SOC Analyst

Details
Reference number

432325

Salary

£35,367 - £41,494

London: £39,377 to £41,494 / National: £35,367 - £37,497 (including allowance). Your salary will be determined by your skills and capability as assessed at interview.

A Civil Service Pension with an employer contribution of 28.97%

GBP

Job grade

Higher Executive Officer

Contract type

Permanent

Business area

DBT - CS - Digital, Data and Technology

Type of role

Administration / Corporate Support

Architecture and Data

Digital

Information Technology

Knowledge and Information Management

Project Delivery

Security

Working pattern

Flexible working, Full-time, Part-time

Number of jobs available

2

Contents

• Location
• About the job
• Benefits
• Things you need to know
• Apply and further information

Location

Belfast, Birmingham, Cardiff, Darlington, Edinburgh, London, Salford

About the job
Job summary

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for 'Best Public Sector Employer' at the Women in Tech awards

Job description

We are expanding our Cyber Incident Detection and Response team and are looking for capable and motivated SOC Analysts to help strengthen our cyber defence capabilities.

In this role, you will play a key part in protecting the department's systems and data. You will triage and investigation security alerts, aid with incident response activities, and support the development of detection and response processes. You will be supported by the Senior Analyst team.

You will have dedicated time for non-alert responsibilities, with defined areas of focus during non-operational time. This will include proactive initiatives to enhance the department's cyber capabilities e.g. creation of Threat Hunting tooling, and alert refinement.

We are committed to your professional development, offering access to a range of training platforms, dedicated learning time, and opportunities to attend external training and industry events such as SANS.

Main responsibilities

You will:

• Be able to triage, investigate and resolve security alerts and incidents in line with processes, ensuring timely and effective response
• Contribute to the development and refinement of incident response procedures, playbooks, and documentation
• Contribute to the continuous improvement of logging, monitoring, and alerting capabilities to enhance threat visibility
• Provide support and advice to stakeholders and colleagues
• Maintain awareness of emerging threats, vulnerabilities, and trends to aid with detection and response
• Allocate time to defined areas of focus outside of operational duties, supporting the strategic development of SOC capabilities (Incident Response Procedures, Threat Hunting, Detection Engineering)
• Use time away from live operations to develop key SOC capabilities, including alert refinement, dashboard creation and wider engagement in the Cyber Team

Person specification

It is essential that you have:

• Hands-on experience working in a professional Security Operations Centre (SOC), including direct involvement in responding to security alerts using a SIEM solution, conducting triage, and supporting incident investigations (Lead Criteria)
• Operational experience managing cyber security incidents from initial triage through to resolution
• Demonstratable experience investigating Security Events within Cloud platforms (AWS, Azure)
• Demonstratable experience of contributing to proactive security efforts such as threat hunting or the creation of detection rules
• Experience analysing security data using a query language (e.g. KQL, SQL, SPL). Familiarity with KQL (Kusto Query Language) is particularly desirable
• Effective verbal and written communication skills, including the ability to collate and explain data clearly and accurately

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

• Intrusion Detection and Analysis
• Threat Understanding
• Cyber Security Operations
• Threat intelligence and threat assessment
• Forensics

Benefits

Alongside your salary of £35,367, Department for Business and Trade contributes £10,245 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role
• A flexible, hybrid working environment with options like condensed hours
• A culture encouraging inclusion and diversity
• A Civil Service pension with an average employer contribution of 28.97%
• Annual leave starting at 25 days rising to 30 days with service
• Three paid volunteering days a year
• An employee benefits programme including cycle to work

Things you need to know
Selection process details

This vacancy is using Success Profiles , and will assess your Behaviours, Experience and Technical skills.

As part of the application process you will be asked to upload a two-page CV and complete a 750-word personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.

Sift will be from week commencing 20th October 2025

Interviews will be from week commencing 27th October 2025

Please note these dates are indicative and may be subject to change.

If there is a high volume of applications, we will sift looking at the lead criteria 'Hands-on experience working in a professional Security Operations Centre (SOC), including direct involvement in responding to security alerts using a SIEM solution, conducting triage, and supporting incident investigations' only. You may then be progressed to full sift or straight to interview.

Artificial intelligence (AI) can be a useful tool to support your application, but all examples and statements provided must be truthful, factually accurate, and taken directly from your own experience. Where plagiarism is identified (such as presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

How we interview

At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.

How we offer

Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.

This role requires SC clearance. DBT's requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location details

More about us

This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.

You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.

Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .

See our vetting charter .

People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles .

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .

Apply and further information

This vacancy is part of the Great Place to Work for Veterans initiative.

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants
Job contact :

• Name : DDaT Recruitment
• Email :

Recruitment team

• Email :

Further information

Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners' Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DBT by email at If you are not satisfied with the response you receive, you can contact the Civil Service Commission, which regulates all Civil Service recruitment. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Civil Service Commission Complaints

---