SOC Analyst

Andover, United Kingdom | Posted on 16/04/2025

Duration: Initial 6 month contract with possible extension Location: Hybrid - Andover (onsite 2 days per fortnight)

Rate: Day rate inside IR35, PAYE via a payroll company

Role/Duties/Responsibilities

As a principal analyst, there is an expectation of operating in line with SFIA5 - to be proactive and develop their own work; Check/inform the SOC manager in terms of priority/progress and raise risk/dependency as needed.

• SOC Support, Development and Maturation (SFIA Level 5) deliverables include but are not limited to:
• Act as a focal point for Security Incident escalation. A focal point for advice, guidance, support and, if necessary, action on Security Incidents raised and typical associated SOC Level 2 duties.
• Support 1st line analyst triage and escalation.
• Build/Develop Use Cases – Develop use case and facilitation, threat modelling and translation of operational requirements into SOC SIEM tool. Focus on insider threat and Data Loss Prevention use case to demonstrate the process used by SOC analysts.
• Cyber Security Incident Management Plan (SIMP) – Develop the Cyber Incident Response Plan in line with NIST and SANS guidance and incorporating the wider teams. Create supporting documentation and guidance for SOC and wider organization to follow OOH with clear lines to resolver group support.
• SOC Roadmap development – Assist in developing SOC in line with recommendations from the Security Architect, industry Best Practices and ongoing SOC Security Operations Maturity Assessment (SOMA).
• IaaS, PaaS and SaaS On-boarding – Work with wider development teams and develop process for log on-boarding and develop costing model for SOC.
• Official ‘O’ and Software Design Life Cycle ‘SDLC’ scope out – Review of network diagrams of both environments and prioritize log on-boarding into the SOC SIEM tool.
• Breakdown of workable project sizes and raise CRQs with dependent teams for onboarding.
• Develop SOC BCDR – Review existing documentation for the SOC BCDR and develop process/plan that feeds into the wider process.
• Cyber Incident Investigation/Escalation – Reviewing vulnerability event channels and identifying issues for escalation to different teams.
• Training and development – Mentor existing SOC team and develop playbooks and training and development content to enable quick upskilling of new starters to the SOC.
• Any additional other support or development tasks required by SOC Manager or Senior Leadership Team (SLT) within the scope of the SOC.
• Overall, the Authority’s requirement is for outcomes likely to be delivered by poly-skilled resource and the following details the skills and experience which are mandatory to ensure the Supplier can meet the Authority’s current and potential future requirements for this requirement:
• Strong knowledge of Cyber Security, with a focus on operational security, such as security monitoring and alerting, vulnerability management and incident response. Producing supporting security documentation in coordination with stakeholders.
• A good all-round knowledge of IT systems and Networking.
• Experienced in both updating and creating operational security processes and procedures.
• Comprehensive experience of working in Cyber Security Operations Centres (CSOC), with additional knowledge and experience to support junior colleagues within the AHE SOC.
• Effective communication skills being able to deliver technical conversations and presentations to a range of different stakeholders.
• Network and application security and architecture, incident response, forensic investigation, and business continuity management.
• Knowledge of various Cyber Security Frameworks, Data Protection, and bulk data controls.
• Hands-on experience with security tooling such as SIEM and EDR solutions. Technical ability to operate them from both an analyst and engineering perspective (Monitoring, Use Case and content creation, upgrades and troubleshooting).
• Ideally have professional certification such as GIAC GCIH, CISSP, CISM or ISO 27001.
• Experience working in a Defence environment.
• Experience of managing and/or mentoring technical personnel.
• Knowledge of on-boarding new log sources into a SOC for security monitoring, while exploring relevant Use Cases for the respective log sources.
• Resources must be free of any commercial ties or obligations to any hardware or software vendors.

Due to the requirement of SC Clearance on this role, you will need to be a UK National and have been in the UK for at least 5 years.