Lead Security Operations Centre (SOC) Analyst

Dyddiad hysbysebu:	09 Mehefin 2025
Cyflog:	£59,634 i £79,133 bob blwyddyn
Gwybodaeth ychwanegol am y cyflog:	London: £63,248 to £79,133 / National: £59,634 - £75,618 - Your salary will be determined by your skills and capability as assessed at interview.
Oriau:	Llawn Amser
Dyddiad cau:	20 Mehefin 2025
Lleoliad:	Belfast
Cwmni:	Government Recruitment Service
Math o swydd:	Parhaol
Cyfeirnod swydd:	410331/1

Crynodeb

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated three times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards!

About the role

This position is part of the DBT Security Operations Centre (SOC) and reports directly to the SOC Manager. The SOC is responsible for detecting and responding to both internal and external threats to the security of DBT’s services and the data that supports them. This role plays a vital part in protecting the Department and supporting its mission to drive economic growth.   

The Lead SOC Analyst will lead the CIDR (Cyber Incident Detection and Response) team acting as a point of escalation for analysts and escalating incidents to the SOC manager and beyond as necessary. A key part of the incident response process will be the collection and implementation of lessons learned as part of a continuous improvement cycle.   

Working closely with other SOC functions, primarily Cyber Engineering, the role will ensure that appropriate logging and monitoring is in place across DBTs end user and digital estates. The creation and maintenance of new and existing analytic rules based on this logging, and feedback from incidents, is vital to maintaining DBTs detect and respond capability. 

About you

You will be an experienced SOC analyst with an excellent understanding of the threats facing an organisation in a cloud environment. Familiar with SIEM (Security Incident and Event Management) tools and a detailed understanding of logging requirements in digital services, you will be able to both create and review analytic rules to improve detection capability. You will also possess strong communication and line management skills and be able to lead the CIDR team effectively to respond to an ever-changing threat landscape

Main responsibilities

You will:

• Line manage the CIDR team, monitoring, triaging, and investigating security alerts on protective monitoring platforms to identify security incidents

• Review existing and new data sources being ingested into the protective monitoring platform and propose and implement use cases for detection and analysis

• Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors

• Provide management information regarding various aspects of the function of the incident detection and response capability

• Ensure analyst work is up to standard by implementing and maintaining peer reviews of investigations

• Lead and develop DBT’s incident detection and response capability, including maintaining and updating existing policies

• Manage post-incident reviews, including root cause analysis, to feedback information and so improve monitoring

• Provide an escalation point for analysts, making decisions regarding resolution of incidents, including escalation, where appropriate to the SOC manager or above

Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd

Gwybodaeth am Hyderus o ran Anabledd

Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.