Junior SOC Analyst - 24x7 SOC
The BBC, like other organisations around the world, is targeted by cyber-attacks; we need to ensure that the BBC is a digitally secure place, our content is protected from compromise and our employees understand their responsibilities when accessing our information systems.
BBC Information Security works to maintain and promote all aspects of information security across the organisation.
Our Security Operations Centre (SOC) in Salford provides 24x7 security incident management, security monitoring and threat intelligence services to the BBC.
The role involves being part of a 24x7 Security Operation Centre (“SOC”) team, with responsibility for monitoring the BBC’s networks for security issues (using SIEM/log analysis toolsets), assisting with vulnerability scanning, threat intelligence and security incident response.
The purpose of the role is to ensure that the BBC’s information and systems are protected, in accordance with the needs of the business and according to Information Security principles of availability, integrity and confidentiality.
The SOC Junior Analyst will report to a SOC Specialist/shift leader day to day. The SOC is moving to 24x7 operation in May 2016, and from that point you will be required to work a shift pattern that covers this. This will necessitate work/travel during unsociable hours.
Monitor the BBC’s networks for malicious activity using Security Incident and Event Management (SIEM) toolsets. This will include responding to and investigating alerts, assisting with developing new security monitoring use cases, and ensuring all investigative activity is properly documented in our ticketing systems and followed up with relevant support teams.
Triage issues escalated to the information security team, and ensure that appropriate followup actions are taken by the SOC.
Development of Documentation
Assist the SOC Specialist in developing and maintaining SOC documentation and processes.
Assist the SOC Specialist in monitoring open source intelligence sources for potential threats against the BBC, and ensure appropriate defensive actions are taken with respect to these.
Assist the SOC Specialist in running vulnerability scans against BBC infrastructure, interpreting these and following up issues with relevant support teams.
Form part of the BBC’s Security Incident Response team, assisting with whatever activities are deemed necessary by the incident leader.
Provide support to projects undertaken by the BBC Information Security function.
The Ideal Candidate
- Highly motivated individual with a genuine enthusiasm for information security and technology;
- Willingness to work shifts (including unsociable hours and bank holidays where these fall into your shift pattern) as part of a 24x7 team.
- Sound understanding of information security principles and best practices;
- Good communication skills both written and verbal;
- Ability to prioritise workloads and to know when to seek guidance.
- Good infrastructure and technology experience including demonstrable understanding of security operations;
- Good knowledge of security issues inherent in common corporate environments;
- Experience working with 1st line ticketing/triage
- Experience using Security Incident and Event Management (SIEM) toolsets;
- Specific experience in Splunk / big data forensic technologies;
- Specific experience using Alienvault SIEM toolsets;
- Experience using vulnerability scanning tools;
- Experience identifying and reporting on open source threat intelligence;
- Proven technical ability in Unix/Linux/etc;
- Proven technical ability in Microsoft Windows;
- Proven technical ability in networking systems;
- Experience with VMware virtualisation;
- Experience of system forensics;
- Experience of malware analysis.
- Relevant Degree in Information Security or related IT disciplines, preferred but not essential
- Other relevant technical professional qualifications
- Excellent career progression – the BBC offers great opportunities for ambitious individuals to seek new challenges and work on many different and varied products.
- Unrivalled training and development opportunities – our in-house Academy hosts a wide range of internal and external courses and certification.
- A vibrant security community – we have a strong focus on continuous improvement and engineering excellence. We host regular talks from internal and external speakers, and provide generous opportunities to attend industry events and conferences.
- A variety of technical challenges – we work across a wide range of platforms, languages and technologies; from the latest frameworks and open standards, to the newest devices and modern cloud platforms.
- Benefits - We offer a competitive salary package, a flexible 35-hour working week for work-life balance and 26 days holiday with the option to buy an extra 5 days, a defined pension scheme and discounted dental, health care, gym and much more.
About the Company
We don’t focus simply on what we do – we also care how we do it. Our values and the way we behave are important to us. Please make sure you’ve read about our values and behaviours in the document attached below. You’ll be asked questions relating to them as part of your application for this role.
The BBC is committed to building a culturally diverse workforce and therefore strongly encourages applications from underrepresented groups. We are committed to equality of opportunity and welcome applications from individuals, regardless of their background.
The BBC is currently implementing a Career Path Framework which will result in employees being aligned to generic job titles and job descriptions. Consequently, successful applicants may be realigned to a slightly different job title shortly after joining the BBC. This re-alignment will not affect the terms and conditions of the appointment.