Senior SOC Analyst

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated three times in a row for 'Best Public Sector Employer' at the Women in Tech awards!

About the role

We are expanding our Cyber Incident Detection and Response team and are looking for experienced and motivated Senior SOC Analysts to help strengthen our cyber defence capabilities.

In this role, you will play a key part in protecting the department's systems and data. You will lead the triage and investigation of security alerts, manage incident response activities, and implement the development of detection and response processes. You will also act as an escalation point for complex incidents and contribute to improving our monitoring and logging coverage.

Alongside operational responsibilities, you will mentor and support other analysts, helping to build a collaborative and capable team. You will report to the Principal Analyst team and contribute to the continuous improvement of our SOC operations through defined areas of focus during non-operational time.

We are committed to your professional development, offering access to a range of training platforms, dedicated learning time, and opportunities to attend external training and industry events such as SANS.

Main responsibilities

You Will:

• Lead the triage, investigation, and resolution of security alerts and incidents in line with processes, ensuring timely and effective response.

• Act as an escalation point for complex or high-priority incidents, providing guidance and oversight throughout the incident lifecycle.

• Support the development and refinement of incident response procedures, playbooks, and documentation.

• Contribute to the continuous improvement of logging, monitoring, and alerting capabilities to enhance threat visibility.

• Collaborate with other teams to ensure security considerations (controls, logging etc.) are embedded and improved.

• Provide line management and day-to-day leadership to SOC Analysts, including setting objectives, supporting performance and development, and conducting regular check-ins. Actively mentor team members, sharing knowledge and experience to build capability, confidence, and a collaborative team culture.

• Maintain awareness of emerging threats, vulnerabilities, and trends to inform detection and response strategies.

• Use time away from live operations to develop key SOC capabilities, including incident response, threat hunting, and detection engineering, supporting long-term strategic goals.

Skills and experience

It is essential that you have:

• Substantive experience working in a professional Security Operations Centre (SOC), including direct involvement in responding to security alerts using a SIEM solution, conducting triage, and supporting incident investigations. (Lead Criteria)

• Hands-on experience managing cyber security incidents from initial triage through to resolution, including working with others to investigate root causes, apply fixes, and support recovery efforts.

• Experience analysing security data using a query language (e.g. KQL, SQL, SPL).

• Practical experience applying knowledge of cyber threats and attacker techniques to proactively improve detection and response capabilities - for example, through detection engineering or threat hunting.

• Experience working collaboratively across technical and non-technical teams to support incident response or improve security monitoring.

• Experience communicating technical cyber security information clearly and effectively to both technical and non-technical audiences, for example through incident briefings, written reports, or stakeholder engagement.

• Demonstratable experience investigating Security Events within Cloud platforms (AWS, Azure).

It is desirable that you have:

• Familiarity with KQL (Kusto Query Language) is particularly desirable.

How to apply

As part of the application process you will be asked to upload a two-page CV and complete a 750 personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.

Sift will be from week commencing Monday 25th August

Interviews will be from week commencing Monday 1st September

Please note these dates are indicative and may be subject to change.

If there is a high volume of applications, we will sift looking at the Lead Criteria you may then be progressed to full sift or straight to interview.

Artificial intelligence (AI) can be a useful tool to support your application, but all examples and statements provided must be truthful, factually accurate, and taken directly from your own experience. Where plagiarism is identified (such as presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

How we interview

At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.

Technical Skills

• Intrusion Detection and Analysis
• Threat Intelligence and Threat Analysis
• Threat Understanding
• Cyber Security Operations
• Secure Operations Management

Behaviours

• Making Effective Decisions
• Changing and Improving

How we offer

Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.

This role requires SC clearance. DBT's requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)

• UK criminal records covering both spent and unspent criminal records

• your credit and financial history with a credit reference agency

• security services record

• location details

Benefits

If you join us, you will get:

• learning and development tailored to your role

• a flexible, hybrid working environment with options like condensed hours

• a culture encouraging inclusion and diversity

• a Civil Service pension with an average employer contribution of 28.97%

• annual leave starting at 25 days rising to 30 days with service

• three paid volunteering days a year

• an employee benefits Programme including cycle to work

More about us

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.

You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.

Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!

Senior SOC Analyst

Location: London, Darlington, Cardiff, Edinburgh, Belfast, Birmingham, Salford

Find out about our benefits, application process and practical details like our office locations on the things you need to know page.