Army Digital Services Security Operations Centre Analyst
| Dyddiad hysbysebu: | 12 Awst 2025 |
|---|---|
| Cyflog: | £29,580 bob blwyddyn, pro rata |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 11 Medi 2025 |
| Lleoliad: | SP11 8HJ |
| Gweithio o bell: | Hybrid - gweithio o bell hyd at 2 ddiwrnod yr wythnos |
| Cwmni: | Ministry of Defence |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | 419271 |
Crynodeb
The Army Digital Services (ADS) organisation is part of the Chief Technology Office (CTO) pillar which is part of the Directorate of Information within Army Headquarters Andover. ADS is the Army's supplier of choice for the design, development and support of applications and services to provide digital enablement of the Army's processes. It therefore supports the Army’s ambitious and innovative modernisation and transformation agenda.
The ADS Security Operations Centre (SOC) provides real time protective monitoring of the Army Hosting Environment (AHE).
The role of a Security Operations Centre Analyst is to monitor, collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.
The role will provide an excellent opportunity to develop strong behaviours, as well as develop and improve system security professional skills in a challenging environment. Working as part of the Army Digital Services (ADS) Security team, you will have the opportunity to work with other security professionals across the Army and Defence to ensure the successful implementation of new technology and ways of working.
The successful candidate will Provide Protective Monitoring, Create Content for Security Signature; Threat Hunt, and be Proficient in Incident Escalation. Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate.
Your specific responsibilities will include:
Ensure that the SOC’s controls, policies, and procedures are followed and effectively adhered to
SOC Cyber Security Analyst:
Ensure Security Incident Event Management (SIEM) is carried out to agreed policy and processes
Support shift analysts with Level 1 triage of events & alerts across Security Information & Event Management (SIEM) tools and associated products
Where required; carry out additional investigation, supporting escalation of incidents to Level 2 analysts & additional resolver teams
Assist in end-to-end management of open security incidents, engaging with L2s and resolver groups to ensure accuracy and timely resolutions
Support internal processes for alert tuning and maintenance of SOC tooling
Support processes for SIEM content development in line with above
Cyber Security Professional:
Build knowledge of common security frameworks such as MITRE ATT&CK, Cyber Kill chains, NIST etc to assist SOC maturation
Maintain knowledge on emerging Tactics Threats and Procedures (TTP's) to the environment, feeding actionable information into the team
Carry out proactive threat hunting within SIEM logs using additional tools to facilitate
SOC Administration:
Carry out Daily, weekly, monthly and ad-hoc tasks as defined by SOC Manager
Contribute to the effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
Deliver AHE SOC Specific projects
Contribute to the long-term SOC strategy and planning, including initiatives geared toward operational excellence
Employ Constant Service Improvement (CSI) culture
Contribute towards ongoing development of internal and business wide processes, procedures and knowledgebase
Incident escalation management
SOC Documentation:
Ensure correct information Security standards are maintained on SharePoint and associated SOC information repositories
Support to SOC manager:
Attend meetings and represent SOC Manager
Assist with scheduled & ad-hoc SOC reporting outputs as directed by management.
Deliver SOC awareness and security information
Act as a point of contact, for SOC Communications
The ADS Security Operations Centre (SOC) provides real time protective monitoring of the Army Hosting Environment (AHE).
The role of a Security Operations Centre Analyst is to monitor, collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.
The role will provide an excellent opportunity to develop strong behaviours, as well as develop and improve system security professional skills in a challenging environment. Working as part of the Army Digital Services (ADS) Security team, you will have the opportunity to work with other security professionals across the Army and Defence to ensure the successful implementation of new technology and ways of working.
The successful candidate will Provide Protective Monitoring, Create Content for Security Signature; Threat Hunt, and be Proficient in Incident Escalation. Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate.
Your specific responsibilities will include:
Ensure that the SOC’s controls, policies, and procedures are followed and effectively adhered to
SOC Cyber Security Analyst:
Ensure Security Incident Event Management (SIEM) is carried out to agreed policy and processes
Support shift analysts with Level 1 triage of events & alerts across Security Information & Event Management (SIEM) tools and associated products
Where required; carry out additional investigation, supporting escalation of incidents to Level 2 analysts & additional resolver teams
Assist in end-to-end management of open security incidents, engaging with L2s and resolver groups to ensure accuracy and timely resolutions
Support internal processes for alert tuning and maintenance of SOC tooling
Support processes for SIEM content development in line with above
Cyber Security Professional:
Build knowledge of common security frameworks such as MITRE ATT&CK, Cyber Kill chains, NIST etc to assist SOC maturation
Maintain knowledge on emerging Tactics Threats and Procedures (TTP's) to the environment, feeding actionable information into the team
Carry out proactive threat hunting within SIEM logs using additional tools to facilitate
SOC Administration:
Carry out Daily, weekly, monthly and ad-hoc tasks as defined by SOC Manager
Contribute to the effectiveness and efficiency of the SOC, through improvements to each function as well as coordination and communication between support and business functions
Deliver AHE SOC Specific projects
Contribute to the long-term SOC strategy and planning, including initiatives geared toward operational excellence
Employ Constant Service Improvement (CSI) culture
Contribute towards ongoing development of internal and business wide processes, procedures and knowledgebase
Incident escalation management
SOC Documentation:
Ensure correct information Security standards are maintained on SharePoint and associated SOC information repositories
Support to SOC manager:
Attend meetings and represent SOC Manager
Assist with scheduled & ad-hoc SOC reporting outputs as directed by management.
Deliver SOC awareness and security information
Act as a point of contact, for SOC Communications