About the Team

You will be joining a newly set up SOC (Security Operations Centre) looking after internal and external customers such as Smart Metering. The team performs a key role in the monitoring and management of SM, Corporate and Enterprise infrastructure. It acts as the central point of contact for monitoring and reacting to any event that may affect the security of the business.

About the role

The SOC Shift Lead will be responsible for managing a team of analysts and a Senior analyst.

The team need to be able to deliver good and effective monitoring of all our live information environments.

As shift Lead it is critical that the managing of people effectively is prioritised. Your team should be strong without you, confident in executing their duties and be independent, supported to learn and be inquisitive and take training courses.

The SOC Shift Lead will be comfortable having difficult conversations, inspire his/her team members to enjoy their careers. The Shift Lead will manage with positivity and integrity and deliver the important narratives of the Head of Security Operations.

The shift lead will own difficult tasks, be responsible for report writing and escalating issues to CERT and the Head of security Operations. They will build good trouble shooting relationships with stakeholders, and own and resolve issues with ticketing and the breaching of SLA’s.

Key Responsibilities

Day to day the role will have the following Key Responsibilities:

• Management of your shift team on a day-to-day basis.
• Supporting the Analysts to monitor for events across multiple security technologies, including intruder detection systems, malware detection, file integrity systems, SIEM toolset and others as defined for this service.
• Ensure that SOC scheduled tasks, reported events and incidents are appropriately progressed.
• Work collaboratively with other stakeholders and shift leads on projects what can involve new monitoring opportunities and exciting projects around technologies and learning.
• Manage security incidents in relation to the Smart Metering infrastructure and evaluate the likely impact they will have e.g., in terms of service degradation severity, security risks and duration as well as numbers of consumers affected.
• Perform routine toolset administration and engineering where authorisations and training have been permitted.
• Contacting parties identified in incident tickets where no authorisation is visible, escalating and resolving issues that no one is progressing.
• Preparing incident closure reports.
• Reviewing the ticket quality of your team.
• Providing feedback to rule definers to improve the effectiveness of filters and rules used in the automated creation and population of incident tickets.
• Preparation and delivery of Security, Risk, Compliance and Service reporting.

Everything else:

• Oversee the maintenance of SOC documentation, identify, and make improvements.
• Support Compliance Programme activities.
• Be innovative
• Adopt a self-leadership style
• Advocate for improvements
• Be positive

What We Need from You:

Essential Skills:

• Managing a team in an operational environment.
• Extensive and recent experience of working as a SOC Senior Analyst.
• Experience with SIEM, Analytics and Incident Management toolsets, ideally HP ArcSight, Splunk and Resilient Systems’ IRP and BMC Remedy.
• Network management with detailed technical knowledge of networks and networking protocols in use (including TCP / IP, Port usage, UDP packets and payload analysis).
• Knowledge of ISO 27001, ITIL or ISO 20000, ISO 22301 and relevant CESG GPGs.
• Experience with Intrusion Detection Systems (IDS) /Intrusion Prevention Systems (IPS).
• Detailed knowledge of system administration on Windows, Linux, and Unix systems (and relevant variants).
• An understanding of cryptography and related concepts and principles (e.g., encryption algorithms, hash functions, PKI, key exchange, certification authorities, digital signatures).
• An understanding of cryptographic standards and protocols (e.g., PKCS, FIPS 140–2, IPSec, SSL/TLS).
• Experience managing relationships with third parties.