Senior SOC Development Manager

Reference: 167036

Location: Can be based at any Defra office in England

Salary: £47,549 to £60,188

Closing Date: 01 Dec 2021

Government security is undergoing a step change, and now is an exciting time to get involved.

The security profession has an increasingly important role to play in a more digital world – the vision is to create an energetic, forward-thinking and technically proficient profession for government that leads the way in balancing security risks with the delivery of cost-effective, high-quality services. As part of this step change, Defra have brought in-house their cyber Security Operations Centre.

The SOC Development Manager will be responsible for technical onboarding of new capabilities into the internal Cyber Security Operations Centre and building internal competence of Defra SOC staff.

This role will be responsible for the expansion and management of protective monitoring across the Defra group, including threat and vulnerability management, interfacing with appropriate teams across the businesses and associated 3rd parties to ensure appropriate technical oversight of 3rd party and internal services are appropriately defined and implemented.

This role will work closely with the Senior SOC Service Manager to ensure a good quality protective monitoring service is provided to service owners and with the business and project teams as their services go through the project delivery lifecycle to ensure services are onboarded in a timely manner.


• Working with Defra’s internal Cloud Centre of Excellence and existing suppliers to evergreen and expand the Security Incident Event Management (SIEM) solution.

• Work with 3rd Parties (Major Service Providers and others) to onboard relevant security feeds into Defra’s SOC solution to provide a holistic view of cyber threats and events to the group.

• Support SOC Lead and assorted Project Managers on tactical and strategic development of SOC capabilities.

• Support the Senior SOC Services Manager in the development of the team capabilities in resolution of reported issues.

Skills and Experience

• Working knowledge of security related technologies such as SIEM/firewalls, Intrusion Prevention/Detection Systems, network protocols, Cloud and Physical infrastructures.

• Detailed knowledge of system security vulnerabilities and remediation techniques .

• Prior experience of working within or onboarding services to a SOC or NOC environment.

The successful candidate must either already hold or be able to achieve SC vetting clearance prior to appointment to the role.

Application Process

As part of the application process you will be asked to complete:

• a CV

• a 750-word statement of suitability. The statement of suitability will ask the following on your application form: Please provide evidence on how you meet the skills and experience criteria under the Responsibilities section listed on the job advert.

• a 250-word statement on the Behaviour ‘Changing and Improving’

• a 250-word statement on the Technical Skill ‘Cyber Security Operations’


Sift will begin shortly after the advert closes.

Should there be a large number of applications, an initial sift will be conducted using your suitability statement.

Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.


If successful at sift stage, you will be invited to interview where you will be assessed on your Experience, the listed Behaviours and Technical Skill and Strengths.

Interview dates are to be confirmed.