Security Operations Centre (SOC) Level 3 Analyst

81291 - Security Operations Centre (SOC) Level 3 Analyst

This SOC (Security Operations Centre) Level 3 Analyst will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in our Crawley office. You will be a permanent employee.

You will attract a salary of up to 75000 (depending on skills qualifications and experience) and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date: 01/09/2025.

We also provide the following additional benefits

• 25 Days Annual Leave plus bank holidays.
• Reservist Leave Additional 18 days full pay and 22 unpaid
• Personal Pension Plan Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
• Tenancy Loan Deposit Scheme Season Ticket Loan
• Tax efficient benefits: Cycle to Work Home & Tech and Green Car Leasing Schemes
• Occupational Health support
• Switched On scheme providing discount on hundreds of retailers products
• Discounted gym membership
• Employee Assistance Programme

This role is required to support incident response activities outside normal business hours during rostered on-call periods.

Job purpose:

The role of a Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated events and alerts then using experience combined with industry tools and techniques expediate a containment eradication and recovery strategy to minimise business impact and ensure UK Power Networks (UKPN) network systems and customer data are protected from cyber threats.

Dimensions

• People Work collaboratively in a team of circa 14 permanent and temporary cyber security operations staff. Mentor Level 1 and Level 2 SOC Analysts providing guidance and training.
• Suppliers regular interaction with technical resources provided by the outsourced Cyber Security Managed Service provider and cyber security tooling vendors.
• Communication - Communicate technical cyber security concepts to technical and non-technical colleagues across all levels of seniority so that they understand the situation and the associated risk to UK Power Networks.
• Stakeholders - Establish and maintain collaborative working relationships with internal and external technology teams and third party providers suppliers and partners to drive outcomes and create agreement around a course of action.

Principle Responsibilities:

1. Advanced Threat Hunting: analyse and assess multiple/complex threat intelligence sources and indicators of compromise (IOC) to identify emerging threat patterns vulnerabilities and anomalies and using this intelligence information and the available tooling search the UKPN environment to find and remove hidden threats which may have initially evaded our detective controls defences.
2. Policy Development: develop and create SOC policies technical standards and procedure documentation in consideration of current industry best practice.
3. Log Management: work with our MSSP and service owners to ensure onboarding of all log sources into the SIEM solution create alert use cases to correlate suspicious activities across assets (endpoints network applications) and environments (on-premises cloud) to identify patterns of anomalous activity.
4. Incident Response: improve security incident response playbooks and processes lead the response to escalated security alerts and events and/or high-severity security incidents provide senior level response activities such as incident tracking communication with partners overseeing remediation and recovery actions reporting and applying root cause analysis and lessons.
5. Security Orchestration Automation and Response (SOAR): support and develop UKPNs SOAR platform produce new workflows for automation using SOAR tools automating our response to common attack types and enhancing operational playbooks to allow efficient correlation and enrichment of security events.
6. Digital Forensics: report on serious cyber security incidents. Using experience combined with industry tools and techniques perform forensic analysis against information gathered from multiple data sources (endpoint event logs SIEM data dashboards enterprise applications network traffic patterns) and present consistent and reasoned action and response activities to ensure threats are contained and eradicated from UKPNs network systems.
7. Cyber Crisis Scenario Testing: participate in regular cyber-attack simulation exercises to test the organisations resilience to cyber threats and improve its cyber defences and attack preparedness.
8. Reporting: promote the continuous improvement of the security operations reporting capability including the creation and support of a reporting dashboard and the development of important security and performance metrics.
9. Security Systems and Tools Support: support the technical implementation maintenance and configuration of the suite of security tools products and systems to ensure prevention detection and response to cyber threats.
10. Audit: Participate in security audits (SOC Type II and ISO 27001) and work with internal and external partners to ensure compliance with relevant regulations and standards.
11. Continuous Improvement: develop creative solutions to automate security event monitoring detection and response review security event/alert use cases and log correlation to propose enhancements following the changing threat landscape.

Nature and Scope:

The Information Systems Department works across UK Power Networks supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

You will support all other team members the rest of Information Systems team IT Service Providers and partners across UK Power Networks to implement and improve cyber security operations capabilities.

The main measure of success for this role is upholding the IT and organisational resilience of UK Power Networks concerning cyber threats and incidents.

Qualifications:

• Considerable experience (commensurate to that of a subject matter expert) in a SOC Level 2 or 3 role with evidence of advanced threat hunting and incident response.
• Must have specific SOC training or qualification or academic equivalent such as bachelors degree in the field of Computer Science Cybersecurity and IT or related subject.
• Ideally hold an industry recognised information security qualification such as CISSP AZ-500 including knowledge of industry best-practice GIAC/GCIA/GCIH or CompTIA Advanced Security Practitioner (CASP) Certified Ethical Hacker (CEH) and/or SIEM-specific training and certification.
• Experience or knowledge in log correlation and analysis including chain of custody and forensics investigations and requirements.
• Knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and SO/IEC 27001/27002 GDPR CIS NIST.
• Working knowledge of security technologies including but not limited to SIEM SOAR EDR /AV IDS/IPS NAC AD DLP Web Filtering Email Filtering Behavioural Analytics TCP/IP Protocols network analysis and network/security applications.
• Knowledge of adversarial tactics techniques procedures (TTPs) and industry standard frameworks (e.g. Mitre ATT&CK).
• Detailed knowledge of SIEM and SOAR solutions Identity and Access Management and Data Loss Prevention tools preferably including FortiSIEM Q-Radar McAfee Web Gateway McAfee ePolicy Orchestrator Darktrace and Microsoft Defender. Microsoft Sentinel experience an advantage.
• Practical experience of developing incident response playbooks/processes Security Orchestration Automation and Response (SOAR) red-team exercises and tabletop crisis war games.
• Experience with security architecture and experience in investigating complex security breaches and network intrusions (e.g. state-sponsored groups or targeted ransomware attacks).

Should you not have the full range of essential skills qualifications and competencies listed above there may be an opportunity for further training to equip you. If you do not possess all relevant competencies for the core grade it will be appropriate to appoint at a lower grade until they have developed the required competencies.

Health & Safety Responsibilities

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees those under their control and those who might be affected by the work undertaken i.e. public visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding competence and application of requirements to work safely and without harming the environment.

Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment and where there are legal requirements employees will understand those impacts and the controls they must ensure are applied.

If in doubt ask!

We are committed to equal employment opportunity regardless of race colour ancestry religion sex national origin sexual orientation age citizenship marital status disability gender gender identity or expression or veteran status. We are proud to be an equal opportunity workplace.

If you have any queries in connection to this vacancy or your application please contact us at quoting the vacancy reference number and a member of the team will get in touch with you as soon as possible.