81291 - SECURITY OPERATIONS CENTRE (SOC) LEVEL 3 ANALYST

This SOC (Security Operations Centre) Level 3 Analyst will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in either our Crawley or Ipswich office. You will be a permanent employee.
You will attract a salary of up to £75,000 (depending on skills, qualifications and experience) and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 01/09/2025.

We also provide the following additional benefits

• 25 Days Annual Leave plus bank holidays.
• Reservist Leave – Additional 18 days full pay and 22 unpaid
• Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
• Tenancy Loan Deposit Scheme, Season Ticket Loan
• Tax efficient benefits: Cycle to Work, Home & Tech, and Green Car Leasing Schemes
• Occupational Health support
• Switched On – scheme providing discount on hundreds of retailers’ products
• Discounted gym membership
• Employee Assistance Programme

QUALIFICATIONS:

• Considerable experience (commensurate to that of a subject matter expert) in a SOC Level 2 or 3 role with evidence of advanced threat hunting and incident response.
• Must have specific SOC training or qualification or academic equivalent such as bachelor’s degree in the field of Computer Science, Cybersecurity and IT, or related subject.
• Ideally hold an industry recognised information security qualification such as CISSP, AZ-500, including knowledge of industry best-practice GIAC/GCIA/GCIH, or CompTIA Advanced Security Practitioner (CASP+), Certified Ethical Hacker (CEH) and/or SIEM-specific training and certification.
• Experience or knowledge in log correlation and analysis, including chain of custody and forensics investigations and requirements.
• Knowledge of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and SO/IEC 27001/27002, GDPR, CIS, NIST.
• Working knowledge of security technologies including but not limited to SIEM, SOAR, EDR, /AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics, TCP/IP Protocols, network analysis, and network/security applications.
• Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (e.g. Mitre ATT&CK).
• Detailed knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention tools preferably including FortiSIEM, Q-Radar, McAfee Web Gateway, McAfee ePolicy Orchestrator, Darktrace and Microsoft Defender. Microsoft Sentinel experience an advantage.
• Practical experience of developing incident response playbooks/processes, Security Orchestration, Automation and Response (SOAR), red-team exercises and tabletop crisis war games.
• Experience with security architecture and experience in investigating complex security breaches and network intrusions (e.g. state-sponsored groups or targeted ransomware attacks).
  Should you not have the full range of essential skills, qualifications and competencies listed above, there may be an opportunity for further training to equip you. If you do not possess all relevant competencies for the core grade, it will be appropriate to appoint at a lower grade until they have developed the required competencies.

JOB PURPOSE:

The role of a Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated events and alerts then, using experience combined with industry tools and techniques, expediate a containment, eradication and recovery strategy to minimise business impact and ensure UK Power Networks’ (UKPN) network systems and customer data are protected from cyber threats.

PRINCIPLE RESPONSIBILITIES:

• Advanced Threat Hunting: analyse and assess multiple/complex threat intelligence sources and indicators of compromise (IOC) to identify emerging threat patterns, vulnerabilities and anomalies and, using this intelligence information and the available tooling, search the UKPN environment to find and remove ‘hidden’ threats, which may have initially evaded our detective controls defences.
• Policy Development: develop and create SOC policies, technical standards and procedure documentation in consideration of current industry best practice.
• Log Management: work with our MSSP and service owners to ensure onboarding of all log sources into the SIEM solution, create alert use cases to correlate suspicious activities across assets (endpoints, network, applications) and environments (on-premises, cloud) to identify patterns of anomalous activity.
• Incident Response: improve security incident response playbooks and processes, lead the response to escalated security alerts and events and/or high-severity security incidents, provide senior level response activities such as incident tracking, communication with partners, overseeing remediation and recovery actions, reporting and applying root cause analysis and lessons.
• Security Orchestration, Automation, and Response (SOAR): support and develop UKPN’s SOAR platform, produce new workflows for automation using SOAR tools, automating our response to common attack types and enhancing operational playbooks to allow efficient correlation and enrichment of security events.
• Digital Forensics: report on serious cyber security incidents. Using experience combined with industry tools and techniques, perform forensic analysis against information gathered from multiple data sources (endpoint event logs, SIEM data, dashboards, enterprise applications, network traffic patterns) and present consistent and reasoned action and response activities to ensure threats are contained and eradicated from UKPN’s network systems.
• Cyber Crisis Scenario Testing: participate in regular cyber-attack simulation exercises to test the organisation’s resilience to cyber threats and improve its cyber defences and attack preparedness.
• Reporting: promote the continuous improvement of the security operations’ reporting capability, including the creation and support of a reporting dashboard and the development of important security and performance metrics.
• Security Systems and Tools Support: support the technical implementation, maintenance and configuration of the suite of security tools, products and systems to ensure prevention, detection and response to cyber threats.
• Audit: Participate in security audits (SOC Type II and ISO 27001) and work with internal and external partners to ensure compliance with relevant regulations and standards.
• Continuous Improvement: develop creative solutions to automate security event monitoring, detection and response, review security event/alert use cases and log correlation to propose enhancements following the changing threat landscape.

HEALTH & SAFETY RESPONSIBILITIES

Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment.
Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.
If in doubt ask!