Skip to main content

Senior Security Operations Centre Analyst

Posted: 12 Nov 2019 Closes: 1 Dec 2019
Bristol £35,540 - £43,629
Permanent & Full-time defra/20191112175627

Defra is the UK government department responsible for safeguarding our natural environment, supporting our world-leading food and farming industry, and sustaining a thriving rural economy. Our broad remit means we play a major role in people's day-to-day life, from the food we eat, and the air we breathe, to the water we drink.

Our Digital Data and Technology Services (DDTS) Function is currently undertaking a once in a generation Transformation, as the UK moves towards exiting the EU. We are currently recruiting for a Senior Security Operations Centre Analyst. This is an exciting time to join Defra as we continue to transform our technology and pursue our goal of providing world class IT services.

The Defra Security Operations Centre team welcomes applicants with experience of working in a Security Operations Centre as well as applications from other technological backgrounds who may wish to move into this field, it should be noted that they must demonstrate transferable technical skills to reach interview. As Senior Security Centre Operations Analyst you will work within Defra’s recently formed Cyber Security Operations Centre. You will be responsible for the day to day organisation of incidents assigned to the Cyber Security Operations Centre whilst also supporting and coaching other staff.

As part of an overall security improvement plan, Defra is transforming its IT security process and approach in line with our new multi-supplier IT operating model. Using a wide range of tools you will focus primarily on cloud security & application security. Your portfolio will expand as the range of services which are protectively monitored by Defra’s Cyber Security Operations Centre increases, as the Security Function matures.


The Senior SOC Analyst will have the following responsibilities:

• Oversee a small team of Security Operations Centre Analysts and apprentices who will be on a temporary rotation with the Defra Cyber Security Operations Centre.

• Administer the day to day management of tickets assigned to the Security Operations Centre and assigning to appropriate resolver groups using Defra’s Information Technology Service Management (ITSM) tool.

• Ensure daily checks are performed using Protective monitoring tooling such as our SIEM tool, Azure Security centre, Sentinel and Cloud Application Security.

• Create, enhance, and take ownership of knowledge articles for other resolver groups across the Defra estate.

• Produce, and improve upon existing, SOC work instructions (or ‘runbooks’), proactively identifying where improvements can be made, and determine when new work instructions are required.

• Collaborate with the Cyber Security Operations Centre Management Team to facilitate recovery from security breaches, actively participating in investigations and remediation of security incidents and lessons learned.

• Participate in service acceptance of protective monitoring projects as they are delivered into business as usual.

• Coach, develop, mentor, and support your team on a daily basis.

• Support development of the training and development strategy for Cyber Security Operations Centre.

• Support the Security Operations Centre manager in the event of a major cyber security incident. This could be attending bridge calls or providing analysis to support critical decisions.

• Provide metrics and graphical representations that feed into the wider Cyber Security Operations Centre suite of reporting.

• Assist with ‘deep-dive’ investigations to determine if systems or data have been breached.

• Feed into Continual Service Improvement for the Cyber Security Operations Centre, proactively seeking service and process improvements and implementing them.

• Identify, manage and mitigate risks by applying appropriate controls, which are the responsibility of the Cyber Security Operations Centre, to protect the organisation’s systems and data.

Person specification

To be successful in this role you will need:

• The capability to explain complex technical information to management and other non-technical staff using plain English in a way that is clearly understood.

• Experience of leadership in an IT technical environment. Ideally with SOC analyst experience.

• To be a self-starter who is keen to learn about new and emerging technologies and cyber threats and how those threats may apply to Defra.


Please detail the following in your CV.


• An industry recognised IT qualification.

• Relevant experience in an IT technical role.


We would also like to see evidence of your Analytical skills, particularly the ability to analyse and interpret data in order to make a decision or risk assessment. As part of your CV please include where you have demonstrated this skill.

Additional information

This role will require Security Check (SC) security clearance. As the Cyber Security Operations Centre develops the role holder may be required to undergo a higher level of security clearance i.e. DV clearance.


We'll assess you against these behaviours during the selection process:

  • Communicating and Influencing
  • Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

  • Analytical skills - ability to analyse and interpret data in order to make a decision or risk assessment.
  • Cyber Security



The benefits of working for Defra

Equality Diversity and Inclusion:

We have many strong and pro-active staff Networks that cover a broad range of requirements including
Mental Health and Disability. We also have a range of Special leave policies for hospital appointments and a
commitment to putting reasonable adjustments in place for those who need them.

The department also places significant emphasis on talent programmes which help everyone to achieve their full potential.

The Civil Service as a whole is committed to providing a work environment free from discrimination, harassment, bullying and victimization. There is a range of support in place to help and support those that may be experiencing difficulties including the Bullying and Harassment network and Mediation services.


Your pension is a valuable part of your total reward package.

Defra invests in providing a contribution to the cost of your pension (contribution rates vary between 20.0% and 24.5%, dependent upon salary)

The contributions you make are deducted from your salary before tax is taken.

Generous Annual Leave and Bank Holiday Allowance:

Defra offers 25 days annual leave (rising, over 5 years, to 30 days) for full time new entrants to the Civil Service. Employees receive 8 public holidays a year, plus an additional day in May to mark the Queen’s Birthday.

Staff Recognition:

We have a Staff Recognition Scheme, to reward exemplary work.

Learning and Development:

All new employees joining (and returning) to Defra will have an induction to the department, our work and policies. You will have access to a broad range of learning and development opportunities with world class providers.

Mentoring and Coaching:

Mentoring is an effective means of developing your career, boosting your confidence and empowering both the mentor and mentee. All our employees have the opportunity to voluntarily engage and work with a Mentor or a Coach.


Defra employees are entitled to 3 days special leave with pay, per year, for volunteering. We encourage our employees to take this up, as it can be a great way to share skills with worthy charitable causes, while developing new insights and stronger links with the civil society sector.


We fully support reservists and offer 15 days special leave with pay for training

Salary Sacrifice:

Childcare vouchers:

The government has introduced the Tax-Free Childcare (TFC) scheme. Working parents can open an online childcare account and for every £8 they pay in, the government adds £2, up to a maximum of £2000 a year for each child or £4000 for a disabled child. Parents can then use the funds to pay for registered childcare.

Bicycle Loan Schemes:

Defra offers interest-free loans towards the cost of a bike and Cycle to Work Scheme. Defra loans you a bike for your commute as a tax-free benefit. At the end of the loan period, you have the option to buy the bike, saving 30% of the original cost.

Season Ticket Loan:

We offer interest-free season ticket loans to all Defra employees with more than three months’ service, for purchasing train and bus season tickets, as well as station car parking

Sick Pay:

We offer a generous and supportive Sick Pay Policy, with Sick pay progressively increasing, by the length of service, beginning at one month’s sick pay in the first year of service.

Employee Discounts:

Defra employees have access to a range of discounts at hundreds of top retailers via our employee discount scheme.

Give as You Earn:

Defra is registered with the Give as You Earn scheme, which enables you to make regular deductions directly from your salary, in support of a chosen charity. This is simple and tax efficient.

Flexible working:

Defra is committed to providing a great place to work and is open to smarter ways of working that enable you to choose how, when and where you want to work in line with business needs. This includes the ability to work from home, work compressed hours and choose from a range of locations best suited to when and where you need to be. Our offices are equipped with a range of onsite facilities including fitness centres, staff canteens and much more. You can discuss where you will be based and the amount of travel you will need to undertake at the interview with the Vacancy Holder.

Employee Assistance Programme:

Is a free and confidential 24/7 telephone advice service available to all our staff.

Occupational Health Service:

Provides a range of support services, to optimise attendance, engagement and performance at work.

Sports and Social Association:

Promotes sports and social activities and organises our annual sports day and staff lottery.

Things you need to know


Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

Selection process details

This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical skills.

In the event of a high volume of applications an initial sift will be conducted on your statement of suitability.

As part of the application process you will be asked to complete a CV and Statement of Suitability. Further details around what this will entail are listed on the application form.

Sift is expected to commence on the week beginning 02/12/2019, with interviews on the 16th and 17th of December in Reading.

New entrants are expected to start on the minimum pay band.

Reasonable adjustment

If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

If you need a change to be made so that you can make your application, you should:

- Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs.
- Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.

If successful and transferring from another Government Department, a criminal record check maybe carried out.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstance some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading.

Any move to Defra will mean you will no longer be able to carry on claiming childcare vouchers.

Applicants who are successful at interview will be, as part of pre-employment screening subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email:

If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Click here to visit Civil Service Commission.

Feedback will only be provided if you attend an interview or assessment.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.

The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.

Department for Environment, Food, and Rural Affairs

Share Job