Security Operations Centre Analyst Ref. 3472
Security Operations Centre Analyst Ref. 3472
Department Technology Roles
Location(s) London
£48,500 - £61,800 in accordance with DDaT Government Framework and depending on experience
About Us
We’re MI6, also known as the Secret Intelligence Service (SIS). Our mission is to protect the security and economic wellbeing of the UK from overseas threats such as regional instability, terrorism, and cyber-attacks. Working across the globe and in close partnership with MI5 and GCHQ, we help the Government to counter these threats through the provision of secret intelligence. A role in MI6 will see you providing vital support to this work, within a supportive and encouraging environment that puts the emphasis on teamwork.
The Role
As a SOC Analyst in one of our dynamic Cyber Security teams, you'll be at the forefront of protecting MI6’s most valuable assets – our users, agents, and data. As part of a close-knit and highly skilled team, you'll gain end-to-end oversight of the security landscape, monitoring activity and responding to potential threats that could disrupt our business. Whether it’s identifying, assessing, or addressing risks, your expertise will help maintain the integrity of our systems and ensure our operations remain secure.
In this versatile role, you’ll experience a diverse and fast-paced work environment. One moment, you’ll be monitoring IT systems and networks for potential breaches and swiftly responding to alerts. The next, you’re diving deep into resolving incidents, collaborating with the technical and business teams to tackle issues head-on. You’ll also contribute to enhancing our SOC Incident Response processes, developing playbooks, and automating activities to make sure our service is second to none.
But that’s not all – you'll also work closely with customers and projects to identify and integrate key log sources for monitoring. You'll evaluate new and existing log sources, fine-tune our monitoring strategy, and represent the wider team during major incidents. In this role, every day is a fresh opportunity to sharpen your skills and make a real impact in an environment where security is at the heart of all we do.
About You
This role is open to both recent graduates and seasoned professionals in the cybersecurity field. While previous experience as a SOC Analyst is highly desirable, we also welcome and encourage applications from individuals with experience in related technical IT fields, such as DevOps, System/Network Engineering, or System Administration.
To apply, you should have at least a basic grasp of networking and infrastructure design. That means hands-on experience performing technical-level analyses of SOC systems and understanding a variety of IT platforms. We are looking for people who possess any of the following technical skills:
- Proficiency in using SIEM platforms (Splunk highly desirable).
- Familiarity with EDR (Endpoint Detection and Response) tools and network monitoring tools.
- Experience with cloud environments, particularly AWS, including security monitoring, logging (e.g., CloudTrail, GuardDuty), and best practices for securing cloud infrastructure.
- Basic scripting or automation skills (e.g., Python, PowerShell) to optimize tasks and develop security automation workflows.
You will also bring strong analytical thinking to investigate security incidents and derive meaningful insights, with the ability to handle dynamic and high-pressure situations with a calm, methodical approach. Your effective communication skills will ensure clarity working with both technical and non-technical stakeholders, both spoken and writing, where you will provide concise, actionable reports and documentation for incidents, playbooks, and technical evaluations.
This is a role where your keen attention to detail will be valued when analysing logs, alerts, and system activity to detect potential threats. With a team-oriented mindset, you’ll contribute to a close-knit group of security professionals, mentoring junior team members and sharing knowledge within the team and staying up to date with the latest cybersecurity trends, threats, and technologies.
Training and Development
At MI6, we're committed to your growth. From day one, you’ll have access to a comprehensive range of training and development opportunities tailored to enhance your skills and knowledge. Whether it's pursuing certifications like Certified Cloud Security Professional (CCSP) / Certified Information Systems Security Professional (CISSP) or additional qualifications in Information Security, we'll support your professional advancement every step of the way.
Upon joining, you’ll be welcomed into our team and guided through our processes, systems, and goals. With the support of a mentor or buddy, along with the entire team, you’ll get to learn your role. And should you ever need extra support, we’re always here for you, ready to provide additional training tailored to your needs, ensuring you have the tools and expertise to thrive.
Rewards and Benefits
You’ll receive a starting salary of £48,500 - £61,800 depending on experience plus other benefits including:
- 25 Days Annual Leave automatically rising to 30 days after 5 years' service, and an additional 10.5 days public and privilege holidays
- Opportunities to be recognised through our employee performance scheme
- Interest-free season ticket loan
- Cycle to work scheme
- Facilities such as a gym, restaurant and on-site coffee bars (at some locations)
- Paid parental and adoption leave.
At MI6 diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds.
Find out more about our culture, working environment and diversity on our website:
MI6 are proud to have achieved Leader status within the DWP’s Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people. Being Disability Confident, we aim to offer a person-to-person interview to any candidate who self-identifies as disabled and meets the essential criteria for the role. This is our ‘Offer of Interview’ (OOI). To secure an interview for this vacancy, the essential criteria, which will be assessed at Application sift, are:
- Knowledge of networking concepts and basic understanding of cybersecurity principles
- Ability to perform technical-level analyses of SOC systems and an understanding of a variety of IT platforms
- Demonstrate analytical and problem-solving skills
What to Expect
Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:
- Application sift, looking at your motivation for the role and the organisation
- Online HR interview assessing your motivation for joining the organisation and assessing you against Civil Service Style Competency Questions
- If successful at the HR interview, you will then be invited to a final face-to-face interview assessing your technical skills and experience
- If successful, you will receive a conditional offer of employment
Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 - 9 months to process including vetting, so we advise you continue any current employment until you have received your final job offer.
Before You Apply
To work at MI6, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here .
This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here.
Please note we have a strict drugs policy, so once you start your application, you can’t take any recreational drugs and you’ll need to declare your previous drug usage at the relevant stage.
The role is based in Central London, so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application. A loan is available to support people relocating to London.
Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member.
Right to Withdraw Statement:
Please be aware that we withhold the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
