Senior Security Operations Centre Analyst

Posting Date: 04 September 2020

Location: Portsmouth, Hampshire, GB, PO6 3EN

Company: Babcock

Apply now

Apply for Job

Senior Security Operations Centre Analyst
Lakeside, Portsmouth, Hampshire
About the role

To work within the Babcock Security Operations Centre (SOC) as an Analyst with a responsibility to identify, notify and respond to security threats across the large and distributed IT estate To carry out forensic analysis on Babcock IT systems and work with various resolver groups to ensure the timely mitigation of security incidents.  To work on both Commercial and HMG environments to the policies set by the Information Assurance team.


Major Tasks and Activities:


• Analyse and investigate security events from various sources;
• Manage security incidents through all phases of the incident response process through to closure;
• Check system vulnerabilities and recommend remedial action to be taken by resolver groups;
• Provide system security advice to  system management, system staff and users;
• Update tickets, write incident reports and document actions for false positive reduction;
• Post incident review for ‘lessons learned’. This includes updating tools, processes and plans for incident response and increasing the effectiveness of detection systems as well working with other resolver groups to ensure similar attacks won’t succeed in the future;
• Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures;
• Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
• Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture; 
• Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies for even detection and analysis.
• Evolving the capability and value of the toolsets by defining and improving the reports, dashboards, alerts, signatures and Intelligence sources.
• Identify Intelligence source correlation opportunities to facilitate early detection of a security event or incident;
• Maintain and support the operational integrity of SOC toolsets
• Maintain an awareness of current threat trends, events and technology vulnerabilities
• Monitor the back-up and recovery of relevant system security information;
• Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner;
• Where requested initiate any security investigation into possible security breaches, which may involve HMG protectively marked information;
• Participate in knowledge sharing and undertake incident response exercises;
• Evaluate and implement intelligence regarding new threats and vulnerabilities and ensure detective controls are updated to detect new attacks;                                                                                                                                                                                                                                                                                                                        
• Ensure the proper custody of magnetic media and other system documents
• Maintain the above using the appropriate Babcock Change Management and Incident Response processes.
• Any other duties as deemed necessary to achieve department goals


Key Outputs/Deliverables:


• Timely reporting of incidents to the Security Operations Centre Manager and Information Assurance team
• Identify Security Breaches as soon as reasonably possible and take appropriate action
• Up to date records and logs maintained
• Improvements to detective controls
• System security maintained


What do I need to do the role?


Qualifications and Experience:


• Experience as a Security Analyst 
• A proven track record of delivery in a multi-disciplined environment
• Demonstrable experience of security related incidents and work requests
• Familiarity with industry leading security products
• Knowledge of SIEM toolsets
• Knowledge of Full Packet Capture toolsets
• Knowledge of Intrusion Detection Systems
• Familiar with methods for ethical security hacking/penetration testing
• Familiar with the tools and techniques used by hackers
• Experience of working within a change control and incident management environment
• Detailed internet, networking, and computer knowledge
• Understanding of systems administration
• Experienced intrusion detection and vulnerability analysis.
• Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis
• Excellent written and oral communication skills




• Experience of UK HMG information security processes and policies.
• Experience with security testing tools, development of threat assessments and security testing methodologies would be advantageous. 
• Knowledge and experience of Computer Forensics
• Be a successful mentor for junior analysts
• Competent at writing SOC processes and procedures
• Qualifications / accreditations by relevant organisations e.g. GIAC, CREST, Certified Ethical Hacker


Technical & Specialist Knowledge:


• Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills.
• Excellent understanding of networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Security incident management and control
• Understanding of the Domain Name System (DNS)
• Detailed understanding of packet structure and packet header fields
• Understanding of fragmentation
• Ability to create custom Snort rules
• Knowledge of IDS/IPS management and architecture issues
• Understanding of NIDS evasion, insertion, and checksums
• Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging
• TCP Dump fundamentals and knowledge of writing filters
• Wireshark fundamentals
• Solid understanding of HEX




• Knowledge of CESG product sets
• Good understanding of Microsoft protocols


Working knowledge of at least four of the following:
• Client server applications
• Multi-tier web applications
• Relational databases
• Firewalls
• Virtual private networks
• Cryptography including PKI, SSL/TLS and IPSEC
• Microsoft Exchange & Outlook
• Enterprise anti-virus product sets
• Forensic log monitoring


What else do I need to know?


This role is based in Lakeside, Portsmouth. A vibrant and accessible campus that has shops, restaurants, hairdressers and a nursery on site. It has parking for employees and runs a free shuttle bus from city centre trains and bus stops.


You will need MOD SC Clearance with suitable criteria and willingness for DV clearance if required, plus other security clearances as contracts demand e.g. Met Police security clearance.


You will also have ability to travel between sites, and be required to participate in a standby and callout rota to ensure 24 hour, 7 day a week service delivery to the business.


We are happy to talk about flexible working. Please ask about alternative work patterns at interview.

About Babcock International

For more than a century, Babcock, the Aerospace and Defence company, has been trusted to deliver bespoke, highly-skilled engineering services. We help customers in the UK and around the world to improve the capability, reliability and availability of their most critical assets within the four market sectors of Marine, Land, Aviation, and Nuclear, underpinned by a deep understanding of technology integration, unique infrastructure and specialist training.


We’re committed to providing a great employee experience in a supportive and engaging environment. The benefits you can expect to enjoy include a generous holiday entitlement, competitive money purchase pension scheme with life assurance and a share ownership scheme.  You’ll benefit from excellent career and learning and development opportunities to ensure that you grow and achieve your full potential.

Application Guidance

All applications should be made online.  Please use a desktop PC or laptop to create your account and apply for a job.  Once you’ve completed this you’ll be able to apply to jobs from mobile devices.

If you experience difficulties please visit our website.  Recruitment correspondence is normally by email so please check your email account and spam folder regularly.

We are committed to building an inclusive culture and strives to attract talent who thrive in an inclusive and flexible working environment. 

If you have a disability or need any reasonable adjustments during the application and selection stages please let us know and will respond in a way that best fits your specific needs.

Armed Forces Covenant

We are proud to support the Armed Forces community by honouring the Armed Forces Covenant. We recognise the value that Serving Personnel, both Regular and Reserves, Veterans, Uniformed Cadet Instructors and Service Families contribute to our business and the United Kingdom. As part of the Covenant, Babcock offers Reservists and Uniformed Cadet Instructors up to 2 week’s special paid leave to help them meet their commitments. To find out more please visit our website.

Please follow the link to find out more about how COVID-19 is impacting Recruitment and On-boarding for applicants.



Apply now

Apply for Job

Share this Job