UK CTAC Analyst Tier 2

Job Description:

Security Clearance Requirement: Candidates must be sole UK nationals (British citizens only) and have resided continuously in the UK for the past 10 years to meet current security clearance requirements.

Location & Schedule: This role is onsite in Erskine (Scotland) and requires coverage of 12-hour rotational shifts on a 4 on/4 off pattern.

The Tier 2 Cyber Security Analyst is a mid-level position within the Cyber Threat Analysis Centre (CTAC). You'll advance initial work from Tier 1 Analysts and provide deeper analysis of potential threats. This role is critical for escalated investigation, triage, and incident response while supporting Tier 1 development and training.

You'll work closely with senior and junior analysts to ensure seamless SOC operations, bridging foundational and advanced threat detection and response functions.

Incident Analysis & Response:

• Conduct escalated triage and analysis on security events from Tier 1, determining threat severity and advising on initial response actions
• Investigate potential security incidents through deeper analysis of correlated events, identifying patterns or anomalies indicating suspicious or malicious activity
• Escalate critical threats to Tier 3 Analysts with detailed analysis for rapid response and adherence to SLOs

Technical Operations:

• Apply expertise in SIEM solutions using Kusto Query Language (KQL) for log analysis, event correlation, and thorough incident documentation
• Use OSINT (Open-Source Intelligence) to enrich contextual data and enhance detection capabilities
• Monitor the threat landscape and document findings on evolving threat vectors, sharing insights with CTAC teams

Process Improvement:

• Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes
• Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to continuous SOC maturity
• Collaborate on tuning SIEM and detection tools to reduce false positives and improve alert fidelity

Detection Development:

• Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases
• Submit tuning requests and test configurations when necessary

Mentorship & Training:

• Act as a mentor to Tier 1 Analysts, offering guidance on triage and analysis techniques
• Facilitate on-the-job training to elevate technical skills and operational efficiency
• Assist in training sessions and knowledge-sharing activities, providing feedback on areas for growth

Technical Expertise:

• Advanced networking concepts (IP addressing, protocols, traffic flow)
• Advanced knowledge of Windows and Linux operating environments (commands, file systems, user authentication)
• Competence in SIEM solutions (e.g., ArcSight, Azure Sentinel) for monitoring and log analysis
• Proficient in Kusto Query Language (KQL) for searching and filtering logs
• Familiarity with OSINT techniques for threat identification
• Exposure to XDR platforms

Communication & Collaboration:

• Clear, efficient communication with team members and stakeholders
• Ability to explain technical issues to non-technical individuals
• Create concise, structured reports outlining investigation findings

Professional Attributes:

• Effective workload management to ensure timely task completion
• Collaborative approach, accepting guidance and learning from experienced analysts
• Initiative in learning new technologies and techniques
• Efficient performance under high-pressure situations

Desirable:

• IT certifications: CISSP, CompTIA CySA+, GCIA, GCIH
• CASP or ITIL certifications
• Experience in a SOC or SOC-equivalent environment

• Willingness to undertake high-level clearance with multiple agencies
• Full UK Driving Licence

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.