Security Operations Centre Analyst (SOC)
Department for Environment, Food and Rural Affairs
Apply before 11:55 pm on Monday 7th October 2024
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Information Technology
Security
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Defra is the UK government department responsible for safeguarding our natural environment, supporting our world-leading food and farming industry, and sustaining a thriving rural economy. Our broad remit means we play a major role in people's day-to-day life, from the food we eat, and the air we breathe, to the water we drink.
Digital, Data Technology and Security (DDTS) is the trusted team for digital across the entire Defra Group.
We have around 1,200 colleagues across DDTS and our ambition is to make it easier and faster than ever for people to interact with Defra. If you are ready to drive innovation and push boundaries, we want to hear from you. Join us and together we will create a great place for living, and a green and healthy future for all.
Find out more about DDTS:
Job description
Defra's Security Operations Centre (SOC) is accountable for protecting DEFRA against cyber threats. Our SOC analysts monitor the network and investigate any potential security incidents.
We are seeking an individual to help build our capability. Working as part of a small team you will be accountable for providing security monitoring and incident response. Using cyber security techniques, you will be ensuring that the DEFRA’s security is maintained.
Our Analysts are accountable for the day-to-day handling of alerts in our Security Information and Event Management (SIEM), incidents assigned to the Security Operations Centre and investigating indicators of compromise provided by Threat Intelligence.
As a SOC Analyst you will use a wide range of tools and technical expertise, currently focusing primarily on user behaviour, cloud security & application security.
Defra is transforming its IT security processes via a security improvement plan and approach in line with our new multi-supplier IT operating model. As we develop and grow against this plan the range of services that are protectively monitored by Defra’s SOC will increases.
The SOC team is based in Reading and London. The successful applicant will be expected to travel into one of either office on regular basis working a shift pattern during the day to ensure continuous monitoring of the organisation.
We welcome applicants with experience of working in a Security Operations Centre and other technological backgrounds or graduates in a relevant subject who may wish to move into this field of work, it should be noted that you must demonstrate transferable technical skills and a keen interest in cyber security to be considered for the role.
Person specification
Responsibilities
- Accountable for detection, identification and triage of security incidents using the provided security tooling and IT Service Management (ITSM) tool.
- Expand, tune, and enhance rulesets for our SIEM (Security Information and Event Management) tool etc to identify security incidents and reduce false positives.
- Support the Senior SOC Analyst with Major Incidents and assist the wider SOC team in recovering from security breaches, participating in bridge calls and investigations of security incidents and lessons learned as appropriate.
- Respond to Information Security related queries from stakeholders e.g. wider Security Team or suppliers.
- Work with our cyber partners to better know our estate and how to apply current threat intelligence to make it technologically relevant to our estate.
- Using current tooling run threat hunting queries regularly and investigate results. Work with other members of the SOC to improve our threat hunting capability and investigate IOCs (Indicators of Compromise) provided by Threat Intelligence or our cyber partners, including the National Cyber Security Centre (NCSC).
- Communicate and engage with a wide range of stakeholders, telling the story of our work and the service we provide to the business to improve the cyber security posture of the organisation.
Skills and experience
- Experience of working in an IT technical environment or having studied a STEM subject at A-Level or equivalent.
- Being a good communicator who has the capability to explain complex technical information to senior management and other non-technical staff using language that is plainly understood.
- Being a self-starter who is keen to learn about new and emerging technologies and cyber threats and how those threats may apply to a public sector organisation.
- Demonstrate good customer service skills and experience with the ability to be adjustable in all situations.
Selection process
The Civil Service marks each element of the selection process on a merit basis. You can visit the gov.uk website for further information on the Civil Service rating scale.
Ensure you have tailored your CV and your Personal Statement to the 'responsibilities' and 'skills and experience' section of the job advert by providing examples on how you are suitable for the role. You may find the STAR method helpful when writing your personal statement.
For further information on STAR, you can check out our hints and tips document.
Application
As part of the application process, you will be assessed on your experience and will be asked to complete:
- A CV
- A 500-word personal statement: Referring to the 'skills and experience' sections of the job advert, please demonstrate how you are suitable for the role by providing relevant examples.
Further details around what this will entail are listed on the application form.
Sift
Sift will begin shortly after the advert closes.
Should there be a large number of applications, an initial sift will be conducted using your personal statement.
Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment or interview.
Sift dates to be confirmed.
Interview
If successful at sift stage, you will be invited to interview where you will be assessed on the Technical Skill and Behaviours listed below.
As part of the recruitment process you will be required to do a presentation. Full details will be provided later within the process.
Interview dates are to be confirmed. Please note that these may be subject to change.
Interviews will be held virtually on Microsoft Teams.
For further information on Success Profiles, please use the links below and watch our videos on Defra Jobs.
Behaviours
Experience
Technical
Behaviours
We'll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Managing a Quality Service
Technical skills
We'll assess you against these technical skills during the selection process:
- Incident management and Information security - presentation
Benefits
- 25 days’ leave (rising to 30 days over 5 years) plus bank holidays.
- A Civil Service pension with an average employer contribution of 28.97%.
- A day off per year for the King's birthday.
- Access to a range of retail discounts (these include supermarket, tech, gym, holiday, phone and more).
- Flexible working options such as condensed hours, part-time and flexi time.
- 3 paid volunteering days per year.
- Funding for professional membership of a recognised professional body.
- Learning and development tailored to your role and budget for training or qualifications.
- A culture encouraging inclusion and diversity.
- Cycle to work scheme.
- Health cash plan to help you manage health costs for a reduced monthly fee.
- Access to the Employee Assistance Programme open 24 hours, 7 days a week, that provides support to you during any times of stress or difficulty.
- Free access to Headspace for wellbeing.
- Season ticket loan for public transport.
Equality, diversity and inclusion (EDI)
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy
Check out the video below from Jane McGeagh, Chief Operating Officer on why DDTS is a great place to work.
Things you need to know
Selection process details
Location
As part of the pre-employment process for this post, successful candidate(s) will be able to agree a contractual workplace from those locations listed in this advert. The agreed contractual workplace is then the substantive and permanent place of work for the successful candidate(s).
Where the location is ‘National’ the successful appointee should discuss and agree an appropriate contractual location in line with both Defra’s location policy and site capacity, prior to proceeding with pre-employment processes.
Successful applicants currently employed by the hiring Defra organisation for this post may choose to remain in their current contractual location or may choose to change contractual location to one of those listed above. This should be discussed and agreed prior to proceeding with pre-employment processes.
The agreed amount of time spent at a workplace for this post will reflect the requirement for Civil Servants to spend at least 60% of their working time in an organisation workplace with the option to work the remaining time flexibly from home. Working time spent at a workplace may include time spent at other organisational locations including field-based operational locations, together with supplier, customer or partner locations. This is a non-contractual agreement which is consistent with common Civil Service expectations.
Travel costs to non-contractual workplaces will be subject to departmental travel and subsistence policies. Travel costs to contractual workplaces are the responsibility of the employee.
The successful candidate is required to carry out all their duties from a UK location, and cannot do so from an overseas location at any time.
Defra includes the core department, APHA, RPA, Cefas and VMD.
Please note due the nature of the work and the requirement to be in a location with other team members the location is restricted to either Bristol, Reading or London.
Reserve list
A reserve list may be held for a period of 12 months from which further appointments can be made.
Near miss
Candidates who are judged to be a near miss at interview may be considered for other positions in Defra which may be at a lower grade, but have a potential skills match.
Merit Lists
Where more than one location is advertised, candidates will be posted in merit order by location. You will be asked to state your location preference on your application.
Salary
New entrants to the Civil Service are expected to start on the minimum of the pay band. The internal roles rules apply to existing Civil Servants, i.e. level transfers move on current salary or the pay range minimum, transfers on promotion move to new pay range minimum or receive 10% increase. Either case is determined by whichever is the highest.
Visa sponsorship statement
Please take note that Defra does not hold a UK Visa & Immigration (UKVI) Skilled Worker License sponsor and are unable to sponsor any individuals for Skilled Worker Sponsorship.
Reasonable adjustment
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
- Contact Government Recruitment Service (GRS) via DefraRecruitment.GRS@CabinetOffice.gov.uk as soon as possible before the closing date to discuss your needs.
- Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a language service professional.
Accessibility
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.
Criminal Record Check
If successful and transferring from another government department, a criminal record check maybe carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-Employment.Checks@cabinetoffice.gov.uk stating the job reference number in the subject heading.
Internal Fraud Database Check
Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the internal fraud database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
NSV
For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting
Childcare Vouchers
Any move to DEFRA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : DDTS Recruitment Hub
- Email : DDTSonPayrollRecruitment@defra.gov.uk
Recruitment team
- Email : defrarecruitment.grs@cabinetoffice.gov.uk
Further information
Government Recruitment Services via email: defrarecruitment.grs@cabinetoffice.gov.uk
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Click https://civilservicecommission.independent.gov.uk/contact-us/ to visit Civil Service Commission.