Job Description:
Security Clearance Requirement:Candidates must besole UK nationals (British citizens only)and haveresided continuously in the UK for the past 10 yearsto meet current security clearance requirements.
Location & Schedule:This role isonsite in Erskine (Scotland) and requires coverage of12-hour rotational shiftson a4 on/4 off pattern.
Role Overview
TheTier 2 Cyber Security Analystis a mid-level position within theCyber Threat Analysis Centre (CTAC). You'll advance initial work from Tier 1 Analysts and provide deeper analysis of potential threats. This role is critical for escalated investigation, triage, and incident response while supporting Tier 1 development and training.
You'll work closely with senior and junior analysts to ensure seamless SOC operations, bridging foundational and advanced threat detection and response functions.
Key Responsibilities
Incident Analysis & Response:
1. Conduct escalated triage and analysis on security events from Tier 1, determining threat severity and advising on initial response actions
2. Investigate potential security incidents through deeper analysis of correlated events, identifying patterns or anomalies indicating suspicious or malicious activity
3. Escalate critical threats to Tier 3 Analysts with detailed analysis for rapid response and adherence to SLOs
Technical Operations:
4. Apply expertise in SIEM solutions usingKusto Query Language (KQL)for log analysis, event correlation, and thorough incident documentation
5. UseOSINT(Open-Source Intelligence) to enrich contextual data and enhance detection capabilities
6. Monitor the threat landscape and document findings on evolving threat vectors, sharing insights with CTAC teams
Process Improvement:
7. Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes
8. Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to continuous SOC maturity
9. Collaborate on tuning SIEM and detection tools to reduce false positives and improve alert fidelity
Detection Development:
10. Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases
11. Submit tuning requests and test configurations when necessary
Mentorship & Training:
12. Act as a mentor to Tier 1 Analysts, offering guidance on triage and analysis techniques
13. Facilitate on-the-job training to elevate technical skills and operational efficiency
14. Assist in training sessions and knowledge-sharing activities, providing feedback on areas for growth
Required Knowledge & Skills
Technical Expertise:
15. Advanced networking concepts (IP addressing, protocols, traffic flow)
16. Advanced knowledge ofWindows and Linuxoperating environments (commands, file systems, user authentication)
17. Competence inSIEM solutions(e.g., ArcSight, Azure Sentinel) for monitoring and log analysis
18. Proficient in Kusto Query Language (KQL)for searching and filtering logs
19. Familiarity withOSINT techniquesfor threat identification
20. Exposure to XDR platforms
Communication & Collaboration:
21. Clear, efficient communication with team members and stakeholders
22. Ability to explain technical issues to non-technical individuals
23. Create concise, structured reports outlining investigation findings
Professional Attributes:
24. Effective workload management to ensure timely task completion
25. Collaborative approach, accepting guidance and learning from experienced analysts
26. Initiative in learning new technologies and techniques
27. Efficient performance under high-pressure situations
Education & Professional Experience
Desirable:
28. IT certifications:CISSP, CompTIA CySA+, GCIA, GCIH
29. CASP or ITILcertifications
30. Experience in a SOC or SOC-equivalent environment
Other Requirements
31. Willingness to undertake high-level clearance with multiple agencies
32. Full UK Driving Licence
At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.