Job Specifications
Join our journey to create a new experience for The National Lottery and help us to power change for the greater good.
We are Allwyn UK, part of the Allwyn Entertainment Group - a multi-national lottery operator with a market-leading presence across Europe which includes: Czech Republic, Austria, Greece, Cyprus & Italy.
While the main contribution of The National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime, largescale transformation journey by creating a National Lottery that delivers more money to good causes.
We'll talk a bit more about us further down the page, but for now - let's talk about the role and who we're looking for...
A bit about the role...
The SOC Shift Analyst role is a vital part of the Security Operations team, reporting to the SOC Manager. This role will be responsible for the proactive security monitoring of the Allwyn estate and the detect and respond phases of cyber security incident response and will be instrumental in supporting and advancing the operational security capabilities of the SOC Team The Security Operations Analyst will have primary responsibility for all technologies managed directly by the SOC team but also need to track, check and report on security events discovered by our MSSP.
Team Description:
Allwyn UK SOC team is pivotal to Allwyn's commitment to protect the National Lottery and its players from Cyber Threats. The SOC is part of the Cyber and Information Security function alongside with our Cyber Défense team and the GRC team. The purpose of the SOC team to deliver Allwyn UK security monitoring and incident response capability. The SOC is under a 24x7 fully in-house operational model. We strive to excel in what we do by regularly measuring our key performance indicators and set the path to the next level of maturity. This is a fantastic opportunity for the right candidate to lend from their experience to help advance the capability of this function.
What you'll be doing...
Continuously monitor security tools, dashboards, and systems for potential security incidents.
Track security alerts and escalate issues according to the severity and impact.
Investigate security incidents or alerts triggered by monitoring tools to determine whether they represent legitimate threats (e.g., malware, phishing, unauthorised access).
Assist in the initial response to low-level security incidents, escalate more severe incidents to Lead SOC analysts or security engineers when necessary.
Analyse and review logs from various systems and applications (e.g., network devices, servers, endpoints) to identify potential threats and suspicious activities.
Correlate data from different sources to build a complete picture of ongoing security incidents.
Perform initial triage to categorize incidents by severity (e.g., false positives, low-risk, high-risk incidents).
Identify the type of attack (e.g., phishing, ransomware, DDoS) and begin documenting the event for further analysis.
Identify opportunities for security improvements and work with relevant infrastructure teams to implement effectively.
Assist in the develop of operational metrics and dashboard reporting for operational security posture
What experience we're looking for...
Ability to work independently to delivery against personal and team objectives, liaising with relevant teams
Good network knowledge and principles; LAN, TCP/IP, OSI Model, DNS, DHCP, Wi-Fi, Routing, VPN, Firewalls, Load Balancing, IPv4
Understanding of key windows domain services, such as Active Directory and Windows Server environments.
Hands on experience of common security controls, such as IDS, Web content filters, AV, SIEM, Vulnerability Management, and awareness of their purpose in a layered security approach
Demonstrable experience of Azure security solutions
Experience and understanding of the ITIL approach to service management.
In depth knowledge of the Mitre Att&ck framework. Desirable:
A qualification or certification in cyber security attack or defence e.g. (BTL1, GCIA, GCIH, GCFA, GREM)
Experience with alerts generated in Azure Unified Logs / Exchangeonline / AWS Guardduty / AWS Cloudtrail / Salesforce Shield / Palo Prisma / Entra-ID / Azure PIM / Defender for Cloud / Defender for endpoint / Defender for servers / Azure Information Protection DLP / Insider Threat experience / Purvue and or Macie
About us:
We've developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better.
Innovation - We pride ourselves on it! We're constantly looking for new ways to excite our customers, bringing new products to enjoy which is all underpinned by our responsible play values and making them accessible to all.
Giving back - Did you know that playing the lottery generates around £30m a week for charities and good causes in the UK? Our aim is to have dou
About the Company
Allwyn UK is part of Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus, and Italy.
Over the next two years we are going to embark on a large-scale transformation journey, unparalleled in the existing market, and a once-in-a-lifetime opportunity for anyone both within and outside the betting and gaming industry.
We can’t talk too much about our plans – you’ll have to speak to us to find out more – but we can promise a fast-paced, exci...
Know more