Level 2 SOC (Security Operations Centre) Analyst
SOC (Security Operations Centre) Level 2 Analyst
Reference Number - 79159
This Security Operations Centre (SOC) Level 2 Analyst will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in either Crawley or Ipswich office. You will be a permanent employee.
You will attract a salary of £60,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.
Close Date: 16/09/2024
We also provide the following additional benefits:
- Annual Leave
- Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
- Tenancy Loan Deposit scheme
- Tax efficient benefits: cycle to work scheme
- Season ticket loan
- Occupational Health support
- Switched On - scheme providing discount on hundreds of retailers products.
DIMENSIONS:
- People: Work collaboratively in a team of circa 14 permanent and temporary cyber security operations staff.
- Suppliers: Regular interaction with technical resources provided by the outsourced Cyber Security Managed Service provider and cyber security tooling vendors.
- Communication: Document and communicate cyber security events and alert findings to both peer and executive level colleagues in verbal, written, and presentational form so they understand the possible effects and risks.
Principal Responsibilities:
- SoC Monitoring: Monitor and evaluate cyber security events and alerts using a variety of security tools and systems, including IBM QRadar, FortiSiem, Microsoft Defender for Office 365, McAfee Web Gateway, McAfee ePolicy Orchestrator, and Darktrace.
- Incident Response: Respond to cyber security incidents, including internal and external threats, documenting all activities undertaken during an incident.
- Analysis: Investigate and analyse information from varied data sources (endpoint event logs, SIEM data, dashboards, enterprise applications), develop and present consistent and reasoned next steps or escalate.
- Threat Hunting: Review basic threat intelligence and indicators of compromise (IOC) to search for known cyber threats within the UKPN network, which have evaded our automated security tools and defences and will persist if not detected.
- Reporting: Create reports on specific incidents and trends in threats, communicating the findings to all kinds of partners.
- Continuous Improvement: Recommend improvements to security event detection and mitigation strategies based on ongoing threat analysis.
- Cyber Crisis Scenario Testing: Participate in regular cyber-attack simulation exercises to test our IT and organisation resilience to improve cyber defences and attack preparedness.
NATURE AND SCOPE:
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieves this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service, and seamless delivery are at the heart of this ethos and are therefore strongly underpinned by effective cyber security.
Qualifications:
- Must have hands-on experience in a SOC operational environment.
Or
- Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field, or equivalent training and/or experience.
- Ideally hold an industry-recognised information security qualification such as GIAC/GCIA/GCIH, CISSP, or CompTIA Advanced Security Practitioner (CASP+) and/or SIEM-specific training and certification.
- A basic understanding or knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISO/IEC 27001/27002, GDPR is advantageous.
- Broad understanding of key security concepts/principles (CIA, threats, vulnerabilities, and exploits).
- Working knowledge of the Cyber Kill Chain and/or Incident Response Phases and adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
- Good understanding of the approach a threat actor takes when attacking a network, including phishing, port scanning, web application attacks, DDoS, and lateral movement.
- Good working knowledge of SIEM and SOAR solutions, Identity and Access Management, and Data Loss Prevention tools and technologies, preferably including FortiSIEM, Q-Radar, McAfee Web Gateway, McAfee ePolicy Orchestrator, Darktrace, and Microsoft Defender. Microsoft Sentinel experience is also an advantage.
- Working knowledge of security technologies including but not limited to EDR, AV, IDS/IPS, NAC, AD, Web Filtering, Email Filtering, Behavioural Analytics, TCP/IP Protocols, network analysis, and network/security applications.
- Proficient in at least one or more of the following, within a corporate environment:
- Endpoint operating systems (e.g. Microsoft, Linux, and/or OS X)
- Core networking principles (e.g. switches, routers, wireless access points, Internet)
- Infrastructure security devices (e.g. firewalls, proxies, IDS/IPS)
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
