Lead Security Operations Centre (SOC) Analyst

Join to apply for the Lead Security Operations Centre (SOC) Analyst role at National Crime Agency (NCA)

19 hours ago Be among the first 25 applicants

Join to apply for the Lead Security Operations Centre (SOC) Analyst role at National Crime Agency (NCA)

Information about the Command

The Integrated Protective Security Command (IPS) is responsible for securing the NCA to protect the public. IPS safeguards the NCA from the full range of security threats that target the Agency, our officers and our assets, to enable the organisation to achieve its operational objectives, both domestically and overseas.

Birmingham

Job Summary

Information about the Command

The Integrated Protective Security Command (IPS) is responsible for securing the NCA to protect the public. IPS safeguards the NCA from the full range of security threats that target the Agency, our officers and our assets, to enable the organisation to achieve its operational objectives, both domestically and overseas.

IPS officers provide specialist security services to the Agency 24 hours a day, 7 days a week, 365 days a year, to mitigate security risks. People are at the heart of the NCA and IPS play a key role in ensuring the Agency stays at the forefront of combating serious and organised crime.

IPS are responsible for the security of people, processes, technology and standards, operating across the NCA to support operational and non-operational teams, along with the Command team, to ensure the Agency remains resilient and retains public confidence in a volatile and complex threat landscape.

Information About The Business Area

The Cyber Security Team comprises of three areas: Information Assurance, Defend and Respond, and the Security Analysis and Threat Intelligence Team.

The purpose is to protect and maintain the confidentiality, integrity and availability of NCA information, whilst defending the NCA IT platforms, systems and services from existing and emerging threats.

The team also provide the managed response to cyber security incidents and ensure that cyber controls are proportionate, managed and balance risk against operational needs.

We are currently looking to recruit Lead Security Operations Centre (SOC) Analysts within our integrated protective security command.

The successful candidate will work from the Agency’s Birmingham office on a 24/7 shift pattern.

The Cyber Security Team leads the strategic response to cyber risks, cyber security function, oversees audit, building internal and external alliances with diverse stakeholders to deliver the NCA’s strategic objectives.

Job Description

If successful, you will become part of the newly established Security Operations Centre (SOC) supporting the SOC Manager to run all SOC services. Joining at this time offers the rare opportunity to help shape what the final SOC capability will look like. You will be the Lead Analyst when on duty, responsible for ensuring that activities related to the monitoring of the Agency’s cyber domain take place.

Your team of analysts will be the Agency’s eyes and ears before, during and after a cyber incident. The Lead Analyst reports directly to the SOC Manager and is ultimately accountable to the Head of Cyber Security.

Please Note: The team operates a 24/7 shift pattern currently consisting of 8 hour shifts across earlies, lates and nights. Due to the nature of this role we are unable to offer hybrid working.

• You will need to successfully complete DV Enhanced clearance before commencing the role***
  
  

Duties And Responsibilities

• Monitoring events: Monitoring for events across multiple security technologies, including Intruder Detection Systems (IDS), Intruder Prevention Systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
• Responding to security events: Receiving and acting on calls, emails, alerts, etc. relating to security events and possible security incidents. Including responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the other SOC Analyst on shift.
• Content development: Developing content and analytics. Taking threat intelligence and tuning the SOC services to best protect the NCA’s vulnerabilities.
• Leading engineering tasks: Leading engineering tasks in support of the continuous availability of SOC services.
• Supporting the resolution of incidents: Supporting the teams Analysts in the resolution of incidents where the defined procedure for an incident cannot be followed but escalation is not appropriate.
• Risk compliance, processes and procedures: Assisting as required Security, Risk, Compliance and Service reporting and assisting with the maintenance of SOC documentation, processes, and procedures.
• Categorising events: Work alongside colleagues from personnel and physical security to assess events and categorise them appropriately.
• Single Point of Contact for escalation: Be the single point of escalation for important event alerting. Assess events and bring them to the attention of the Incident Manager and Cyber Defence team when appropriate.
• Provide expert advice on IT security: Provide expertise, guidance and advice in IT Security related matters, including maintaining up to date knowledge of network, application and communications security solutions, as well as emerging technologies.
• Provide support to incident management: Provide support, guidance and expertise in relation to Incident Management. Giving direction on vulnerability identification and risk mitigation. Provide on the job training to enhance the skills of the Level 1 and Level 2 analysts.
• Managing scheduling and reporting: Ensure all SOC scheduled tasks and ensure reported events and incidents are appropriately progressed.
• Identifying threats: Liaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to the senior management.
• Reduce risk to data loss: Collaboration with other Security Teams (Cyber Defence, IA, Operational, Physical and Personnel) and adjacent commands to support the overall aim of lowing risk to data loss.
• Deputising to support delivery: Support of senior management in the delivery of an effective and efficient departmental service, deputising where appropriate.
• Building effective working relationships and collaboration: Develop and build internal and external partnerships working collaboratively to foster good relations, including working with other government departments to further the SOC capabilities.
• Managing the team: The day-to-day management of personnel and tasking within the cyber domain of the Security Operations Centre.
• Support team welfare: Take responsibility for your team and its welfare in the absence of the SOC Manager.
• Make recommendations: Make recommendations and provide policy guidance to senior management in SOC related areas.
• Supporting the team's growth of capability: Collaborate with other shift leads, to find the most appropriate training courses to grow your teams capabilities. Including, providing on the job training to enhance the skills of the L2 and L1 analysts.
• Developing the Team: Content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agency’s vulnerabilities.
• Sharing Expertise: Responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the other analysts on shift.
  
  

If successful, you will become part of the newly established Security Operations Centre (SOC) supporting the SOC Manager to run all SOC services. Joining at this time offers the rare opportunity to help shape what the final SOC capability will look like. You will be the Lead Analyst when on duty, responsible for ensuring that activities related to the monitoring of the Agency’s cyber domain take place.

Your team of analysts will be the Agency’s eyes and ears before, during and after a cyber incident. The Lead Analyst reports directly to the SOC Manager and is ultimately accountable to the Head of Cyber Security.

Please Note: The team operates a 24/7 shift pattern currently consisting of 8 hour shifts across earlies, lates and nights. Due to the nature of this role we are unable to offer hybrid working.

• You will need to successfully complete DV Enhanced clearance before commencing the role***
  
  

Duties And Responsibilities

• Monitoring events: Monitoring for events across multiple security technologies, including Intruder Detection Systems (IDS), Intruder Prevention Systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
• Responding to security events: Receiving and acting on calls, emails, alerts, etc. relating to security events and possible security incidents. Including responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the other SOC Analyst on shift.
• Content development: Developing content and analytics. Taking threat intelligence and tuning the SOC services to best protect the NCA’s vulnerabilities.
• Leading engineering tasks: Leading engineering tasks in support of the continuous availability of SOC services.
• Supporting the resolution of incidents: Supporting the teams Analysts in the resolution of incidents where the defined procedure for an incident cannot be followed but escalation is not appropriate.
• Risk compliance, processes and procedures: Assisting as required Security, Risk, Compliance and Service reporting and assisting with the maintenance of SOC documentation, processes, and procedures.
• Categorising events: Work alongside colleagues from personnel and physical security to assess events and categorise them appropriately.
• Single Point of Contact for escalation: Be the single point of escalation for important event alerting. Assess events and bring them to the attention of the Incident Manager and Cyber Defence team when appropriate.
• Provide expert advice on IT security: Provide expertise, guidance and advice in IT Security related matters, including maintaining up to date knowledge of network, application and communications security solutions, as well as emerging technologies.
• Provide support to incident management: Provide support, guidance and expertise in relation to Incident Management. Giving direction on vulnerability identification and risk mitigation. Provide on the job training to enhance the skills of the Level 1 and Level 2 analysts.
• Managing scheduling and reporting: Ensure all SOC scheduled tasks and ensure reported events and incidents are appropriately progressed.
• Identifying threats: Liaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to the senior management.
• Reduce risk to data loss: Collaboration with other Security Teams (Cyber Defence, IA, Operational, Physical and Personnel) and adjacent commands to support the overall aim of lowing risk to data loss.
• Deputising to support delivery: Support of senior management in the delivery of an effective and efficient departmental service, deputising where appropriate.
• Building effective working relationships and collaboration: Develop and build internal and external partnerships working collaboratively to foster good relations, including working with other government departments to further the SOC capabilities.
• Managing the team: The day-to-day management of personnel and tasking within the cyber domain of the Security Operations Centre.
• Support team welfare: Take responsibility for your team and its welfare in the absence of the SOC Manager.
• Make recommendations: Make recommendations and provide policy guidance to senior management in SOC related areas.
• Supporting the team's growth of capability: Collaborate with other shift leads, to find the most appropriate training courses to grow your teams capabilities. Including, providing on the job training to enhance the skills of the L2 and L1 analysts.
• Developing the Team: Content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agency’s vulnerabilities.
• Sharing Expertise: Responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the other analysts on shift.
  
  

Person specification

Skills, Knowledge And Experience

• Relationship management: Develops and maintains positive relationships with internal and/or external stakeholders in order to achieve stakeholder needs and business objectives.
• Coaching: Listens and questions others effectively, to help them visualise and consider how they can best achieve their objectives.
• Mentoring: Acts as a role model and encourages growth in others by sharing knowledge and experience.
• Manages resources: Effectively manages demand on a service or team. Planning and allocating the resource to deliver a high level of service to meet changing business needs.
• Manage team wellbeing: Actively supports and monitors the wellbeing of the team. Creating a safe space to understand and assess individual needs and any required adjustments.
• SIEM: Experience as a Senior Security Analyst leading a team using Security Information and Event Management (SIEM) capabilities, vulnerability scanning software and threat modelling.
• Responding to incidents: Experience of overseeing the SOC incident response
• Using scanning software: Experience of managing threats, Impact analysis and report writing Modelling, analysing and reporting
• Experience of supporting/developing a team to effectively meet the SOC’ objectives/capability
  
  

Essential Criteria

You must meet the essential criteria and evidence this within your application to be considered for the role.

Entry Requirements

Qualifications, Membership and Licenses

Recognised higher education in an IT related area with preference for those held in Cyber security relevant for this role

And /or

Certifications from a recognised body in Digital Security e.g. GIAC, ISC2, ISACA, BCS, CompTIA

Any applications from candidates not meeting this eligibility criteria will not progress

Alongside your salary of £53,232, National Crime Agency contributes £15,421 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• An environment with flexible working options
• A culture encouraging inclusion and diversity
• A Civil Service pension with an employer contribution of 28.97%
  
  

Selection process details

This vacancy will be assessed using Longlisting.

Longlisting of applications are conducted when we are expecting a large number of candidates to apply for the role being advertised. Longlisting will be scored against the lead criteria- Technical Skills/Experience Question 1.

If you wish to apply for this vacancy, you must submit your application by 10/06/2025, 23:55

This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical Skills.

Application Process

In your application you may be asked to provide a selection from among the following: A statement outlining your suitability for the role, answer specific questions about behaviours, experience, and technical skills, upload a copy of your CV.

You will be asked to set out your career history, including relevant training and qualifications, with key responsibilities and achievements. Please provide reasons for any gaps in employment within the last two years. Please ensure that the dates of any accreditations you are relying on are entered. For further application guidance, please visit https://www.nationalcrimeagency.gov.uk/careers/applying-and-onboarding Once submitted, receipt of your application will be acknowledged.

Sift Process

We'll assess you against these technical skills during the sift process:

• Experience as a Senior Security Analyst leading a team using SIEM capabilities, vulnerability scanning (Lead Criteria)
• Experience of managing threats, impact analysis and report writing
• Experience of overseeing the SOC incident response
• Experience of Supporting/Developing a team to effectively meet the SOC objectives/capability
  
  

Candidates must pass this criteria for their application to be progressed. A panel will then assess your application to select those demonstrating the best fit for the role by considering the evidence you have provided against the sift criteria . Failure to address any of all of these may affect your application.

Interview Details

You will then be asked to attend an interview in order to have a more in-depth discussion of your previous experience and professional competence.

There will be one round of interviews, and you will be assessed against the following criteria:

Behaviours

• Making Effective Decisions
• Communicating and Influencing
  
  

Technical Skills/Experience

• Experience as a Senior Security Analyst leading a team using SIEM capabilities, vulnerability scanning.
• Experience of managing threats, impact analysis and report writing
• Experience of overseeing the SOC incident response
• Experience of Supporting/Developing a team to effectively meet the SOC objectives/capability
  
  

Interviews will take place throughout July/August - locations to be confirmed. Please be advised that the type of interview (eg. virtual/face-to-face) may be subject to change and successful candidates will be notified of this prior to attending. However the interview is conducted, the interview criteria will remain as detailed within this advert.

The above sift and interview dates are an indicative timeline. Should you be successful at sift but cannot attend on the interview date(s) listed the recruitment team cannot guarantee an alternative date. Please contact the recruitment team.

Full details of the assessment process will be made available to shortlisted candidates. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Any instances of plagiarism including copying of examples/answers from internet sources will result in a withdrawal of your application. Further action, including disciplinary action, may be considered in such cases involving internal candidates. Providing false or misleading information would be contrary to the core values of honesty and integrity expected of all Civil Servants

Interview Outcome

In the event of a tie-break at interview, then the panel will use the lead experience criteria to determine merit order. If the leading scores are still tied, the panel will then assess desirable criteria to determine merit order. If scores are still tied following the review of desirable criteria, then the panel will revert to sift scores to determine merit order.

Candidates will be alerted of the outcome of their interview via the Agency's recruitment portal. Feedback will only be provided if you attend an interview or assessment. If your application is successful and we are unable to offer you a post immediately, you will be invited to join our reserve list. If over the next 12 months we are able to offer you a position, we will contact you as soon as possible. Once we make you an offer you will then go through our vetting and pre-employment checks processes.

Full advert details for this vacancy can be found within the advert on NCA Recruitment portal. Please follow the link to apply via advertisers site.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Medical

Successful candidates will be expected to have a medical.

Nationality requirements

This Job Is Broadly Open To The Following Groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
  
  

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job Contact :

• Name : Recruitment Team
• Email : central.recruitment@nca.gov.uk
  
  

Recruitment team

• Email : central.recruitment@nca.gov.uk

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  Law Enforcement

Referrals increase your chances of interviewing at National Crime Agency (NCA) by 2x

Coventry, England, United Kingdom 3 hours ago

Birmingham, England, United Kingdom 3 hours ago

West Midlands, England, United Kingdom 1 week ago

Warwick, England, United Kingdom 1 week ago

Coventry, England, United Kingdom 6 days ago

Birmingham, England, United Kingdom 14 hours ago

Warwick, England, United Kingdom 3 days ago

Dudley, England, United Kingdom 1 month ago

Warwick, England, United Kingdom 2 days ago

Warwick, England, United Kingdom 20 hours ago

Stafford, England, United Kingdom 5 days ago

Worcestershire, England, United Kingdom 1 month ago

Coventry, England, United Kingdom 14 hours ago

Coventry, England, United Kingdom 1 week ago

Birmingham, England, United Kingdom 2 weeks ago

Birmingham, England, United Kingdom 2 months ago

Birmingham, England, United Kingdom 6 days ago

Birmingham, England, United Kingdom 4 days ago

Birmingham, England, United Kingdom 2 months ago

Walsall, England, United Kingdom 1 month ago

Coventry, England, United Kingdom 14 hours ago

Warwick, England, United Kingdom 3 weeks ago

Warwick, England, United Kingdom 2 days ago

Birmingham, England, United Kingdom 3 weeks ago

Coventry, England, United Kingdom 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.