Security Operations Centre (SOC) Lead Analyst

National Crime Agency., Birmingham

Security Operations Centre (SOC) Lead Analyst

Salary not available. View on company website.

National Crime Agency., Birmingham

  • Full time
  • Permanent
  • Onsite working

Posted 4 days ago, 12 Nov | Get your application in now to be included in the first week's applications.

Closing date: Closing date not specified

job Ref: 7fbc49a1582b4e5d8d7a02476d213493

Full Job Description

Birmingham - Successful applicants currently employed by NCA for this post may request to remain in their current contractual location. This should be discussed and agreed prior to proceeding with pre-employment checks. Please note this is dependant on business needs, please commence discussions with the hiring manager at the earliest opportunity. About the job Job summary The NCA has grown in size and complexity in recent years and it is vital that it maintains a security posture and capabilities to protect against existing, new and emerging threats. The Integrated Protective Security Command (IPS) is responsible for securing the Agency to protect the public. The IPS mission statement is: "Delivering integrated protective security to build a resilient, high-trust Agency able to lead the UKs fight to cut serious and organised crime." IPS safeguards the NCA from the full range of security threats that target the Agency, our officers and our assets, to enable the organisation to achieve its operational objectives, both domestically and overseas, with flexibility, agility and integrity. Its officers provide specialist security services to the Agency 24 hours a day, 7 days a week, 365 days a year, to mitigate security risks., We are currently looking to recruit Lead Security Operations Centre (SOC) Analysts within our integrated protective security command. The successful candidate will work from the Agencys Birmingham office on a 24/7 shift pattern. The Cyber Security Team leads the strategic response to cyber risks, cyber security function, oversees audit, building internal and external alliances with diverse stakeholders to deliver the NCAs strategic objectives. What will the successful Candidate be doing? If successful, you will work within the newly created Tier 2, Cyber Security Operations Centre, supporting the SOC Manager to run all SOC services. Joining at this time offers the rare opportunity to help shape what the final SOC capability will look like. You will be the Lead Analyst on shift, responsible for ensuring that activities related to the monitoring of the Agencys cyber domain take place. Your team of analysts will be the Agencys eyes and ears before, during and after a cyber incident. The Lead Analyst reports directly to the SOC Manager and is untimely accountable to the Head of Cyber Security.

  • To be considered, you will need to successfully complete SC Enhanced clearance before commencing the role and achieve DV clearance within the first 12 months in post.
  • Person specification Key Responsibilities (responsibilities will include, but not be limited to):
  • The day-to-day management of personnel and tasking within the cyber domain of the Security Operations Centre.
  • Monitoring for events across multiple security technologies, including intruder detection systems (IDS), Intruder prevention systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
  • Liaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to senior management.
  • Content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agencys vulnerabilities.
  • Leading engineering tasks in support of the continuous availability of SOC services.
  • Ensure that SOC scheduled tasks, reported events and incidents are appropriately progressed.
  • Assisting as required with Security, Risk, Compliance and Service reporting.
  • Please note; the team operates a 24/7 shift pattern currently consisting of 8 hour shifts across earlies, lates and nights . Qualifications The following qualifications/skills are essential to the role, and proof will be required at interview: Recognised higher education in an IT related area with preference for those held in Cyber security relevant for this role And /or Certifications from a recognized body in Digital Security e.g. GIAC, ISC2, ISACA, BCS, CompTIA Please ensure the dates of any accreditations you are relying on, are entered on to the CV. Should you progress to the assessment stage of the process, you will be required to provide a copy of the original certificate. Failure to provide evidence at interview may result in your application not progressing to the next stage. Behaviours We'll assess you against these behaviours during the selection process:
  • Making Effective Decisions
  • Communicating and Influencing
  • Technical skills We'll assess you against these technical skills during the selection process, Sift Process You will be asked to complete a CV as part of the application process. Your CV should set out your career history including training and qualifications, with key responsibilities and achievements. Please ensure that each entry of your career history also has a few sentences outlining a description and the key elements of that role, and that you provide reasons for any gaps within the last two years. Please ensure the dates of any accreditations you are relying on are entered onto the CV.
  • CV Your CV will be used to assess the following criteria:
  • Recognised higher education in an IT related area with preference for those held in Cyber security relevant for this role; And/or Certifications from a recognized body in Digital Security e.g. GIAC, ISC2, ISACA, BCS, CompTIA.
  • 4x Technical / Experience skills via a 250 word Statement of Suitability per criteria as listed in the advert above.
  • For further application guidance please visit https://www.nationalcrimeagency.gov.uk/careers/applying-and-onboarding Once submitted your application will be acknowledged by the Government Recruitment Service. Please note depending on the volume of applications a Longlist at sift may be conducted on following criteria:
  • Experience as a Senior Security Analyst leading a team using SIEM capabilities, vulnerability scanning.
  • Candidates must pass this criteria for their application to be progressed. A panel will then assess your application to select those demonstrating the best fit for the role by considering the evidence you have provided against the criteria set out in the Entry Criteria section. Failure to address any or all of these may affect your application. Sift results are expected to be released w/c Monday 16th December 2024. Interview Details You will then be asked to attend an interview in order to have a more in-depth discussion of your previous experience and professional competence. There will be one round of interviews - Candidates will be assessed against the Behaviour and Technical criteria, as outlined in the Person Specification. Interviews will take place throughout December 2024 - locations to be confirmed. Please be advised that the type of interview (eg. virtual/face-to-face) may be subject to change and successful candidates will be notified of this prior to attending. However the interview is conducted, the interview criteria will remain as detailed within this advert. The above sift and interview dates are an indicative timeline. Should you be successful at sift but cannot attend on the interview date(s) listed the recruitment team cannot guarantee an alternative date. Please contact the recruitment team. Full details of the assessment process will be made available to shortlisted candidates. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Any instances of plagiarism including copying of examples/answers from internet sources will result in a withdrawal of your application. Further action, including disciplinary action, may be considered in such cases involving internal candidates. Providing false or misleading information would be contrary to the core values of honesty and integrity expected of all Civil Servants. Interview Outcome Candidates will be alerted of the outcome of their interview via their CS Jobs Portal. We will be retaining a candidate pool of successful applicants to draw from as vacancies arise for up to 12 months. If your application is successful and we are unable to offer you a post immediately, you will be invited to join our reserve list. If over the next 12 months we are able to offer you a position, we will contact you as soon as possible. Once we make you an offer you will then go through our vetting and pre-employment checks processes. All Appointments will be made in location merit order. Internal Applicants Successful applicants currently employed by NCA for this post may request to remain in their current contractual location. This should be discussed and agreed prior to proceeding with pre-employment checks. Please note this is dependant on business needs, please commence discussions with the hiring manager at the earliest opportunity. Multi-Location Where more than one location is advertised, candidates will be appointed in merit order for each location. You will be asked to state your location preference on your application. Please be aware that you can be posted to any location that you put in your preferences. If you would only like to be posted to one location, please confirm one location only. If you are posted to a location that you have requested and you do not accept that location, you may not be offered another role. Please note, only advertised location can be offered. Notes populated in a free text box will not be taken into consideration. Near Miss If you are not found appointable at the advertised grade you may be offered the lower grade role if you are considered to meet the skills, experience and behaviours for the lower level. The benchmark for appointing to the lower grade is set at the start of each campaign. All offers will be made in merit. If you are found appointable at the higher grade but there are no positions available you may be offered an appointment at the lower grade. Hybrid Working This role is unsuitable for hybrid working. Reasonable Adjustment We are committed to ensuring our recruitment process is inclusive and accessible to all. As part of our application process you will be prompted to provide details of any reasonable adjustment to our recruitment process that you may need. If you have a disability or long-term condition (a physical or mental impairment that has a substantial and long term effect on your ability to carry out normal day-to-day activities), we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via ncarecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the Assistance required section in the Additional requirements page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if youre deaf, a Language Service Professional. Inclusion and Accessibility We are proud to be an inclusive, equal opportunities employer. As a Disability Confident Leader we are committed to ensuring that all candidates are treated fairly throughout the recruitment process. For details of the available group please visit https://www.nationalcrimeagency.gov.uk/careers/benefits-and-support In order to monitor the effectiveness of the National Crime Agencys Diversity & Inclusion strategy, the NCA require certain personal details about you on submission of your application. Please note that this will be treated in confidence and will not impact your application. You will be asked to complete an E-consent survey asking for permission to share this data with the NCA to be used for statistical/monitoring purposes only, refusal of consent to share the information will not impact your application. If you are experiencing accessibility problems with any attachments on this advert, please contact ncarecruitment.grs@cabinetoffice.gov.uk Additional Information
  • The NCA is a 24/7 organisation, and working patterns must support business requirements. Some roles may require you to respond at short notice or outside of core hours.
  • Individuals will be required to undertake and pass a substance misuse test as part of pre-employment checks.
  • Successful candidates may be required to undertake a medical. If required, the medical will take place in either London or Warrington. Unfortunately, travel costs will not be reimbursed.
  • If you are an internal candidate who has passed interview but is undergoing an internal investigation or have a written warning in place preventing a post move you may not be able to be posted until this investigation is concluded or restriction lifted. You will remain on the reserve list for a max of 12 months
  • VETTING REQUIREMENTS SC All security clearances require you to provide evidence of your UK footprint where you have been physically present in the UK. The requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet the residency requirements will result in your security clearance application being rejected. If you require SC clearance you will need to provide evidence of the below requirements. Checks will be made against:
  • Departmental or company records (personnel files, staff reports, sick leave reports and security records)
  • UK criminal records covering both spent and unspent criminal records
  • Your credit and financial history with a credit reference agency
  • Security Services records
  • VETTING REQUIREMENTS - DV All security clearances require you to provide evidence of your UK footprint where you have been physically present in the UK. The requirement for DV is to have been present in the UK for at least 7 of the last 10 years. Failure to meet the residency requirements will result in your security clearance application being rejected. If you require DV clearance you will need to provide evidence of the below requirements. Checks will be made against:
  • successful completion of the BPSS
  • UK criminal record and identity checks
  • credit reference checks
  • relevant personnel and medical checks (if required)
  • For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting We encourage all candidates to visit the NCA careers page for further information please visit https://www.nationalcrimeagency.gov.uk/careers If you have any specific queries about the role that are not covered above please contact: ncarecruitment.grs@cabinetoffice.gov.uk Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Medical Successful candidates will be expected to have a medical. Nationality requirements This job is broadly open to the following groups:
  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

    Experience as a Senior Security Analyst leading a team using SIEM capabilities, vulnerability scanning.
  • Experience of overseeing the SOC incident response.
  • Experience of managing threats, Impact analysis and report writing.
  • Experience of supporting/developing a team to effectively meet the SOC objectives/capability.

    Alongside your salary of 53,232, National Crime Agency contributes 15,421 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • All officers in the NCA are members of the UK Civil Service. You will be eligible for:
  • Civil Service pension scheme
  • 26 days annual leave rising to 31 on completion of 5 years continuous service
  • If qualifying criteria is met new joiners to the NCA from UK Police Forces or UKIC will have service with those employers taken into account for continuous service purposes for Annual Leave entitlement only, this will be up to a maximum of 31 days leave (including 1 privilege day).
  • Training and development opportunities
  • Special leave
  • Flexible working and family friendly policies
  • Cycle to work scheme
  • Blue Light scheme
  • For further details on benefits please visit https://www.nationalcrimeagency.gov.uk/careers/benefits-and-support Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Relevant jobs