Cyber Security Monitoring and Investigations - Threat Detection Analyst
Department for Work and Pensions
Apply before 11:55 pm on Tuesday 8th October 2024
Details
Reference number
Salary
This post currently attracts a Recruitment and Retention Allowance of £5,200.
Job grade
Contract type
Business area
Type of role
Digital
Information Technology
Security
Working pattern
Number of jobs available
Contents
Location
About the job
Job summary
Job description
Working as a Threat Detection Analyst in the Cyber Security Monitoring and Investigations team, you will be part of an innovative and service-orientated team of analysts, focused on the detection and investigation of potential indicators of compromise or malicious activity on DWP systems and devices. Your main responsibilities will be to:
- Provide a second-tier escalation function for the resolution of security events that have been triaged by others, providing direction and guidance, and ensuring an effective response to alerts and risks as they are identified.
- Undertake comprehensive investigation of security alerts as well as proactive analysis of activity captured in system logs and security tools, to quickly determine if systems have been compromised.
- Support Intelligence Analysts and the Security Incident Response Team, by providing detailed technical input to on-going investigations, building on detailed log data, digital outputs, and threat intelligence in relation to the mitigation, detection and response to potential cyber-attacks.
- Effectively use the latest analytical SIEM tools including open-source intelligence to identify security compromises within large amounts of complex data.
- Use digital forensic and malware analysis tools (commercial and/or open source) to support analysis and decision making.
- Demonstrate strong knowledge of the latest security threats and indicators of compromise to ensure a robust response to new threats and attack vectors.
- Provide timely intervention to protect the DWP IT Estate through recommending and operating containment processes to isolate and prevent the spread of malware.
- Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities.
- Ensure intelligence is effectively used to maintain the integrity of alerts and to ensure alerts continue to remain relevant and focused on the latest threats.
- Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity.
- Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
- Support the transformation of the Department’s response to digital delivery and the security threats this presents; including operating new analytical tools to generate innovative security alerts.
- Support remedial activity as a result of identified weaknesses within the estate.
- Manage multiple priorities and respond flexibly to competing demands.
The Cyber Security Monitoring & Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work outside of usual office hours as investigations dictate. Travel to different sites with occasional overnight stays may also be required.
Person specification
A strong candidate will be able to demonstrate the following ESSENTIAL CRITERIA:
- Experience of performing in-depth analysis of cyber security alerts to quickly determine if systems have been compromised.
- Skilled in using a variety of the latest SIEM/network analysis tools and of proactively interrogating large data sets of structured and unstructured data, to identify malicious activity or anomalous behaviour.
- Comprehensive knowledge of tactics or techniques an adversary could use to bypass or evade security controls, and an understanding of how to mitigate such activities so that they could be detected.
- Experience of providing technical input into security investigations and of analysing and extracting relevant information in relation to the detection and response to potential cyber-attacks.
Behaviours
We'll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Working Together
- Communicating and Influencing
- Changing and Improving
Technical skills
We'll assess you against these technical skills during the selection process:
- Intrusion detection and analysis
- Incident management, incident investigation and response
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 28.97%
At DWP we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve.
We want to maximise the potential of everyone who chooses to work for us, and we offer a range of flexible working patterns and support to make a fulfilling career at DWP accessible to you.
Diverse perspectives and experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role.
As one of the largest government departments, almost every individual in the UK is a direct customer of DWP at some point in their lives. DWP’s mission is to improve people’s quality of life, both now and in the future. We do that by focussing on delivering excellent services that make a difference to millions of people. We trust and empower our people to deliver these services to customers every day, including the most vulnerable in society.
We seek to be an exemplar of the modern Civil Service, and to build on our achievements for the benefit of those we serve. When we are at our best, we care, we deliver, we adapt, we work together and we value everyone, and we seek to ensure that these values guide the way we serve our country, our communities, and our fellow citizens.
DWP is looking to fill 2 roles in Finance directorate. These are key roles, and we are looking for people who will help us deliver Cyber Security Monitoring & Investigations.
We welcome applications from candidates who can demonstrate the essential criteria listed in the ‘Person Specification’ part of this form.
Hybrid working
This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home.
This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need, but personal circumstances and other relevant circumstances will also be taken into account.
If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.
Things you need to know
Selection process details
Stage 1: APPLICATION & SIFT
As part of the application process you will be asked to complete a CV & personal statement of suitability (1,000 words). All applications will be assessed and sifted based on the essential criteria in the Person Specification section of the advert, using the information you provide in your completed application form. Further details around what this will entail are listed on the application form.
The sift panel will use the information relating to your employment history (your CV) and your personal statement of suitability, to assess your experience, skills and knowledge. When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein.
Applications must include:
A. A completed Personal Details application form.
B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description.
C. A personal statement. In no more than 1000 words, please demonstrate how you meet the essential criteria, outlined in the 'Person Specification' section of the job advert.
A NOTE ON ANONYMISATION
*Due to DWP’s use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role.
IMPORTANT INFORMATION:
Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application.
DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn.
Stage 2 – SIFT & INTERVIEW INFORMATION:
Applications will be sifted at regular intervals from the date the posts are advertised. Sifting for this role will be concluded as soon as the advert closes.
The final stage of the process will be a face-to-face interview where you will be assessed against the behaviours and technical skills outlined in the advert as well as strengths.
Candidates will be required to give a short presentation at interview, details of which will be provided prior to you attending.
To help you prepare and settle into the interview you will be sent the behaviour questions in advance of the interview. These questions should be treated as confidential and should not be shared. The interview panel may ask you other questions which will not be shared in advance, including follow-up questions, and those about your experience, strengths, and technical abilities.
Only candidates that have been successful at the previous stage will be invited to attend.
Interviews will commence after 15th October 2024
Further Information
Find out more about Working for DWP
A reserve list may be held for a period of 6 months from which further appointments can be made.
Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk
If successful and transferring from another Government Department a criminal record check may be carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf.
However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.
For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk
For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting
New entrants are expected to join on the minimum of the pay band.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing.
The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action.
Reasonable Adjustment
At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce.
We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia.
If you need a change to be made so that you can make your application, you should:Contact Government Recruitment Service via DWPRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.
Complete the “Reasonable Adjustments” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Nationality requirements
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
- Name : Louise Williams
- Email : louise.c.williams@dwp.gov.uk
Recruitment team
- Email : dwprecruitment.grs@cabinetoffice.gov.uk
Further information
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission. Click here to visit the Civil Service Commission.