SOC Analyst

Closing Date:

Group:

Management Level:

Job Type:

Job Description:

Please note that this role will close at 00:01 on Tuesday 19 May, and therefore we advise getting your application in by no later than midnight on Monday 18 May.

About the team you’ll be part of

This role sits within the IT Service Management team, under which the Security Operations Centre (SOC) operates, and requires close collaboration with the Cybersecurity and Infrastructure teams across Ofcom’s IT department. The team ensures that the technology and security measures are in place to support Ofcom’s mission of making communications work for everyone. The position is vital for ensuring that Ofcom is protected from cyber threats, and in the event of a breach, they take necessary actions to mitigate the effects of a breach and assist with the recovery of service.  As the first line of defence, the SOC monitors and remediates any cyber events.

The purpose and scope of the role

You will work within a small team of colleagues and, through a combination of external training and learning at Ofcom, gain an advanced understanding of how to leverage our Cyber oversight platforms and cloud capabilities, working to protect the organisation from Cyber threats.  As a SOC Analyst, you will leverage your extensive experience to lead and enhance the automation, threat detection, threat intelligence and response capabilities of our Security Operations Centre. You will be responsible for designing, implementing, and continuously improving advanced SOC workflows, deploying Copilot security Agents, and ensuring Ofcom remains at the forefront of cyber defence.

The primary purpose of the role is to monitor, detect and respond to security threats and incidents within Ofcom.

You will monitor Ofcom’s networks, systems, platforms and applications for any suspicious activity or potential security breaches. Identifying, assessing, and mitigating security threats in real-time.

You will work closely with other key partners and stakeholders to implement and update security procedures, solutions, and best practices, enhancing the security posture. This involves staying up to date with the latest security threats and vulnerabilities and proactively addressing potential risks.

Your key responsibilities

• You'll work heavily in Cyber technologies such as penetration testing, encryption, intrusion detection & incident response, vulnerability mitigation.

• You will apply in-depth experience of how clients and networks operate, and how the hardware and software of a modern enterprise connect to various services.

• You’ll provide support on a practical grounding in enterprise-scale data networking techniques

• You’ll work mainly on the cloud, specifically Microsoft Azure

• Design, deliver, and manage complex logic workflows to automate SOC activities, significantly reducing manual workload and improving incident response times across the team.

• Maintain geo-exception automated processes and quarantine release requests, thereby accelerating and streamlining resource-intensive tasks.

• Collaborate closely with the Cybersecurity team to deploy and manage Copilot Security Agents to reduce false positive alerts and mitigate vulnerabilities in real-time by utilising AI capabilities.

• Develop and manage custom analytic rules in Microsoft Sentinel for advanced threat scenarios (e.g., LDAP reconnaissance, malicious password retrieval), proactively identifying and mitigating sophisticated threats.

• Develop and manage custom analytic rules in Microsoft Sentinel for advanced threat scenarios (e.g., LDAP reconnaissance, malicious password retrieval), proactively identifying and mitigating sophisticated threats.

• Collaborate closely with Cybersecurity teams to fine-tune alerts, reduce false positives, and minimise alert fatigue, ensuring the SOC operates efficiently and effectively.

• Work closely with the Azure Architecture team to minimise supply‑chain security by supporting the review and approval of software tools and dependencies for Azure platforms, ensuring controlled distribution via the software supply‑chain management platform.

• Introduce and maintain quality-of-life improvements in Sentinel, enabling faster, more effective incident response and empowering the entire SOC team.

• Act as a technical lead within the SOC, mentoring junior analysts and sharing best practices to elevate team capability.

Key technologies 

The following technologies serve as a guide rather than strict requirements, as it is unlikely that anyone will possess all these skills. We are interested in hearing from individuals who have some of these skills and, more importantly, those who have the potential to become proficient in the following areas:

Azure Cloud, Microsoft Defender, Sentinel, Azure ML, PowerShell, Power BI, Python, Entra ID, Forensics, Network Security, Threat Intelligence, Vulnerability Management.

Desirable skill: 

• Intermediate to advanced skills of Cloud-based applications through training, e.g.  Microsoft Certified: Azure Fundamentals, Cybersecurity Fundamentals, Certified Ethical Hacker (CEH), Networking fundamentals, or AWS Certified Cloud Practitioner 

• Proven experience delivering and managing SOC automation and advanced detection logic in enterprise environments.

• Deep technical expertise with Microsoft Sentinel, Defender, and related Azure security technologies.

• Strong scripting and automation skills (e.g., Python, KQL, PowerShell).

• Demonstrated ability to collaborate with cross-functional teams to drive continuous improvement.

• Experience with threat intelligence, vulnerability management, software supply‑chain management and insider threat detection.

• Ability to communicate complex technical concepts to both technical and non-technical stakeholders.

• Digital Forensics skills

The skills, knowledge and experience you will need for success

• Articulating Ideas: Ability to present technical and security concepts in layman’s terms and impart knowledge to key stakeholders and support functions. 

• Owning Accountabilities: Working unsupervised, self-motivated, demonstrating flexibility and adaptability 

• Pursuing Growth: Show your commitment to growing and learning to add to your skillset.

Inclusivity Statement

Ofcom has a clear mission: to make communications work for everyone.  To be able to deliver on this, we want our organisation to reflect the diversity of background, experience, upbringing and thought that exists across the UK.  We aim to recruit from the widest pool of candidates possible – no matter your social background, age, ethnicity, sexual orientation, gender, or disability. We also warmly welcome applicants who are returning to the workforce after a break – for whatever reason. If you have taken time away and are ready to rejoin, we look forward to reviewing your application.

Where positions are listed as full-time, we remain open to reduced hours, part-time arrangements, job shares, and other flexible working options. From day one, we champion flexible work arrangements to accommodate individual needs. You can read more about our Rewards, Benefits and Well-being on our careers page.

Our recruitment processes prioritise accessibility and inclusivity. If you need adjustments, information in an alternative format, or prefer to apply in a different way, please contact us at [email protected] or call 0330 912 1378.

As a Disability Confident Leader, we offer interviews to disabled applicants who meet essential criteria for advertised roles. Learn more about this scheme here.  https://careers.ofcom.org.uk/careers/how-we-hire/