London, Cardiff, Darlington, Edinburgh, Belfast (may require occasional travel to other DIT Offices), United Kingdom

We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video!

Our Digital, Data and Technology team develops and operates tools, services, and platforms such as great.gov.uk that enable the UK government to provide world'leading support to businesses in the UK and overseas.

You'll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade.

Job Description

Let us tell you a little bit about the role...

As a Senior SOC Analyst, you will be ... 

Helping to safeguard the security of DIT and the wider UK government by performing a variety of exciting tasks. You will be responsible for the collection and analysis of security event data, management of security alerts, and response to and investigation of any security incidents.  At a high level the role is responsible for the monitoring aspects of the Security Operations Centre (SOC) Target Operating Model (TOM).?You will be working closely with colleagues in cyber teams, security teams, and product and service owners to manage and improve responses to security events and maintain organisational readiness through preparedness and co-ordinating team activity. 

Responsibilities

What we're looking for from you...

You will be an experienced SOC Analyst who can: 

• Manage the implementation of monitoring policy. 
• Support the management of the SOC TOM, policies, and standards to govern all activities and outputs. 
• Manage the monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents, and review analysis of security event data to manage security incident response, reporting, or escalation where appropriate. 
• Produce thorough documentation on complex incidents focusing on the improvements that can be made to processes, playbooks and tooling.  
• Lead small monitoring teams in the design, development, and enablement of automated monitoring processes, recommending and implementing the latest SIEM (Security Information and Event Management) and network analysis tools, techniques, and procedures to detect malicious activity and ensure continuous improvement through dashboard monitoring or retrospective assessment. 
• Manage response policies and processes to meet the needs in line with appropriate standards. 
• Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with other team members.  
• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors. 
• Manage post-incident review, including root cause analysis, to feed-back information and so improve monitoring. 
• Provide specialist, tailored advice on mitigation, handling escalations with risk and service owners as appropriate. 

Essential Skills and Experience:

You'll have demonstrable skills and experience of:

• A degree in Computer Science or a technology-related field OR
  • appropriate industry experience.
• Experience of working in a SOC or security monitoring roles.
• Demonstrable experience with KQL or similar query language.
• Solid knowledge of various information security frameworks.
• Demonstrable experience in cyber security incident management.
• Effective verbal and written communication skills

How to Apply

Please apply by clicking APPLY NOW.

The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Click through to apply and find out more.

 Technical Skills

We'll assess you against these technical skills during the selection process:

• Understanding of threat actors and motivations. 
• Query language skill in KQL or equivalent. 
• Understanding of Digital and cloud environments such as AWS and Azure.  
• Technical investigation skills for a multi-platform environment. 
• Incident management, Investigation and Response. 
• Protective Security. 

Further Information

Find out about our benefits, application process and practical details like our office locations on the things you need to know page. Remember to check out our blog, Digital Trade.

Closing date for applications: Tuesday 5th July at noon

Contact Name: Department for International Trade
Reference: TJ/9705/oEs5jfwe
Job ID: 3106522