Security Operations Centre Analyst

Come and join us in the Defence sector and support enterprise scale clients. We have opportunities for L1 SOC Analysts to be part of our success and work with multiple, high‑profile clients. You should showcase your proficiency in a busy Security Operations Center with a technology‑oriented attitude and the capacity to assume control. From a technical perspective we are using Microsoft Sentinel, Splunk and MISP Threat sharing so any knowledge of these technologies would be a substantial benefit. Role based on a site in our Farnborough office and is shift work: 2 × 6 am‑6 pm, 2 × 6 pm‑6 am, 4 days off. You must be eligible for DV Clearance for this role and cannot start until your clearance is through.

• Monitor, analyse security alerts and events, conduct initial investigations, and determine the appropriate response.
• Raise complex incidents to Senior Analysts.
• Manage SOC incident queues.
• Support the maintenance of monitored asset baselines of the customer environments.
• Prepare reports for managed clients to both technical and non‑technical audiences.
• Collaborate on improving detection rules and use cases aligned with Mitre ATT&CK and threat‑informed defense.
• Participate in a team effort to guarantee that corporate data and technology platform components are shielded from known threats.
• Collaborate with team members to maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies.
• Aid the development and use of threat intelligence throughout the service.

• Ability to work shifts from our office in Farnborough.
• Experience demonstrated in a Security Operations Centre.
• Experience using Microsoft Sentinel and Splunk.
• Knowledge and experience with the Mitre ATT&CK framework.
• Basic knowledge of client‑server applications, multi‑tier web applications, relational databases, firewalls, VPNs, and enterprise Anti‑Virus products.
• Understanding of networking principles including TCP/IP, WANs, LANs and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.
• Entry‑level cyber‑security certification (e.g., CompTIA Security+, CEH, CPSA).
• CREST Practitioner Intrusion Analyst/Blue Teams Level 1 or other SOC‑related certifications.
• Completed an academic module in cyber‑security or a related subject.

• Programming and scripting such as Python, Perl, Bash, PowerShell, C++.
• Experience with SIEM technologies, namely Sentinel and Splunk, with some experience with QRadar.

Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of national security, and we operate in a unique and privileged environment.

We are given time for professional development activities and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety‑ and security‑critical markets.

We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida, the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format. If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application.

We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.