SOC (Security Operations Centre) Level 2 Analyst

Reference Number - 79159

This Security Operations Centre (SOC) Level 2 Analyst will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in either or Crawley or Ipswich office. You will be a permanent employee.

You will attract a salary of £45,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date: 07/07/2024

We also provide the following additional benefits

• Annual Leave
• Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
• Tenancy Loan Deposit scheme
• Tax efficient benefits: cycle to work scheme
• Season ticket loan
• Occupational Health support
• Switched On - scheme providing discount on hundreds of retailers products.
• Discounted access to sports and social clubs
• Employee Assistance Programme.

JOB PURPOSE:

The role of a Security Operations Centre (SOC) Level 2 Analyst is to respond to cybersecurity events and alerts and, using experience, combined with industry tools and techniques, ensure UK Power Networks' (UKPN) network systems and customer data are protected from cyber threats.

DIMENSIONS:

• People - work collaboratively in a team of circa 14 permanent and temporary cyber security operations staff.
• Suppliers - regular interaction with technical resources provided by the outsourced Cyber Security Managed Service provider and cyber security tooling vendors.
• Communication - document and communicate cyber security events and alert findings to both peer and executive level colleagues in verbal, written, and presentational form so they understand the possible effects and risks.
• Stakeholders - Create strong relationships with internal and external technology teams and third-party providers, suppliers, and partners to improve outcomes and create agreement around a vision or course of action.

Principle Responsibilities:

1. SoC Monitoring: Monitor and evaluate cyber security events and alerts using a variety of security tools and systems, including IBM QRadar, FortiSiem Microsoft Defender for Office 365, McAfee Web Gateway, McAfee ePolicy Orchestrator and Darktrace.
2. Incident Response: Respond to cyber security incidents, including internal and external threats, documenting all activities undertaken during an incident.
3. Analysis: Investigate and analyse information from varied data sources (endpoint event logs, SIEM data, dashboards, enterprise applications), develop and present consistent and reasoned next steps or escalate.
4. Threat Hunting: Review basic threat intelligence and indicators of compromise (IOC) to search for known cyber threats within the UKPN network, which have evaded our automated security tools and defences and will persist if not detected.
5. Reporting:Create reports on specific incidents, and trends in threats, communicating the findings to all kinds of partners.
6. Continuous Improvement: Recommend improvements to security event detection and mitigation strategies based on ongoing threat analysis.
7. Cyber Crisis Scenario Testing: Participate in regular cyber-attack simulation exercises to test our IT and organisation resilience to improve cyber defences and attack preparedness.
8. Security Tools Support: ensure technical updates to tools, products and configurations are appropriately applied and maintained.

NATURE AND SCOPE:

The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

You will support all other team members, the rest of Information Systems team, IT Service Providers and partners across UK Power Networks to implement and improve cyber security operations capabilities.

The main measure of success for this role is upholding the IT and organisational resilience of UK Power Networks concerning cyber threats and incidents.

Qualifications:

• Minimum 2 years+ hands on experience in a SOC environment
• Hold an industry recognised information security qualification such as GIAC/GCIA/GCIH, CISSP or CompTIA Advanced Security Practitioner (CASP+) and/or SIEM-specific training and certification.
• Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.
• A basic knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and ISO/IEC 27001/27002, GDPR.
• Experience with main security concepts/principles (CIA, threats, vulnerabilities, and exploits)
• Working knowledge of the Cyber Kill Chain and/or Incident Response Phases and adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
• Experience with the approach a threat actor takes to when attacking a network including phishing, port scanning, web application attacks, DDoS, lateral movement.
• Knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention tools and technologies preferably including FortiSIEM, Q-Radar, McAfee Web Gateway, McAfee ePolicy Orchestrator, Darktrace and Microsoft Defender. Microsoft Sentinel experience also an advantage.
• Working knowledge of security technologies including but not limited to EDR, AV, IDS/IPS, NAC, AD, Web Filtering, Email Filtering, Behavioural Analytics, TCP/IP Protocols, network analysis, and network/security applications.
• Proficient in at least one or more of the following, within a corporate environment:
• Endpoint operating systems (e.g. Microsoft, Linux, and/or OS X)
• Core networking principles (e.g. switches, routers, wireless access points, Internet)
• Infrastructure security devices (e.g. firewalls, proxies, IDS/IPS)
• Support enterprise level services (e.g. AD, DNS, DHCP, IIS, Apache, VPN/DA, Databases)
• Anti-virus, anti-malware, ransomware, data leak protection
• Vulnerability management, endpoint forensics, intrusion analysis activities
• Azure Cloud computing platform
• Open Source Intelligence and security tools

Health & Safety Responsibilities

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.

Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.

If in doubt ask!

We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.