Tier 1 SOC Analyst- Cyber Threat Analysis Center

You must hold a UK passport only due to the security clearance, we can only accept single national status (2nd passport holders, OCI & ILR candidates can't be accepted) and you must have been in the UK for the last 5 years.

This role is based onsite in DXC Erskine, Newcastle, Corsham & Farnborough it covers a rotational 24x7 shift pattern.

MUST have at least 6 months working experience in SIEM technologies.

The Tier 1 Cyber Security Analyst plays a critical role in the initial triage, monitoring, and reporting of potential cyber threats within the Cyber Threat Analysis Centre (CTAC). Working under the guidance of more senior analysts, the Tier 1 Analyst will use their foundational knowledge of security information and event management (SIEM) solutions, to support the security operations team. They will also be proficient in utilizing Kusto Query Language (KQL) for log analysis and gain experience using multiple ticketing systems to manage incidents effectively ensuring that we adhere to our service level objectives.

1. Monitor and review security events across various SIEM platforms 24/7/365 to detect, triage, and respond to security incidents.
2. Act as the first line of response for security incidents by identifying, validating, and classifying potential threats, escalating to higher tiers when necessary.
3. Perform preliminary analysis on alerts to determine false positives and escalate confirmed incidents based on pre-defined criteria.
4. Create and manage incident tickets in the system to track incident status and facilitate accurate handovers between shifts.
5. Conduct and document formal handover/takeover procedures at the beginning and end of each shift to ensure continuity of operations.
6. Liaise with Tier 2 and Tier 3 Analysts for complex investigations, continuity briefs, and updates on service status issues.
7. Follow and provide feedback on existing processes; identify and suggest improvements to streamline workflow efficiency.
8. Follow procedures to communicate and report incidents to appropriate team members and document incidents as per CTAC guidelines.
9. Work closely with other CTAC team members, contributing to a cooperative environment while assisting in the completion of assigned tasks.
10. Develop a foundational understanding of security event analysis from network traffic, host logs, and other data sources to support incident identification and escalation.
11. Complete assigned tasks accurately and in a timely manner as directed by senior analysts or management.
12. Engage with available knowledge and training tools to maintain and improve technical skills, enhancing the ability to support CTAC operations effectively.

Once comprehensive training has been completed, the L1 Analyst will assume shift lead duties in the absence of an L2 Analyst. They will be responsible for security monitoring, completion of all assigned tasks and ensuring a thorough handover at the end of the shift.

1. Understands and can explain foundational networking concepts, including IP addressing, basic network protocols, and how traffic flows within a network.
2. Basic knowledge of Windows and Linux operating environments, including standard commands, file systems, and user authentication mechanisms.
3. Competence in using SIEM for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms.
4. Able to demonstrate basic knowledge using Kusto Query Language (KQL) to search and filter logs effectively.
5. Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information.
6. Able to communicate clearly and efficiently with team members and stakeholders, both internally and externally, under direction from senior analysts.
7. Can communicate simple technical issues to non-technical individuals in a clear and understandable way.
8. Able to create concise, structured reports that outline findings from preliminary investigations and daily monitoring activities.
9. Able to manage personal workload effectively to ensure timely completion of assigned tasks within the SOC.
10. Willing to collaborate with team members, accepting guidance and learning from more experienced analysts.
11. Shows initiative in learning new technologies and techniques, leveraging internal resources and training to grow professionally.
12. Able to function efficiently during high-pressure situations, following procedures to ensure consistent performance in incident management.

1. A suitable background in IT and a sound understanding of networking with at least one certification along with an enthusiastic approach to IT.

1. IT or security related certifications.
2. Experience in a SOC or SOC equivalent.
3. SC / DV clearance.

1. You will have to undertake SC and / or DV clearance with multiple agencies.
2. Full Driving Licence.
3. Fluent in written and spoken English.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.