JOB SUMMARY

You will work as part of the Department’s Cyber Resilience Centre (CRC) as a Security Threat Detection Analyst in the Cyber Security Monitoring & Investigations team and will play a vital role in securing the DWP IT Estate; ensuring that service delivery is not affected by potential malicious activity from either internal or external threats.
You will provide comprehensive analysis of security events and will operate as a second tier escalation point for the clearance of security alerts that have been triaged by others. This includes undertaking proactive analysis of activity captured in system logs, to quickly determine if systems have been compromised.
You will support the DWP Security Incident Response Team by providing detailed technical input to on-going investigations in relation to the mitigation, detection and response to potential cyber-attacks. You will provide support and technical guidance to Tier 1 analysts in the investigation of security alerts and will drive forward the continual improvement of monitoring systems and processes. You will have line management responsibility for a number of HEO analysts.

JOB DESCRIPTION

Working as a Security Threat Detection Analyst in the Cyber Security Monitoring and Investigations team, you will be part of an innovative and service-orientated team of analysts, focused on the detection and investigation of potential indicators of compromise and malicious activity on DWP systems and devices. Your main responsibilities will be to:

• Provide a second-tier escalation function for the resolution of security events that have been triaged by others, providing direction and guidance, and ensuring an effective response to alerts and risks as they are identified.
• Undertake comprehensive investigation of security alerts as well as proactive analysis of activity captured in system logs and security tools, to quickly determine if systems have been compromised.
• Support Intelligence Analysts and the Security Incident Response Team, by providing detailed technical input to on-going investigations, building on detailed log data, digital outputs, and threat intelligence in relation to the mitigation, detection and response to potential cyber-attacks.
• Effectively use the latest analytical SIEM tools including open-source intelligence to identify security compromises within large amounts of complex data.
• Use malware analysis tools (commercial and/or open source) to support analysis and decision making.
• Demonstrate strong knowledge of the latest security threats and indicators of compromise to ensure a robust response to new threats and attack vectors.
• Provide timely intervention to protect the DWP IT Estate through recommending and operating containment processes to isolate and prevent the spread of malware.
• Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities.
• Ensure intelligence is effectively used to maintain the integrity of alerts and to ensure alerts continue to remain relevant and focused on the latest threats.
• Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity.
• Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
• Support the transformation of the Department’s response to digital delivery and the security threats this presents; including operating new analytical tools to generate innovative security alerts.
• Support remedial activity as a result of identified weaknesses within the estate.
• Manage multiple priorities and respond flexibly to competing demands.
• Line management of Tier 1 analysts.

The Cyber Security Monitoring & Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work outside of usual office hours as the work dictates.

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Intrusion detection and analysis - (Government Cyber Security Profession Skills Framework – Practitioner Level)
• Incident management, incident investigation and response - (Government Cyber Security Profession Skills Framework – Practitioner Level)

APPLICATIONS MUST INCLUDE:

A. A completed Personal Details application form.
B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description.
C. A personal statement. In no more than 1000 words, please demonstrate how you meet the essential criteria, outlined in the ‘Person Specification’ section of the job advert.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

Working as a Security Threat Detection Analyst in the Cyber Security Monitoring and Investigations team, you will be part of an innovative and service-orientated team of analysts, focused on the detection and investigation of potential indicators of compromise and malicious activity on DWP systems and devices. Your main responsibilities will be to:

• Provide a second-tier escalation function for the resolution of security events that have been triaged by others, providing direction and guidance, and ensuring an effective response to alerts and risks as they are identified.
• Undertake comprehensive investigation of security alerts as well as proactive analysis of activity captured in system logs and security tools, to quickly determine if systems have been compromised.
• Support Intelligence Analysts and the Security Incident Response Team, by providing detailed technical input to on-going investigations, building on detailed log data, digital outputs, and threat intelligence in relation to the mitigation, detection and response to potential cyber-attacks.
• Effectively use the latest analytical SIEM tools including open-source intelligence to identify security compromises within large amounts of complex data.
• Use malware analysis tools (commercial and/or open source) to support analysis and decision making.
• Demonstrate strong knowledge of the latest security threats and indicators of compromise to ensure a robust response to new threats and attack vectors.
• Provide timely intervention to protect the DWP IT Estate through recommending and operating containment processes to isolate and prevent the spread of malware.
• Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities.
• Ensure intelligence is effectively used to maintain the integrity of alerts and to ensure alerts continue to remain relevant and focused on the latest threats.
• Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity.
• Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
• Support the transformation of the Department’s response to digital delivery and the security threats this presents; including operating new analytical tools to generate innovative security alerts.
• Support remedial activity as a result of identified weaknesses within the estate.
• Manage multiple priorities and respond flexibly to competing demands.
• Line management of Tier 1 analysts