JOB SUMMARY

About us
The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated three times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards!

JOB DESCRIPTION

About the role
This position is part of the DBT Security Operations Centre (SOC) and reports directly to the SOC Manager. The SOC is responsible for detecting and responding to both internal and external threats to the security of DBT’s services and the data that supports them. This role plays a vital part in protecting the Department and supporting its mission to drive economic growth.
The Lead SOC Analyst will lead the CIDR (Cyber Incident Detection and Response) team acting as a point of escalation for analysts and escalating incidents to the SOC manager and beyond as necessary. A key part of the incident response process will be the collection and implementation of lessons learned as part of a continuous improvement cycle.
Working closely with other SOC functions, primarily Cyber Engineering, the role will ensure that appropriate logging and monitoring is in place across DBTs end user and digital estates. The creation and maintenance of new and existing analytic rules based on this logging, and feedback from incidents, is vital to maintaining DBTs detect and respond capability.
About you
You will be an experienced SOC analyst with an excellent understanding of the threats facing an organisation in a cloud environment. Familiar with SIEM (Security Incident and Event Management) tools and a detailed understanding of logging requirements in digital services, you will be able to both create and review analytic rules to improve detection capability. You will also possess strong communication and line management skills and be able to lead the CIDR team effectively to respond to an ever-changing threat landscape
Main responsibilities

You will:

• Line manage the CIDR team, monitoring, triaging, and investigating security alerts on protective monitoring platforms to identify security incidents
• Review existing and new data sources being ingested into the protective monitoring platform and propose and implement use cases for detection and analysis
• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors
• Provide management information regarding various aspects of the function of the incident detection and response capability
• Ensure analyst work is up to standard by implementing and maintaining peer reviews of investigations
• Lead and develop DBT’s incident detection and response capability, including maintaining and updating existing policies
• Manage post-incident reviews, including root cause analysis, to feedback information and so improve monitoring
• Provide an escalation point for analysts, making decisions regarding resolution of incidents, including escalation, where appropriate to the SOC manager or above

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for. This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn. Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location detail