Cyber Security Analyst


Apply Now
 

Details

Reference number

331825

Salary

£55,000 – £70,000
A
Civil Service Pension
with an average employer contribution of 27%

Job grade

Other

Contract type

Permanent

Business area

DMO – Business Delivery

Type of role

Other

Working pattern

Flexible working, Full-time

Number of jobs available

1

Contents

The post will be based at in the DMO’s office in the City of London

Job summary

This role is central to how the DMO delivers its cyber security strategy, which is aligned with the UK Government’s National Cyber Security Strategy, and the Cyber Assessment Framework. It is focused on cyber-attack monitoring, incident response, cyber defence, threat intelligence, and the support of cyber security assurance programmes (e.g. GovAssure).

The cyber security team is integral to the DMO’s mission, and in this role you will be protecting sensitive assets, data, infrastructure and ultimately, the public interest. Emphasis is placed on integrity, transparency and accountability in addressing evolving threats.

Strong technical skills across cyber security operations, incident response, and threat intelligence are essential, but it’s not essential to be an expert in all. There is particular emphasis on Security Information and Event Management (SIEM), Network/Endpoint Detection and Response (NDR/EDR), and threat hunting (e.g. MITRE, TTPs).

Due to the rapidly changing nature of the cyber security landscape, emphasis is placed on continuing technical education and development. Enthusiasm for learning as well as obtaining and maintaining relevant professional 

Job description

•    Conduct cyber security operations, comprising Security Information and Event Management (SIEM), Network/Endpoint Detection and Response, threat intelligence, and threat hunting.

•    Conduct cyber security incident investigation, analysis, containment, and recovery. To include continuous improvement of SOP and development of metrics. 

•    Provide a threat intelligence capability for current and emerging threats, risks, vulnerabilities, and technology developments, for continuous improvement of detection, response, and threat hunting capabilities (e.g. Indicators of Compromise, TTPs). Collaborate with NCSC and central government departments to use threat intelligence as a force multiplier.

•    Conduct vulnerability assessments and cyber-attack simulations, and develop hardened device configuration standards, working with stakeholders for implementation

•    Support cyber assurance and audit programmes (e.g. GovAssure).

Technical knowledge and experience:

•    Demonstrable experience with Intrusion Detection (IDS) and Network and Endpoint Detection/Response (NDR/EDR), Security Information and Event Management (SIEM), and other common cyber-security technologies

•    Demonstrable knowledge of cyber-attack analysis, able to correlate multiple event sources to provide a complete analysis of an intrusion, and to effectively threat hunt (e.g. MITRE, kill chain)

•    Demonstrable experience with best practice Incident Response principles (e.g. NCSC/NIST)

•    Demonstrable knowledge of Threat Intelligence reporting and modelling

•    Desirable: familiarity with NCSC Cyber Assessment Framework (CAF)

Candidates will be assessed against the Government Security Profession career framework

Person specification

For this vacancy, we will use the Civil Service Success Profiles and the Government Security Profession career framework to assess you against the following Behaviours, Experience and Technical Skills: 

1.    Technical – (Lead criteria) Cyber Security Operations (Practitioner)

Develops security operating procedures for use across multiple information systems or maintains compliance with them

Applies routine security procedures appropriate to the role, such as patching, managing access rights, malware protection or vulnerability testing with autonomy

Develops and tests rules for detecting violations of security operating procedures with autonomy

Leads small teams managing Cyber Security operations within an organisation

2.    Experience – Cyber Security operations and incident response experience 

3.    Technical – Incident management, incident investigation and response (Practitioner)

Defines incident management, incident investigation and response policy and/or incident management and investigation processes, procedures and systems

Follows documented principles and guidelines for incident management, incident investigation and response activities

Advises others on incident management, incident investigation and response processes
 
4.    Technical – Intrusion Detection and Analysis (Working)

Understands and explains the basic principles of monitoring network and system activity to identify potential intrusion or other anomalous behaviour

Uses information provided from various sources to identify, analyse, and report events that occur or might occur within the network. Uses a range of methods and procedures to identify, acquire, and preserve artefacts by means of controlled and documented analytical and investigative techniques

Understands the business context of the activities

Educates others on policies, procedures and guidelines relating to monitoring and analysing network and system activity

5.    Technical – Threat intelligence and threat assessment (Working)

Understands and can explain threat intelligence and threat assessment principles and concepts

Uses prescribed tools and techniques to acquire, validate and analyse threat information from multiple sources

Under direction enriches threat information by providing context, assessing possible implications and summarising the behaviour, capabilities and activities of threat actors

Uses approved techniques to model routine threats, under supervision, to identify common enterprise attack vector, identify critical organisational functions, and protect organisational assets and goals

Applies knowledge to prioritise remediation of identified vulnerabilities for a single asset or system

Candidates – Please note, you will be asked to give evidence in your application of how you meet these criteria

Behaviours

We’ll assess you against these behaviours during the selection process:

Technical skills

We’ll assess you against these technical skills during the selection process:

  • Cyber Security Operations (Practitioner)
  • Incident management, incident investigation and response (Practitioner)
  • Intrusion Detection and Analysis (Working)
  • Threat intelligence and threat assessment (Working)
Alongside your salary of £55,000, UK Debt Management Office contributes
£14,850 towards you being a member of the Civil Service Defined Benefit Pension scheme.

Find out what benefits a Civil Service Pension provides.
  • Learning and development tailored to your role
  • An environment with flexible working options
  • A culture encouraging inclusion and diversity
  • A Civil Service pension with an average employer contribution of 27%

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Strengths, Ability, Experience and Technical skills.

To apply, please send a CV and a short personal statement detailing your suitability for the role to Recruitment@dmo.gov.uk.  

There will be a one stage interview process for this vacancy. As part of our assessment shortlisted candidates will be asked to undertake an open book technical skills assessment, prior to interview

If you are interested in finding out more about the role please do join our teams session on Thursday 11th January at 12:30 – Click here to join the meeting.

We will be running a second session on 18th January – Click here to join the meeting

Applicants for this post will be assessed against the elements of Success Profiles and the Government Security Profession career framework listed above. Candidate guidance on Success Profiles, and how you will be assessed, is available here.

 Application deadline: 23:55 on 21/01/2024
Shortlisting: Week commencing 22/01/2024
Interviews: Week commencing 05/02/2024

These dates are indicative and may change

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Once this job has closed, the job advert will no longer be available.
You may want to save a copy for your records.

Contact point for applicants

Job contact :

  • Name : Kamara Ferdinand
  • Email : Recruitment@dmo.gov.uk

Recruitment team

  • Email : Recruitment@dmo.gov.uk

Further information

If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner’s Recruitment Principles, you may make a complaint, by contacting us at HR@dmo.gov.uk in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commissioners via info@csc.gov.uk, alternatively they can be contacted at the following address: G/8, 1 Horse Guards Road, London, SW1A 2HQ

Share this page

 
 

Apply Now


Posted

in