Senior Cyber Security Engineer

at  Department for Business and Trade Digital Data and Technology

About us
The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

SKILLS AND EXPERIENCE

It is essential that you have:

• Demonstratable experience configuring Security related tools and implementing security policies.
• Demonstratable experience in configuring AWS or Azure policies and infrastructure.
• Demonstratable experience working with a SIEM tool (Microsoft Sentinel, Splunk, etc.)
• Demonstratable skills with cloud environments, underlying logging systems and mechanisms.
• Understanding threats to an organisation and how they can be mitigated using tools.

It is desirable that you have:

• Knowledge of Azure and configuring Microsoft Security products
• Knowledge of using Python

How to apply
As part of the application process you will be asked to upload a two-page CV and complete a 750 words personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.
Sift will be from week commencing 2nd December
Interviews will be from week commencing 16th December
Please note these dates are indicative and may be subject to change.
If there is a high volume of applications, we will sift looking at your evidence of- Demonstratable experience configuring Security related tools and implementing security policies. only. You may then be progressed to full sift or straight to interview.
How we interview
At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework. These are role specific and in line with the Government Security Profession Career Framework.[G(1]

Technical Skills

• Threat Understanding
• Secure Operations Management
• Intrusion Detection and Analysis
• Information Risk Assessment and Risk Management
• Cyber Security Operations

Behaviours

• Making Effective Decisions
• Delivering at Pace
• Managing a Quality Service

How we offer
Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.
This role requires SC clearance. DBT’s requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.

Checks will also be made against:

• departmental or company records (personnel files, staff reports, sick leave reports and security records)
• UK criminal records covering both spent and unspent criminal records
• your credit and financial history with a credit reference agency
• security services record
• location details

Benefits

If you join us, you will get:

• learning and development tailored to your role
• a flexible, hybrid working environment with options like condensed hours
• a culture encouraging inclusion and diversity
• a Civil Service pension with an average employer contribution of 27%
• annual leave starting at 25 days rising to 30 days with service
• three paid volunteering days a year
• an employee benefits programme including cycle to work

More about us
This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure on our website.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!

This Role sites within the Department for Business and Trade’s SOC (Security Operations Centre), reporting to the Principle Cyber Engineer. The SOC is responsible for identification and mitigation of threats, both internal and external to the security of DBT. This role is to support these actions by creating new capabilities, supporting existing capabilities and providing expertise to analysts when required.
Focusing on supporting the delivery of the monitoring and development aspects of DBT’s TOM (Target Operating Model), this role will involve development of security tools, providing cyber security advice to the development community in DBT to ensure best practice is being followed.
This role will be suitable for an individual with a DevSecOps (Development and Security Operations) background or someone who has skills in both software development and Cyber Security.
Main responsibilities

You will be:

• Supporting the Principle Cyber Security Engineer and SOC Manager in the implementation of the monitoring and improvement roadmap
• Identifying areas of improvement within the SOC and building a plan to implement the improvement.
• Testing and Implementing changes within multiple Cloud Environment.
• Producing software documentation to accurately represent the system that has been implemented and its current state for other engineers to use and rely on.
• Updating and maintaining existing tools and infrastructure.
• Facilitating the ingestion and enriching new logging services into the SIEM (Security Incident and Event Management) Tool for the analysts.
• Maintaining the pipelines and infrastructure that is facilitating the ingestion of logs and processing logs.
• Being able to assist with active investigations that and provide expert knowledge to assist analysts.
• Creating Playbooks for creating new capabilities and documentation for maintaining new capabilities.