Lead Security Operations Centre (SOC) Analyst

Posting date:	09 June 2025
Salary:	£59,634 to £79,133 per year
Additional salary information:	London: £63,248 to £79,133 / National: £59,634 - £75,618 - Your salary will be determined by your skills and capability as assessed at interview.
Hours:	Full time
Closing date:	20 June 2025
Location:	Darlington
Company:	Government Recruitment Service
Job type:	Permanent
Job reference:	410331/4

Summary

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated three times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards!

About the role

This position is part of the DBT Security Operations Centre (SOC) and reports directly to the SOC Manager. The SOC is responsible for detecting and responding to both internal and external threats to the security of DBT’s services and the data that supports them. This role plays a vital part in protecting the Department and supporting its mission to drive economic growth.   

The Lead SOC Analyst will lead the CIDR (Cyber Incident Detection and Response) team acting as a point of escalation for analysts and escalating incidents to the SOC manager and beyond as necessary. A key part of the incident response process will be the collection and implementation of lessons learned as part of a continuous improvement cycle.   

Working closely with other SOC functions, primarily Cyber Engineering, the role will ensure that appropriate logging and monitoring is in place across DBTs end user and digital estates. The creation and maintenance of new and existing analytic rules based on this logging, and feedback from incidents, is vital to maintaining DBTs detect and respond capability. 

About you

You will be an experienced SOC analyst with an excellent understanding of the threats facing an organisation in a cloud environment. Familiar with SIEM (Security Incident and Event Management) tools and a detailed understanding of logging requirements in digital services, you will be able to both create and review analytic rules to improve detection capability. You will also possess strong communication and line management skills and be able to lead the CIDR team effectively to respond to an ever-changing threat landscape

Main responsibilities

You will:

• Line manage the CIDR team, monitoring, triaging, and investigating security alerts on protective monitoring platforms to identify security incidents

• Review existing and new data sources being ingested into the protective monitoring platform and propose and implement use cases for detection and analysis

• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors

• Provide management information regarding various aspects of the function of the incident detection and response capability

• Ensure analyst work is up to standard by implementing and maintaining peer reviews of investigations

• Lead and develop DBT’s incident detection and response capability, including maintaining and updating existing policies

• Manage post-incident reviews, including root cause analysis, to feedback information and so improve monitoring

• Provide an escalation point for analysts, making decisions regarding resolution of incidents, including escalation, where appropriate to the SOC manager or above

Proud member of the Disability Confident employer scheme

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.