Our aim is to provide high quality Digital services for our staff using a mix of internal and external teams to deliver evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment that is overseen by centralised security products such as a SIEM, vulnerability scanners and security validation tools. Security has never been more important in delivering services for our staff and customers. The Department is committed to meeting the objectives set out in the Government Cyber Security Strategy and is committed to undertaking an ambitious cyber security improvement programme. This is an extremely exciting time to join our team, as we build a new SOC capability to ensure we can continue to grow and mature our cyber defence capabilities. As a SOC Analyst in our IT Operations team you will be responsible for working with colleagues in DDaT, our Departmental Security and Resilience Team, other government departments and third-party suppliers as part of a small team of internal SOC analysts. You will collaborate with cross-functional teams to detect, analyse, and respond to potential security incidents, ensuring the protection of our data and information systems. Your expertise in cybersecurity, team skills and deep technical knowledge will be essential in identifying emerging threats, supporting implementation of effective security measures, and maintaining the highest standard of cybersecurity within UKEF. Should you be successful in this role, there is the opportunity to undertake an Apprenticeship in Cyber Security (subject to course availability and candidates existing qualifications). Main Activities: As a cyber security SOC analyst, you will: Help create, build, define and implement the SOC within IT Operations from the very beginning. You will be part of building the SOC and defining how it will run within IT Operations and the wider business. Conduct the daily operations of the internal SOC, including incident monitoring, analysis, and response. Monitor security events and alerts using Microsoft Sentinel and other security technologies. Implement SOC procedures, guidelines, and best practices to ensure efficient and effective incident response. Collaborate with internal and external stakeholders such as system and service owners to develop and enhance protective monitoring, protective and detective controls and work with cyber security teams within the wider family to ensure a co-ordinated approach to cyber security tooling, risk management, information sharing and policies. Support major incident response efforts and lead on incident response efforts, including containment, investigation, analysist, and reporting of security incidents. Conduct post-incident analysis and recommend improvements to enhance the departments overall security posture. Collaborate with our third-party suppliers to ensure the timely resolution of security issues and develop alerting and playbooks for services, IT engineers to ensure the proper configurations and management of security monitoring tools and technologies and with cross-functional teams to develop and improve incident response plans, playbooks, and standard operating procedures (SOPs). Prepare and present reports on SOC operations, incident response activities, and security posture to key stakeholders and provide timely and accurate incident reports, including analysis, findings, and recommendations for improvement. Analyse security incidents, conduct investigations, and determine the root cause of security breaches or anomalies and respond to security incidents, including containment, mitigation, and recovery actions, ensuring minimal impact on operations. Also, conduct real-time threat hunting, identifying, and investigating suspicious activities, and responding promptly to mitigate risks. Maintain awareness of the latest emerging security threats, vulnerabilities, and industry trends, sharing knowledge and insights with the team. Perform security log analysis, event correlation, and threat intelligence research to proactively identify potential security risks. Assist in the review of configuration of security technologies, including firewalls, antivirus, and intrusion prevention systems (IPS) Support vulnerability assessments, and security audits to identify weaknesses and recommend appropriate remediation actions as well as incident response drills and tabletop exercises to enhance the organization's preparedness and response capabilities. Support colleagues and share knowledge with engineers, architects and UKEF colleagues in good cyber security practices. Additional activities include: Providing support to the rest of the IT Operations team when required and contribute to team workload tasks and planning. Engaging with UKEFs IT managed service partners as required to deliver the above tasks. This list is not comprehensive, and the job holder may be required to carry out additional duties according to business needs. Person specification Essential Qualifications 5 GCSE passes, or equivalent (including Maths and English) at Grade 4 (C) or above. (A) Cyber Incident Response Experience (A,I) Knowledge Demonstrable knowledge of cyber security principles, frameworks, and best practices (A,I) In-depth understanding of security technologies, including some of the following - Microsoft Sentinel, Cisco Meraki, Microsoft Defender, End-point protection (A,I) Skills/Ability Ability to analyse and interpret security logs, event data, and alerts to identify potential threats (A,I) Demonstrable problem-solving and analytical skills, with the ability to investigate and resolve security incidents effectively (A,I) Experience Experience of managing security operations incidents and events (A,I) Experience as a SOC analyst in an enterprise scale organisation (A,I) Experience of security operations and incident response planning (A,I) Hands-on experience with incident response and forensics tools (e.g Cellebrite, Magnet DomainTools),, techniques, and methodologies (A,I) Familiarity with security technologies such as SIEM, IDS/IPS, firewalls, endpoint protection systems, and vulnerability scanners (A,I) Knowledge of network protocols, traffic analysis, and cyber-attack methodologies (A,I) Technology Operations Experience (A,I) Desirable Qualifications Relevant degree in Cyber Security or security qualification. Certifications such as Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), or Certified Ethical Hacker (CEH) (A) Knowledge Knowledge of automation, playbooks, and workbooks (I) Skills/Ability Ability to communicate complex subject matter content to non-technical audiences (A,I) Contribution to wider corporate understanding of cyber security (A,I) Experience Familiarity with continuous improvement of incident response processes, methodologies and tools (I) Qualifications 5 GCSE passes, or equivalent (including Maths and English) at Grade 4 (C) or above. Cyber Incident Response Experience Behaviours We'll assess you against these behaviours during the selection process: Delivering at Pace Managing a Quality Service Technical skills We'll assess you against these technical skills during the selection process: Following the sift, successful applicants will be invited to attend an initial short interview this will be based on several technical questions relevant to the role. A formal panel interview where you will be interviewed across the two behaviours below along with your technical expertise and acumen, in relation to the essential criteria. Benefits Alongside your salary of 46,085, UK Export Finance contributes 13,350 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension with an employer contribution of 28.97% Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. The application must be completed by 23.55 on the day of the closing date for it to be accepted. Use of Artificial Intelligence (AI) At UKEF we value authenticity. You should not use AI to present and/or plagiarise the ideas and experiences of others. Therefore, you must ensure that any evidence submitted as part of your application or used during an interview is both truthful and factually accurate. Applications may be rejected at any stage of the selection process if plagiarism is detected. Appendix 2 provides guidelines on what we feel is / is not acceptable use of AI. All applications will be sifted against our essential criteria outlined in the personal specification. Qualification - 5 GCSE passes (including Maths and English) at Grade 4 (C) or above AND Cyber Incident Response Experience Statement of suitability - you should fully articulate in 500 words how you meet the essential criteria outlined in the person specification within the Information Pack. For the initial sift your application will be evaluated against : Experience - Application and Statement of Suitability In the event of a large number of applications there will be a pre-sift on the following essential criteria: Experience of managing security operations incidents and events Familiarity with security technologies such as SIEM, IDS/IPS, firewalls, endpoint protection systems, and vulnerability scanners Following the sift, successful applicants will be invited to attend an initial short interview this will be based on several technical questions relevant to the role. If you are successful following the initial teams interview, you will then be invited to attend a 2nd interview; this will include the following assessment: Behaviours/Technical/Experience - a formal panel interview where you will be interviewed across the two behaviours below along with your technical expertise and acumen, in relation to the essential criteria. Behaviour - Delivering at Pace Behaviour - Managing a Quality Service Technical Technical questions relevant to the role. Details of interview panel members will be e-mailed to all successful candidates who are invited for interview. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .