SOC Shift Lead

Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.

ABOUT US:

We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy. We have been officially awarded the Fourth Licence (10 year licence) to operate the National Lottery starting February 2024.

We’ve developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better. Our aim is to create one of the UK’s most inclusive organisations – where people can bring the best of themselves, to do their best work, every day, for the benefit of good causes.

While the main contribution of the National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-ina-lifetime, largescale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to good causes.

ROLE PURPOSE:

This role will be key to our approach to Cyber Defence at Allwyn, managing the engineers, toolsets, processes and capabilities required to effectively deliver a world class security operations Centre. The SOC Shift Lead role is a vital part of the Security Operations team, reporting to the Senior Cyber Defence manager. This role will be responsible for the proactive security monitoring of the Allwyn estate and the detect and respond phases of cyber security incident response and will be instrumental in supporting and advancing the operational security capabilities of the SOC Team The SOC Shift Lead will have primary responsibility for all technologies managed directly by the SOC team but also need to track, check and report on security events discovered by our MSSP.

ROLE RESPONSIBILITIES:

● Analysis and Incident Investigation Lead, ensuring threats escalated to the security team are appropriately assessed and investigated.

● Main point of contact for variable shift pattern, days/evenings/nights.

● Identify opportunities for security improvements and work with relevant teams to implement effectively.

● Develop operational metrics and dashboard reporting for operational security posture.

● Support cyber security projects and where necessary represent the Cyber Security team at Change Management.

● Reviewing products that can advance our security capabilities, such as tools that support analysis, to detection capabilities and other emerging technologies.

● Supervise the SOC analysts during the shift and provide guidance during security incidents.

● Lead and support in-depth triage and investigations of urgent cyber incidents in cloud, and traditional environments.

● Perform incident response functions including but not limited to host-based analytical functions (e.g. digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).

● Create and track metrics based on the MITRE ATT&CK Framework and other standard securityfocused models.

● Work with the MSSP and the Cyber Defence team on continuous improvement activities.

● Collaborate with multidisciplinary groups for triaging and defining the scope of Major Incident and Crisis Management.

● Document and present investigative findings for high profile events and other incidents of interest.

● Participate in readiness exercises such as purple team, table tops, etc.

● Ensure seamless handovers between shifts, providing updates and incident summaries.

● Track and report on SOC performance metrics to ensure the team is meeting objectives

KEY MEASURES OF SUCCESS:

Expertise: Business Expertise Applies best practices and knowledge of internal/external business challenges to improve products, processes or services

Expertise: Technical Expertise Has developed conceptual and practical expertise in a technical team having used a wide range of technologies.

Expertise: Security Knowledge Has a broad technical skillset and deep understanding of information security (e.g. host, network, application, policy etc.) and is able to adapt risk analysis to new technologies quickly.

Delivering Solutions: Problem Solving Leads others to solve complex technical problems; takes a broad perspective to identify innovative solutions

Delivering Solutions: Customer Focus Interprets customer needs; assesses requirements and identifies solutions to non-standard requests

Delivering Solutions: Continuous Technical Improvement & Process Assists with the development of strategies and policies aimed at the continuous improvement of own work area

Impact: Influence Explains difficult issues and works to build consensus

Impact: Decision Making Makes decisions within guidelines and policies that impact own priorities and allocation of time to meet deadlines. Must be good at taking ownership of situations.

Resource Management: Project Management Is accountable for technical contribution to project team

Resource Management: Financial Management Builds awareness of costs related to own work

KEY SKILLS AND EXPERIENCE:

Ability to work under pressure

Have 1-3 years’ experience in a similar role

In-depth understanding of the cyber threat landscape and advances adversary tactics

The role requires an expert knowledge and experience of Linux; Windows; Azure; AWS;

Threat Modelling and Mitre Att&ck.

In-depth knowledge of a scripting language preferably python

Desirable Skills:

Previous experience in a similar role

Relevant Cloud experience

Experience and understanding of the ITIL approach to service management

Experience with alerts generated in Azure Unified Logs / Exchangeonline / AWS Guardduty / AWS Cloudtrail / Salesforce Shield / Palo Prisma / Entra-ID / Azure PIM / Defender for Cloud / Defender for endpoint / Defender for servers / Azure Information Protection / Cyberark / DLP / Insider Threat experience / Purview and or Macie/Paulo Alto Strata Cloud Desirable Qualifications: CISSP AWS Certified Security – Specialty Azure security engineer A qualification or certification in cyber security attack or defence e.g. (BTL1, GCIA, GCIH, GCFA, GREM)

OUR GOAL IS TO CREATE ONE OF THE UK’S MOST INCLUSIVE ORGANISATIONS – WHERE PEOPLE CAN BRING THE BEST OF THEMSELVES, TO DO THEIR BEST WORK, EVERY DAY, FOR THE BENEFIT OF GOOD CAUSES.

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace. All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications. Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

Benefits

• 26 days paid leave (plus bank holidays) 

• Annual bonus scheme 

• 2 x Life Days 

• 4 x Salary of Life Insurance 

• Pension: we’ll match your contribution up to 8.5% 

• Single Private Health Cover 

• £500 Wellness Allowance 

• Income Protection 

• Enhanced parental leave (maternity and paternity) 

• Eye Care, Dental and Cycle To Work schemes