OT SOC Analyst (Operational Technology)
Outside IR35
Duration: 6 – 9 months
Location: Crawley, Hybrid 2 days per week on site
Overview of project:
The role of an Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst is to respond to high-severity cyber security incidents and/or escalated events and alerts then, using experience combined with industry tools and techniques, expediate a containment, eradication and recovery strategy to minimise business impact and ensure UK Power Networks (UKPN) network systems and customer data are protected from cyber threats.
Overview of role and responsibilities:
Threat Hunting: Analyse intel and IOCs to find and remove hidden threats across UKPN's OT/IT environments.
Policy: Create SOC policies, standards and procedures aligned with best practice.
Logs: Ensure all logs feed into the SIEM and build use cases to detect anomalous activity.
Incident Response: Lead high-severity incidents, improve playbooks and manage remediation, communication and reporting.
SOAR: Develop automated workflows to streamline detection, enrichment and response.
Forensics: Perform forensic analysis across multiple data sources and recommend containment and eradication actions.
Crisis Testing: Take part in cyber-attack simulations to strengthen resilience.
Reporting: Improve reporting dashboards and key security metrics.
Tooling: Support and maintain security tools and platforms for threat prevention, detection and response.
Audit: Support SOC2/NCSC CAF/ISO27001 audits and ensure compliance.
Continuous Improvement: Automate and enhance monitoring, detection and response based on evolving threats.
Skills, experience and previous achievements required:
Essential
Extensive End to End Cyber Incident Leadership Experience
Extensive SOC L3 / CSIRT L3 Experience
Extensive CNI / Defence / Business Critical Environment Experience
Desirable
Threat Hunting Experience
Threat Hunting Strategy Mindset
Runbook & Playbook Authoring
Lessons Learned / Root Cause Analysis Leader
Experience working with and enhancing security monitoring tooling
Extensive IT/OT Systems Experience
Extensive CNI & OT Environment Awareness
Experience aligning with organisational requirements and contributing to audit readiness
Tickets/Qualifications/Accreditations required to carry out the role:
Desirable - Cyber and OT Certification
Previous companies of interest:
MOD or similar