SOC Shift Analyst

Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.

About us:

We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy.  We have been officially awarded the Fourth Licence (10 year licence) to operate the National Lottery starting February 2024.

We’ve developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better.  Our aim is to create one of the UK’s most inclusive organisations – where people can bring the best of themselves, to do their best work, every day, for the benefit of good causes.

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace.  All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications.  Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

While the main contribution of the National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do.  Join us as we embark on a once-in-a-lifetime, large-scale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to good causes.

Purpose of Role:

The SOC Shift Analyst role is a vital part of the Security Operations team, reporting to the SOC Manager. This role will be responsible for the proactive security monitoring of the Allwyn estate and the detect and respond phases of cyber security incident response and will be instrumental in supporting and advancing the operational security capabilities of the SOC Team The Security Operations Analyst will have primary responsibility for all technologies managed directly by the SOC team but also need to track, check and report on security events discovered by our MSSP.

Team Description:

Allwyn UK SOC team is pivotal to Allwyn’s commitment to protect the National Lottery and its players from Cyber Threats. The SOC is part of the Cyber and Information Security function alongside with our Cyber Défense team and the GRC team. The purpose of the SOC team to deliver Allwyn UK security monitoring and incident response capability. The SOC is und a 24x7 fully in-house operational model. We strive to excel in what we do by regularly measuring our key performance indicators and set the path to the next level of maturity. This is a fantastic opportunity for the right candidate to lend from their experience to help advance the capability of this function.

Key Accountabilities or Duties:

• Continuously monitor security tools, dashboards, and systems for potential security incidents.
• Track security alerts and escalate issues according to the severity and impact.
• Investigate security incidents or alerts triggered by monitoring tools to determine whether they represent legitimate threats (e.g., malware, phishing, unauthorised access).
• Assist in the initial response to low-level security incidents, escalate more severe incidents to Lead SOC analysts or security engineers when necessary.
• Analyse and review logs from various systems and applications (e.g., network devices, servers, endpoints) to identify potential threats and suspicious activities.
• Correlate data from different sources to build a complete picture of ongoing security incidents.
• Perform initial triage to categorize incidents by severity (e.g., false positives, low-risk, high-risk incidents).
• Identify the type of attack (e.g., phishing, ransomware, DDoS) and begin documenting the event for further analysis.
• Identify opportunities for security improvements and work with relevant infrastructure teams to implement effectively.
• Assist in the develop of operational metrics and dashboard reporting for operational security posture.

Skills & Experience:

Ability to work independently to delivery against personal and team objectives, liaising with relevant teams.

Good network knowledge and principles; LAN, TCP/IP, OSI Model, DNS, DHCP, Wi-Fi, Routing, VPN, Firewalls, Load Balancing, IPv4

Understanding of key windows domain services, such as Active Directory and Windows Server environments.

Hands on experience of common security controls, such as IDS, Web content filters, AV, SIEM, Vulnerability Management, and awareness of their purpose in a layered security approach

Demonstrable experience of Azure security solutions

Experience and understanding of the ITIL approach to service management.

In depth knowledge of the Mitre Att&ck framework. Desirable:

A qualification or certification in cyber security attack or defence e.g. (BTL1, GCIA, GCIH, GCFA, GREM)

Experience with alerts generated in Azure Unified Logs / Exchangeonline / AWS Guardduty / AWS Cloudtrail / Salesforce Shield / Palo Prisma / Entra-ID / Azure PIM / Defender for Cloud / Defender for endpoint / Defender for servers / Azure Information Protection

DLP / Insider Threat experience / Purvue and or Macie

Here is our list of benefits:

• 34 days paid leave (This includes bank holidays)
• 2 x Life Days
• 4 x Salary of Life Insurance
• Pension: We’ll contribute 8.5%
• BUPA
• £500 wellness allowance
• Income Protection

As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.

Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.

All data will be handled in accordance with our data policies and treated with utmost confidentiality.