subject who may wish to move into this field of work, it should be noted that you must demonstrate transferable technical skills and a keen interest in cyber security to be considered for the role.

Person specification

Responsibilities

  • Accountable for detection, identification and triage of security incidents using the provided security tooling and IT Service Management (ITSM) tool.
  • Expand, tune, and enhance rulesets for our SIEM (Security Information and Event Management) tool etc to identify security incidents and reduce false positives.
  • Support the Senior SOC Analyst with Major Incidents and assist the wider SOC team in recovering from security breaches, participating in bridge calls and investigations of security incidents and lessons learned as appropriate.
  • Respond to Information Security related queries from stakeholders e.g. wider Security Team or suppliers.
  • Work with our cyber partners to better know our estate and how to apply current threat intelligence to make it technologically relevant to our estate.
  • Using current tooling run threat hunting queries regularly and investigate results. Work with other members of the SOC to improve our threat hunting capability and investigate IOCs (Indicators of Compromise) provided by Threat Intelligence or our cyber partners, including the National Cyber Security Centre (NCSC).
  • Communicate and engage with a wide range of stakeholders, telling the story of our work and the service we provide to the business to improve the cyber security posture of the organisation.

Skills and experience

  • Experience of working in an IT technical environment or having studied a STEM subject at A-Level or equivalent.
  • Being a good communicator who has the capability to explain complex technical information to senior management and other non-technical staff using language that is plainly understood.
  • Being a self-starter who is keen to learn about new and emerging technologies and cyber threats and how those threats may apply to a public sector organisation.
  • Demonstrate good customer service skills and experience with the ability to be adjustable in all situations.