UK CTAC Analyst Tier 2

Job Description:

Security Clearance Requirement:Candidates must besole UK nationals (British citizens only)and haveresided continuously in the UK for the past 10 yearsto meet current security clearance requirements.

Location & Schedule:This role isonsite in Erskine (Scotland) and requires coverage of12-hour rotational shiftson a4 on/4 off pattern.

Role Overview

TheTier 2 Cyber Security Analystis a mid-level position within theCyber Threat Analysis Centre (CTAC). You'll advance initial work from Tier 1 Analysts and provide deeper analysis of potential threats. This role is critical for escalated investigation, triage, and incident response while supporting Tier 1 development and training.

You'll work closely with senior and junior analysts to ensure seamless SOC operations, bridging foundational and advanced threat detection and response functions.

Key Responsibilities

Incident Analysis & Response:

• Conduct escalated triage and analysis on security events from Tier 1, determining threat severity and advising on initial response actions
• Investigate potential security incidents through deeper analysis of correlated events, identifying patterns or anomalies indicating suspicious or malicious activity
• Escalate critical threats to Tier 3 Analysts with detailed analysis for rapid response and adherence to SLOs

Technical Operations:

• Apply expertise in SIEM solutions usingKusto Query Language (KQL)for log analysis, event correlation, and thorough incident documentation
• UseOSINT(Open-Source Intelligence) to enrich contextual data and enhance detection capabilities
• Monitor the threat landscape and document findings on evolving threat vectors, sharing insights with CTAC teams

Process Improvement:

• Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes
• Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to continuous SOC maturity
• Collaborate on tuning SIEM and detection tools to reduce false positives and improve alert fidelity

Detection Development:

• Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases
• Submit tuning requests and test configurations when necessary

Mentorship & Training:

• Act as a mentor to Tier 1 Analysts, offering guidance on triage and analysis techniques
• Facilitate on-the-job training to elevate technical skills and operational efficiency
• Assist in training sessions and knowledge-sharing activities, providing feedback on areas for growth

Required Knowledge & Skills

Technical Expertise:

• Advanced networking concepts (IP addressing, protocols, traffic flow)
• Advanced knowledge ofWindows and Linuxoperating environments (commands, file systems, user authentication)
• Competence inSIEM solutions(e.g., ArcSight, Azure Sentinel) for monitoring and log analysis
• Proficient in Kusto Query Language (KQL)for searching and filtering logs
• Familiarity withOSINT techniquesfor threat identification
• Exposure to XDR platforms

Communication & Collaboration:

• Clear, efficient communication with team members and stakeholders
• Ability to explain technical issues to non-technical individuals
• Create concise, structured reports outlining investigation findings

Professional Attributes:

• Effective workload management to ensure timely task completion
• Collaborative approach, accepting guidance and learning from experienced analysts
• Initiative in learning new technologies and techniques
• Efficient performance under high-pressure situations

Education & Professional Experience

Desirable:

• IT certifications:CISSP, CompTIA CySA+, GCIA, GCIH
• CASP or ITILcertifications
• Experience in a SOC or SOC-equivalent environment

Other Requirements

• Willingness to undertake high-level clearance with multiple agencies
• Full UK Driving Licence

At DXC Technology, we believe strong connections and community are key to our success. Our work model prioritizes in-person collaboration while offering flexibility to support wellbeing, productivity, individual work styles, and life circumstances. We’re committed to fostering an inclusive environment where everyone can thrive.

Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.