Enable job alerts via email!
OT SOC Analyst - Operational Technology
Morson Edge
England
Hybrid
GBP 60,000 - 80,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A technology solutions provider in the UK is seeking an OT SOC Analyst to lead cybersecurity incident responses. This role involves threat hunting, policy creation, and incident management, ensuring protection of network systems and data. The ideal candidate will have extensive SOC and CSIRT experience, with a strong focus on critical environments. The position offers a hybrid work model, requiring on-site presence in Crawley two days a week.
Qualifications
- Extensive experience in leading end-to-end cyber incidents.
- Strong background in SOC Level 3 and CSIRT Level 3.
- Experience in CNI / Defence / Business Critical environments.
Responsibilities
- Conduct threat hunting across OT/IT environments.
- Create SOC policies and standards.
- Lead high-severity incident responses.
- Develop automated workflows for detection and response.
- Perform forensic analysis and recommend actions.
Skills
Education
Outside IR35
Duration: 6 9 months
Location: Crawley, Hybrid 2 days per week on site
The role of an Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst is to respond to high‑severity cyber security incidents and/or escalated events and alerts then, using experience combined with industry tools and techniques, expediate a containment, eradication and recovery strategy to minimise business impact and ensure UK Power Networks (UKPN) network systems and customer data are protected from cyber threats.
- Threat Hunting: Analyse intel and IOCs to find and remove hidden threats across UKPN's OT/IT environments.
- Policy: Create SOC policies, standards and procedures aligned with best practice.
- Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity.
- Incident Response: Lead high‑severity incidents, improve playbooks and manage remediation, communication and reporting.
- SOAR: Develop automated workflows to streamline detection, enrichment and response.
- Forensics: Perform forensic analysis across multiple data sources and recommend containment and eradication actions.
- Crisis Testing: Take part in cyber‑attack simulations to strengthen resilience.
- Reporting: Improve reporting dashboards and key security metrics.
- Tooling: Support and maintain security tools and platforms for threat prevention, detection and response.
- Audit: Support SOC2/NCSC CAF/ISO27001 audits and ensure compliance.
- Continuous Improvement: Automate and enhance monitoring, detection and response based on evolving threats.
Essential
- Extensive End to End Cyber Incident Leadership Experience
- Extensive SOC L3 / CSIRT L3 Experience
- Extensive CNI / Defence / Business Critical Environment Experience
Desirable
- Threat Hunting Experience
- Threat Hunting Strategy Mindset
- Runbook & Playbook Authoring
- Lessons Learned / Root Cause Analysis Leader
- Experience working with and enhancing security monitoring tooling
- Extensive IT/OT Systems Experience
- Extensive CNI & OT Environment Awareness
- Experience aligning with organisational requirements and contributing to audit readiness
- Desirable - Cyber and OT Certification
- MOD or similar
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
