Security Operations Centre Incident Responder / Senior Analyst – Level 3
We’re looking for an exceptional Security Operations Centre Incident Responder / Senior Analyst – Level 3to help us make a difference to our planet.
As our Security Operations Centre Incident Responder / Senior Analyst – Level 3, the job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work.
Our opportunity is full time, 37 hours per week.Our people are at the heart of what we do, and we'll do our best toagreea working pattern that works for everyone.
World changing work
From science to technology, from meteorology to management, and from planning to communication, our expertise helps us stand out as the authority on weather accuracy and climate prediction. We help individuals, industries and government to make better decisions to stay safe and thrive. This is the Met Office. This is who we are.
* We’re aforcefor good - focusing on our environmental and socialimpact
* We’re experts by nature - always learning and developing to do things better
* We live and breathe it - putting our purpose at the heart ofdecision-making
* We’re bettertogether-understandingpartnerships and inclusivity make usgreater
* We keep evolving - pushing boundaries to make tomorrow better for our customers
Your world of expertise
As our Security Operations Centre Incident Responder / Senior Analyst – Level 3 you won’t just respond to alerts, you’ll lead the defence of the organisation at the highest technical level. This is where expertise meets impact.
You will be the final escalation point for complex cyber threats, trusted to investigate sophisticated attacks, uncover hidden adversary behaviour, and drive rapid, effective response. From identity-based attacks and advanced persistent threats to insider risks, you’ll be working on the incidents that truly matter.
* Act as the final escalation point for complex, high-severity, and major security incidents.
* Lead end-to-end incident response activities including triage, containment, eradication, and recovery.
* Perform advanced threat analysis, including malware analysis and attacker techniques.
* Conduct digital forensics across endpoints, networks, and cloud environments.
* Lead threat hunting activities using intelligence, hypotheses, and behavioural analytics.
We operate an on‑call roster in Technology to provide 24/7/365 support to respond to operational service requirements. This post may be part of an on‑call roster and the postholder would be required to participate in an on‑call roster where in operation.
Our work is life‑changing, often life‑saving and always life‑enhancing. The Met Office is Great Place to Work UK certified. We are also featured on their ‘ Best Workplaces in Tech ’ 2023, 2024 and 2025 lists, as well as their ’ 54 Best Workplaces for Women ’ 2023 list.
As our Security Operations Centre Incident Responder / Senior Analyst – Level 3, your total reward package will be up to £66,268 annually, which includes:
* An outstanding Civil Service pension, with an average employer contribution of 28.97%
* Recruitment Retention Allowance (RRA) you will be paid £6,000 per annum as a market supplement to reflect the demand for your skills. Whilst in post, you will be paid this marketdrivenallowance until March 2027 in your monthly pay
* Annual Leave starting at 27.5 days (plus Bank Holidays) rising to 32.5 days (plus Bank Holidays) after 5 years and option to buy or sell up to 5 days per year of annual leave
Essential Criteria, skills and experience:
* An extensive knowledge of Cyber Security Incident response principles and practices within a Security Operations Centre environment. Degree in Cyber Security, Information Technology, or equivalent experience. Ideally with advanced industry certifications such as: GIAC Certified Incident Handler (GCIH) & or GIAC Certified Forensic Analyst (GCFA) (Expert by nature)
* Strong understanding of network security, including packet analysis and intrusion detection including NDR tooling, and advanced knowledge of SIEM platforms (e.g., Microsoft Sentinel) along with deep expertise with EDR technologies (e.g., Microsoft Defender for Endpoint). Act as the technical lead during major incidents, liaising with senior stakeholders and maintain strict confidentiality and integrity of sensitive information.
* Deep knowledge of operating systems (Windows, Linux) and system internals along with cloud security (Azure, AWS,) and hybrid environments. Experience with digital forensics and incident response (DFIR) tools and methodologies, and experience with scripting and automation (PowerShell, Python).
* Provide technical leadership and mentoring to Level 1 and Level 2 analysts. Review and validate incident investigations and response actions and lead knowledge sharing sessions and training initiatives. (Better Together)
How to apply
If you share our values, we’d love to hear from you! Click apply to begin your application. Please complete your career history and provide evidence against each of the essential criteria in the supporting statement questionnaire. We recommend candidates use the CARL method (Context, Action, Result and Learning) for presenting evidence of experience and skills.
Closing date 15/03/2026 at 23:59 with first stage interviews commencing from 23/03/2026. You will hear from us once the closing date has passed.
Using AI in your application
We welcome applications that use AI tools for support in drafting or refining, as long as they accurately reflect your own skills and experience. All hiring decisions at the Met Office are made by people, not AI. For more details, visit our approach to recruitment .
How we can help
If you have any questions or would like to discuss this opportunity further, please contact us at careers@metoffice.gov.uk .
If you’re considering applying and need support to do so, please get in touch. You can request adjustments either within your application or by contacting us. Should you be offered an interview, please be aware there may be a selection exercise which could include a presentation, written test or a scenario-based activity. You can select in your application to be considered under the DisabilityConfidentScheme. To be invited to interview/assessment under this scheme, your application must meet the essential criteria for the role.
We understand that great minds don ’ t always think alike and as an equal opportunities employer we welcome applications from those with all protected characteristics. We recruit on merit, fairness, and open competition in line with the Civil Service Code.
We can only accept applications from those eligible to live and work in the UK - please refer to GOV.UK for information. We require Security clearance, for which you need to have resided in the UK for at least 3 of the last 5 years to be eligible, 2 of these years must be immediately preceding the point of your application. You will need to achieve full security clearance within your first 6 months with us.
If you feel that your application has not been treated in accordance with the Recruitment Principles, and wish to make a complaint, then in the first instance you should contact us at: careers@metoffice.gov.uk If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission at: info@csc.gov.uk
Our rewards and benefits are as varied as our customers and our people, depending on your role, and which part of the business you join. The one thing they have in common is that they’re designed to recognise your contribution to our success.
Starting at 27.5 days and rising to 32.5 days after five years of service (both figures exclude bank holidays). As well as the flexibility to buy or sell annual leave annually.
You’ll automatically qualify to join our alpha pension scheme, part of the Civil Service Pension arrangements. The scheme is recognised as one of the most generous occupational pensions.
Lifestyle support
Whether you wish to utilise our excellent family-friendly schemes, be paid up to 3 days for volunteering with your chosen organisation, have the reassurance of a generous sickness pay scheme or be part of an organisation that is happy to pro‑actively talk about flexible working the Met Office wants you to have a great work and lifestyle balance.
Established hybrid working
We have bases all over the UK and some roles allow for you to work abroad so there is the option to travel for work also, we have established amazing hybrid working practices across all of our offices and have enhanced technology to enable office and home-based meetings. We work with employees to agree on a suitable working pattern that works for us both and have various working patterns in place.
Investing in your development
The world around us is constantly changing. New technologies, shifting climate patterns, artificial intelligence. These factors and more shape the need for us to develop our skills and knowledge as a business and as individuals. Our investment in learning and development is testament to this and we have partnered with external bodies in each profession to help shape the way we develop the incredible talent right across the Met Office. We help everyone to understand their strengths and opportunities and tailor learning programmes that match their career. For us, this is world-leading learning and development.
Employee stories
Jim Ovens
Lead Technical Architect
I returned to the Met Office motivated by our purpose to help people make better decisions to stay safe and thrive. I know what I do is meaningful and that matters.
Joe George
Lead Technical Architect
It's genuinely rewarding to work for an organisation that does incredible things, truly values and challenges me, enables me to work with other talented people, and where I can help to make a real impact in the UK and globally.
Jonathan Murch
Head of Security Operations
This is much more than a career for me. It’s an adventure where every project, challenge and partnership supports my development while achieving amazing things.
Luke Carr
Software Developer
I’m afforded ample opportunities to explore new technological avenues. Being trusted in this way has enabled me to develop while contributing to my team’s output. Before joining the Met Office, I couldn’t have imagined this approach being viable in a software delivery team. And now it’s this forward‑thinking spirit that keeps me excited and motivated.
Beth Harper
Software Developer
I love my role because every day is different. I like how varied it is and the fact that every day there are different customers to talk to, different problems to solve, and different solutions to work on.
Mathew Gard
Software Developer
We’re an expert voice representing technology and its possibilities, working together with other talented people in data, user design and products. Together we drive innovation in new technologies and ensure crucial data is made available for our customers to make decisions that affect their daily lives.
Our typical recruitment process
5. Assessment
Some roles may require you to attend an assessment day. Any job‑specific assessments will be outlined in the job advert and more details will be provided at the interview stage.
6. Offer
If you are successful following the interview, the hiring manager will contact you to offer the role. The Resourcing Team will then follow up with an offer letter and start your onboarding.
7. Onboarding
Before we can confirm a start date, we will first need to complete security clearance and reference checks. These usually take between eight to ten weeks to complete. We'll also discuss any workplace adjustments that you may need. So they are in place on your first day.
On your first day your new manager will introduce you to the team and you’ll start our online corporate induction. You’ll also be asked to update your details in our People Hub system including bank details ready for your first pay day.
For those living outside of the UK, there are some roles where we can sponsor Skilled Worker visas. However, you will still need to pass security clearance which requires you to have resided in the UK for 30 months in the last three years.
Ready to apply?
Security Operations Centre Incident Responder / Senior Analyst – Level 3
If you can't see a job that interests you, why not register for our job alerts by email service? And we’ll email you when a job that matches what you're looking for is uploaded onto the site.
#J-18808-Ljbffr