SOC ANALYST, SOUTH EAST

SOC Analyst
Job Title: SOC Analyst
Location: Reading, United Kingdom (Hybrid - 1-2 days/week)
Job Type: Contract Inside IR35
Client: Wipro

Job Overview:
As an OT Senior Cyber Security Analyst, you will be responsible for maintaining SecOps (Security Operations) solutions, controls and processes across the organisation. You will be mentoring and assisting with leading the SOC team to ensure appropriate prioritisation and remediation of OT alerts and incidents.

This role requires a deep understanding of SecOps concepts, technologies and best practices across IT and OT environments, as well as the ability to collaborate effectively with cross-functional teams. The ideal candidate will possess strong communication and incident management skills and will be committed to ensuring the highest level of security, compliance, and user experience.

Responsibilities:

Investigate security alerts from our SIEM tool and 3rd party MSSPs, and provide appropriate incident response actions.
Liaise with technology and business stakeholders in relation to cyber security issues/incidents, providing clear descriptions and actions.
Support the Cyber Security Operations Lead for security and privacy incidents, triaging events and performing root cause analysis.
Act as the key contact and escalation point for the SOC and Thames Water Digital teams.
Support out-of-hours incident investigations via an On-Call rota, covering 24 7 365 alongside our 3rd party MSSP.
Monitor, analyse and optimise SecOps tool performance (e.g. SIEM, PAM), identify potential issues, and implement proactive solutions.
Develop and maintain SecOps documentation, policies, and procedures.
Collaborate with stakeholders to understand business requirements and implement proportionate security controls.
Maintain cyber security solutions within existing systems, applications, and infrastructure.
Evaluate and recommend technologies, tools, and vendors.
Perform proactive threat hunting for new and emerging threats.
Specialise in Operational Technology systems, defining monitoring alerts and ensuring effective security controls.
Collect data to support cyber security compliance metric dashboards.
Support compliance with standards and regulations (e.g. GDPR, NIS, ISO 27001).
Stay current on industry trends, emerging technologies, and best practices.

This job involves:

Key Responsibilities / Expectations

Contextualize OT specific threats

Understand the Operational Technology estate, specific OT threats and existing controls/mitigations.
Use tools like Claroty to assess network traffic and OT hardware limitations without disrupting operations.

Understand OT specific architecture frameworks

Reduce risks by applying contextual understanding of OT environments.
Build relationships with Operations and the OT team to assess operational and cyber risk.

Maintain Security Operations

Maintain security operations processes, including continuous improvement.
Familiarity with Microsoft security tools (e.g. Sentinel), and others like SOAR, EDR/XDR, IDAM.
Demonstrate reduced repetitive alerts and improved incident response efficiency through metrics.

Proactive Risk Remediation

Use a risk-based approach to evaluate and improve security controls.
Perform threat hunting and support the delivery of new controls.
Provide metrics that show tangible risk reduction and lowered technical debt.

Incident Readiness Response

Lead incident triage, management, and response.
Prepare the business for cyber incidents (e.g. ransomware) and execute structured responses.
Educate the business on incident readiness and ensure all staff can identify and report incidents.

Continuous Improvement

Continuously improve SecOps processes to increase efficiency and enable more proactive activities.
Use automation where possible.
Track improvements via operational metrics/KPIs/dashboards.

Qualifications, Experience, Technical Skills, Competencies, and Values:

Strong analytical and problem-solving abilities
Some hands-on exposure to cyber security concepts and principles
Experience with third-party delivery partners and MSSPs
Decision making and judgement
Ability to innovate technical solutions
Excellent planning and organising capabilities

Essential Experience:

Minimum 3 years of experience with technical Cyber Security controls, ideally in an enterprise setting
Minimum 3 years working in control systems of essential services (ICS, SCADA, CNI)
Exposure to SOC environments
Structured problem triage experience
Experience remediating cyber risks in dynamic digital environments

Essential Technical Skills Qualifications:

Ability to communicate complex IT/Security issues simply to non-technical stakeholders
Strong understanding of OT infrastructure, networking, and end-user computing
Experience writing KQL (Kusto Query Language) for SIEM tuning
Proficient in configuring and troubleshooting MFA, PAM, and SIEM systems, especially Microsoft Sentinel

Desirable Experience:

Familiarity with NAC, Firewalls, Proxies/VPN, IDS/IPS
Team leadership and mentoring experience

Desirable Technical Skills Qualifications:

Degree in Cyber Security, Computer Science, IT, Engineering, or related field
Microsoft SecOps certifications (e.g. SC-200, AZ-900)
Cyber security certifications (e.g. CCSP)
OT-specific certifications (e.g. Claroty Cybersecurity Analyst)

ICS, SCADA,

ICS, SCADA,