Job Specifications
Please note due the nature of the work and the requirement to be in a location with other team members the location is restricted to either Bristol, Reading or London.
Job Summary
The Department for Environment, Food and Rural Affairs (Defra) is the UK government department responsible for safeguarding our natural environment, supporting our world-leading food and farming industry, and sustaining a thriving rural economy. Our broad remit means we play a major role in people's day-to-day life, from the food we eat, and the air we breathe, to the water we drink.
Government security is undergoing a step change, and now is an exciting time to get involved. The security profession has an increasingly important role to play in a more digital world - the vision is to create an energetic, forward-thinking and technically proficient profession for government that leads the way in balancing security risks with the delivery of cost-effective, high-quality services. If you share our vision, and you are ready to drive innovation and push boundaries, we want to hear from you. Join us, and together we will create a great place for living, and a green and healthy future for all.
Defra’s specialist security function is expanding the ability for its staff to work more securely and conduct business overseas whilst protecting themselves and departmental information.
Find Out More About DDTS
Defra digital, data and technology blog
LinkedIn
Defra Jobs
Job Description
Defra's Security Operations Centre (SOC) is accountable for protecting DEFRA against cyber threats. Our SOC analysts monitor the network and investigate any potential security incidents.
We are seeking an individual to help build our capability. Working as part of a small team you will be accountable for providing security monitoring and incident response. Using cyber security techniques, you will be ensuring that the DEFRA’s security is maintained.
Our Analysts are accountable for the day-to-day handling of alerts in our Security Information and Event Management (SIEM), incidents assigned to the Security Operations Centre and investigating indicators of compromise provided by Threat Intelligence.
As a Security Operations Centre (SOC) Analyst you will use a wide range of tools and technical expertise, currently focusing primarily on user behaviour, cloud security & application security.
Defra is transforming its IT security processes via a security improvement plan and approach in line with our new multi-supplier IT operating model. As we develop and grow against this plan the range of services that are protectively monitored by Defra’s SOC will increases.
The SOC team is based in Reading and London. The successful applicant will be expected to travel into one of either office on regular basis working a shift pattern during the day to ensure continuous monitoring of the organisation.
We welcome applicants with experience of working in a Security Operations Centre and other technological backgrounds or graduates in a relevant subject who may wish to move into this field of work, it should be noted that you must demonstrate transferable technical skills and a keen interest in cyber security to be considered for the role.
Please note this post requires Security Check (SC) clearance. To gain (SC) clearance all applicants are required to have been a UK resident for a minimum of 5 years. If this requirement is not met, the individual will not be able to progress their application further.
Defra's Security Operations Centre (SOC) is accountable for protecting DEFRA against cyber threats. Our SOC analysts monitor the network and investigate any potential security incidents.
We are seeking an individual to help build our capability. Working as part of a small team you will be accountable for providing security monitoring and incident response. Using cyber security techniques, you will be ensuring that the DEFRA’s security is maintained.
Our Analysts are accountable for the day-to-day handling of alerts in our Security Information and Event Management (SIEM), incidents assigned to the Security Operations Centre and investigating indicators of compromise provided by Threat Intelligence.
As a Security Operations Centre (SOC) Analyst you will use a wide range of tools and technical expertise, currently focusing primarily on user behaviour, cloud security & application security.
Defra is transforming its IT security processes via a security improvement plan and approach in line with our new multi-supplier IT operating model. As we develop and grow against this plan the range of services that are protectively monitored by Defra’s SOC will increases.
The SOC team is based in Reading and London. The successful applicant will be expected to travel into one of either office on regular basis working a shift pattern during the day to ensure continuous monitoring of the organisation.
We welcome applicants with experience of working in a Security Operations Centre and other technological backgrounds or graduates in a relevant subject who may wish to move into this field of work, it should be noted that you must demonstrate transferable technical skills and a keen interest in cyber security to be considered for the role.
Please note this post requires Security Check (SC) clearance. To gain (SC) clearance all applicants are required to have been a UK resident for a minimum of 5 years. If this requirement is not met, the individual will not be able to progress their application further.
Person specification
Responsibilities
Accountable for detection, identification and triage of security incidents using the provided security tooling and IT Service Management (ITSM) tool.
Expand, tune, and enhance rulesets for our SIEM (Security Information and Event Management) tool etc to identify security incidents and reduce false positives.
Support the Senior SOC Analyst with Major Incidents and assist the wider SOC team in recovering from security breaches, participating in bridge calls and investigations of security incidents and lessons learned as appropriate.
Respond to Information Security related queries from stakeholders e.g. wider Security Team or suppliers.
Work with our cyber partners to better know our estate and how to apply current threat intelligence to make it technologically relevant to our estate.
Using current tooling run threat hunting queries regularly and investigate results. Work with other members of the SOC to improve our threat hunting capability and investigate IOCs (Indicators of Compromise) provided by Threat Intelligence or our cyber partners, including the National Cyber Security Centre (NCSC).
Communicate and engage with a wide range of stakeholders, telling the story of our work and the service we provide to the business to improve the cyber security posture of the organisation.
Skills And Experience
Experience of working in an IT technical environment or having studied a STEM subject at A-Level or eq...
About the Company
The Department for Environment, Food and Rural Affairs (Defra) is the UK government department responsible for policy and regulations on environmental, food and rural issues.
We are responsible for policy and regulations on:
- the natural environment, biodiversity, plants and animals
- sustainable development and the green economy
- food, farming and fisheries
- animal health and welfare
- environmental protection and pollution control
- rural communities and issues
Although we only work directly in England, we work close...
Know more