Defra operate a blended working policy subject to business need.
There is flexibility to split working week, spending minimum of 40-60% in the workplace, unless exceptional circumstances apply and/or you are an existing contractual home worker.
Our main Defra DDTS hubs are in York, Warrington, Newcastle, Reading and Bristol The successful candidate may be based from any Defra office, however regular travel to the Defra SOC in Reading will be required.
Please be aware that space within the London office is restricted and it may not be possible to be based in this location.
Defra is currently seeking a Senior SOC Analyst to join our in-house Security Operations Centre. As the Senior SOC Analyst you will act as the SOC shift lead, managing and coaching a small team of SOC Analysts and cyber security apprentices.
You will use your knowledge and experience to handle escalations from the SOC Analysts seeking advice and support in their decision making. You will have experience in security and ITSM tooling and knowledge of cyber attacks and mitigation strategies. Our SOC Analysts are responsible for identifying, investigating and resolving Cyber Security incidents using a wide range of tools and their specialist skills, focusing primarily on cloud security and application security. You will also lead the day to day development of the SOC Analysts to ensure they stay up to date with new techniques, tools and approaches to reduce the threat from attackers and hackers.
In our complex, multi supplier environment, you will use your specialist cyber skills to make decisions which will impact how quickly and decisively Defra responds to cyber security incidents. The role requires the ability to investigate security incidents by using our security tooling and applying previous experience to quickly define actions that lead to resolution.
You will also support communications with both suppliers and members of staff so that you are fully understood, and appropriate action can be taken as quickly as possible to protect Defra’s IT services and data from cyber incidents and attacks.
Additionally, you will also support the Senior SOC Service Manager and Head of SOC in responding to major incidents and day to day technical queries.
- Detection, identification and triage of security incidents.
- Line management of two SOC Analysts and oversight of cyber security apprentices, acting as technical escalation point for SOC Analysts/apprentices
- Act upon threat intelligence provided by Threat Intelligence report (or other sources)
- Investigate IOCs (Indicators of Compromise) provided by Threat Intelligence (or other sources)
- Work with the SOC Tuning Analyst to expand, tune, and enhance rulesets to identify security incidents and reduce false positives
- Act as the lead incident handler for major incidents and support the SOC Leadership team in major incidents
Skills and Experience
- Demonstrates broad knowledge of cybersecurity technologies, trends and strategy – including but not limited to, SIEM tools, hacking techniques, threat vectors & mitigation strategies
- Ability to manage and prioritise multiple tasks and assist/advise security analysts in establishing appropriate priorities and support SOC leadership with technical security queries
- Ability to review security logs and use code to write use cases
- Experience in leading/managing technical staff
- Good understanding of on-premise and cloud infrastructure
Job Types: Full-time, Permanent
Salary: £47,549.00-£60,188.00 per year
Reference ID: 229933