Apply Now
Details
Reference number
Salary
Civil Service Pension with an average employer contribution of 27%
Job grade
Contract type
Business area
Type of role
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
This role is central to how the DMO delivers its cyber security strategy, which is aligned with the UK Governments National Cyber Security Strategy, and the Cyber Assessment Framework. It is focused on cyber-attack monitoring, incident response, cyber defence, threat intelligence, and the support of cyber security assurance programmes (e.g. GovAssure).
The cyber security team is integral to the DMOs mission, and in this role you will be protecting sensitive assets, data, infrastructure and ultimately, the public interest. Emphasis is placed on integrity, transparency and accountability in addressing evolving threats.
Strong technical skills across cyber security operations, incident response, and threat intelligence are essential, but its not essential to be an expert in all. There is particular emphasis on Security Information and Event Management (SIEM), Network/Endpoint Detection and Response (NDR/EDR), and threat hunting (e.g. MITRE, TTPs).
Due to the rapidly changing nature of the cyber security landscape, emphasis is placed on continuing technical education and development. Enthusiasm for learning as well as obtaining and maintaining relevant professional
Job description
Conduct cyber security operations, comprising Security Information and Event Management (SIEM), Network/Endpoint Detection and Response, threat intelligence, and threat hunting.
Conduct cyber security incident investigation, analysis, containment, and recovery. To include continuous improvement of SOP and development of metrics.
Provide a threat intelligence capability for current and emerging threats, risks, vulnerabilities, and technology developments, for continuous improvement of detection, response, and threat hunting capabilities (e.g. Indicators of Compromise, TTPs). Collaborate with NCSC and central government departments to use threat intelligence as a force multiplier.
Conduct vulnerability assessments and cyber-attack simulations, and develop hardened device configuration standards, working with stakeholders for implementation
Support cyber assurance and audit programmes (e.g. GovAssure).
Technical knowledge and experience:
Demonstrable experience with Intrusion Detection (IDS) and Network and Endpoint Detection/Response (NDR/EDR), Security Information and Event Management (SIEM), and other common cyber-security technologies
Demonstrable knowledge of cyber-attack analysis, able to correlate multiple event sources to provide a complete analysis of an intrusion, and to effectively threat hunt (e.g. MITRE, kill chain)
Demonstrable experience with best practice Incident Response principles (e.g. NCSC/NIST)
Demonstrable knowledge of Threat Intelligence reporting and modelling
Desirable: familiarity with NCSC Cyber Assessment Framework (CAF)
Candidates will be assessed against the Government Security Profession career framework
Person specification
For this vacancy, we will use the Civil Service Success Profiles and the Government Security Profession career framework to assess you against the following Behaviours, Experience and Technical Skills:
1. Technical (Lead criteria) Cyber Security Operations (Practitioner)
Develops security operating procedures for use across multiple information systems or maintains compliance with them
Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware protection or vulnerability testing with autonomy
Develops and tests rules for detecting violations of security operating procedures with autonomy
Leads small teams managing Cyber Security operations within an organisation
2. Experience Cyber Security operations and incident response experience
3. Technical Incident management, incident investigation and response (Practitioner)
Defines incident management, incident investigation and response policy and/or incident management and investigation processes, procedures and systems
Follows documented principles and guidelines for incident management, incident investigation and response activities
Advises others on incident management, incident investigation and response processes
4. Technical Intrusion Detection and Analysis (Working)
Understands and explains the basic principles of monitoring network and system activity to identify potential intrusion or other anomalous behaviour
Uses information provided from various sources to identify, analyse, and report events that occur or might occur within the network. Uses a range of methods and procedures to identify, acquire, and preserve artefacts by means of controlled and documented analytical and investigative techniques
Understands the business context of the activities
Educates others on policies, procedures and guidelines relating to monitoring and analysing network and system activity
5. Technical Threat intelligence and threat assessment (Working)
Understands and can explain threat intelligence and threat assessment principles and concepts
Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources
Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors
Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals
Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system
Candidates Please note, you will be asked to give evidence in your application of how you meet these criteria
Behaviours
We’ll assess you against these behaviours during the selection process:
Technical skills
We’ll assess you against these technical skills during the selection process:
- Cyber Security Operations (Practitioner)
- Incident management, incident investigation and response (Practitioner)
- Intrusion Detection and Analysis (Working)
- Threat intelligence and threat assessment (Working)
Benefits
£14,850 towards you being a member of the Civil Service Defined Benefit Pension scheme.
Find out what benefits a Civil Service Pension provides.
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
Things you need to know
Selection process details
To apply, please send a CV and a short personal statement detailing your suitability for the role to Recruitment@dmo.gov.uk.
There will be a one stage interview process for this vacancy. As part of our assessment shortlisted candidates will be asked to undertake an open book technical skills assessment, prior to interview
If you are interested in finding out more about the role please do join our teams session on Thursday 11th January at 12:30 – Click here to join the meeting.
We will be running a second session on 18th January – Click here to join the meeting
Applicants for this post will be assessed against the elements of Success Profiles and the Government Security Profession career framework listed above. Candidate guidance on Success Profiles, and how you will be assessed, is available here.
- Stage 1: Applicants for this post will be assessed against the elements of the Government Security Profession career framework and Success Profiles listed above.
Application deadline: 23:55 on 21/01/2024
Shortlisting: Week commencing 22/01/2024
Interviews: Week commencing 05/02/2024
These dates are indicative and may change
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).
Apply and further information
You may want to save a copy for your records.
Contact point for applicants
Job contact :
- Name : Kamara Ferdinand
- Email : Recruitment@dmo.gov.uk
Recruitment team
- Email : Recruitment@dmo.gov.uk