Security Operations Centre Analyst

Join DVSA's mission to safeguard the future of digital public services and help make UK roads safer and more efficient. As a Security Operations Centre Analyst, you'll be at the heart of protecting DVSA's networks, systems, and assets, ensuring millions of users benefit from secure and resilient digital services.

You'll monitor and defend DVSA's networks and systems from cyber threats, using various advanced network analysis tools and SIEM. Working within the SOC, you'll investigate security events, respond to incidents, and collaborate with IT and business teams to strengthen security across the organisation.

You'll be responsible for prioritising alerts, coordinating incident response, and ensuring compliance with security policies and regulations. Your work will include developing and updating security procedures, supporting audits, and driving continuous improvement through threat hunting and vulnerability management. As a key member of the team, you'll provide guidance to colleagues, communicate technical concepts clearly, and help ensure DVSA remains resilient against evolving cyber threats.

Joining our department comes with many benefits, including:

• Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays a privilege day for the King's birthday
• Flexible working options where we encourage a great work-life balance.

Read more in the Benefits section below!

Find out more about what it's like working at Driver and Vehicle Standards Agency - Department for Transport Careers

Your responsibilities will include, but aren't limited to:

• Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate.
• Prioritise and classify security alerts based on their severity and potential impact, differentiating between false positives and genuine threats.
• Maintain detailed records of security incidents, investigations, and responses for compliance and future reference.
• Effective communication and collaboration with other teams, such as network administrators, system administrators, and management.
• Provide guidance and support to colleagues, communicating technical concepts clearly to both technical and non-technical audiences.
• Design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques, and procedures to Detect malicious activity.
• Conduct threat hunting, vulnerability management, and support continuous improvement of monitoring processes.

Disability Confident About Disability Confident A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to .