SOC (Security Operations Centre) Level 3 Analyst
Reference Number - 79158
This SOC (Security Operations Centre) Level 3 Analyst position will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in our Crawley or Ipswich office. You will be a permanent employee.
You will attract a salary of £65,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote
Close Date: 23/06/2024
We also provide the following additional benefits
- Annual Leave
- Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
- Tenancy Loan Deposit scheme
- Tax efficient benefits: cycle to work scheme
- Season ticket loan
- Occupational Health support
- Switched On - scheme providing discount on hundreds of retailers products.
- Discounted access to sports and social clubs
- Employee Assistance Programme.
JOB PURPOSE:
The role of a Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and escalated events and alerts then, using experience combined with industry tools and techniques, expediate a containment, eradication and recovery strategy to minimise business impact and ensure UK Power Networks' (UKPN) network systems and customer data are protected from cyber threats.
DIMENSIONS:
- People -Work collaboratively in a team of circa 14 permanent and temporary cyber security operations staff. Mentor Level 1 and Level 2 SOC Analysts, providing guidance and training.
- Suppliers - regular interaction with technical resources provided by the outsourced Cyber Security Managed Service provider and cyber security tooling vendors.
- Verbal, written and presentational skills with the ability to articulate technical cyber security concepts to technical and non-technical colleagues across different levels of seniority so that they understand the situation, and the associated risk to UK Power Networks.
- Stakeholders - Establish and maintain collaborative working relationships with internal and external technology teams and third party providers, suppliers, and partners to improve outcomes and create agreement around a course of action.
Principle Responsibilities:
- Advanced Threat Hunting: analyse and assess multiple/complex threat intelligence sources and indicators of compromise (IOC) to identify new threat patterns, vulnerabilities and anomalies and, using this intelligence information and the available tooling, search the UKPN environment to find and remove 'hidden' threats, which may have initially evaded our detective controls defences.
- Policy Development:develop and create SOC policies, technical standards and procedure documentation in consideration of current industry best practice.
- Log Management:work with our MSSP and service owners to ensure onboarding of all log sources into the SIEM solution, create alert use cases to correlate suspicious activities across assets (endpoints, network, applications) and environments (on-premises, cloud) to identify patterns of anomalous activity.
- Incident Response:improve security incident response playbooks and processes, lead the response to escalated security alerts and events and high-severity security incidents, provide senior level response activities such as incident tracking, communication with partners, overseeing remediation and recovery actions, reporting and applying root cause analysis and lessons.
- Security Orchestration, Automation, and Response (SOAR): support and develop UKPN's SOAR platform, produce new workflows for automation using SOAR tools, automating our response to common attack types and enhancing operational playbooks to allow efficient correlation and enrichment of security events.
- Digital Forensics:identify, analyse and report on serious cyber security incidents. Using experience combined with industry tools and techniques, perform forensic analysis against information gathered from multiple data sources (endpoint event logs, SIEM data, dashboards, enterprise applications, network traffic patterns), and present consistent and reasoned action and response activities to ensure threats are contained and eradicated from UKPN's network systems.
- Cyber Crisis Scenario Testing: participate in regular cyber-attack simulation exercises to test the organisation's resilience to cyber threats and improve its cyber defences and attack preparedness.
- Reporting:promote the continuous improvement of the security operations' reporting capability, including the creation and support of a reporting dashboard and the development of important security and performance metrics.
- Security Systems and Tools Support:support the technical implementation, maintenance and configuration of the suite of security tools, products and systems to help effective prevention, detection and response to cyber threats.
- Audit: Participate in security audits (SOC Type II and ISO 27001) and work with internal and external partners to ensure compliance with relevant regulations and standards.
- Continuous Improvement:develop creative solutions to automate security event monitoring, detection and response, review security event/alert use cases and log correlation to propose enhancements following the changing threat landscape.
NATURE AND SCOPE:
The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to become the best performing DNO. The team achieve this through the provision of technology solutions and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.
You will support all other team members, the rest of Information Systems team, IT Service Providers and partners across UK Power Networks to implement and improve cyber security operations capabilities.
The main measure of success for this role is upholding the IT and organisational resilience of UK Power Networks concerning cyber threats and incidents.
Qualifications:
- Considerable experience (commensurate to that of a subject matter expert) in a SOC Level 2 or 3 role with evidence of advanced threat hunting and incident response.
- Specific SOC training or qualification or academic equivalent such as bachelor's degree in the field of Computer Science, Cybersecurity and IT, or related subject.
- Hold an industry recognised information security qualification such as CISSP, AZ-500, including knowledge of industry best-practice GIAC/GCIA/GCIH, or CompTIA Advanced Security Practitioner (CASP+), Certified Ethical Hacker (CEH) and/or SIEM-specific training and certification.
- Experience or knowledge in log correlation and analysis, including chain of custody and forensics investigations and requirements.
- An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and SO/IEC 27001/27002, GDPR, CIS, NIST.
- Working knowledge of security technologies including SIEM, SOAR, EDR, /AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics, TCP/IP Protocols, network analysis, and network/security applications.
- Knowledge of adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (e.g. Mitre ATT&CK).
- Detailed knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention technologies preferably including FortiSIEM, Q-Radar, McAfee Web Gateway, McAfee ePolicy Orchestrator, Darktrace and Microsoft Defender. Microsoft Sentinel experience an advantage.
- Practical experience of developing incident response playbooks/processes, Security Orchestration, Automation and Response (SOAR), red-team exercises and tabletop crisis war games.
- Experience with security architecture and experience in investigating complex security breaches and network intrusions (e.g. state-sponsored groups or targeted ransomware attacks).
We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
