Working as a Security Threat Detection Analyst in the Cyber Security Monitoring and Investigations team, you will be part of an innovative and service-orientated team of analysts, focused on the detection and investigation of potential indicators of compromise and malicious activity on DWP systems and devices. Your main responsibilities will be to: Provide a second-tier escalation function for the resolution of security events that have been triaged by others, providing direction and guidance, and ensuring an effective response to alerts and risks as they are identified. Undertake comprehensive investigation of security alerts as well as proactive analysis of activity captured in system logs and security tools, to quickly determine if systems have been compromised. Support Intelligence Analysts and the Security Incident Response Team, by providing detailed technical input to on-going investigations, building on detailed log data, digital outputs, and threat intelligence in relation to the mitigation, detection and response to potential cyber-attacks. Effectively use the latest analytical SIEM tools including open-source intelligence to identify security compromises within large amounts of complex data. Use malware analysis tools (commercial and/or open source) to support analysis and decision making. Demonstrate strong knowledge of the latest security threats and indicators of compromise to ensure a robust response to new threats and attack vectors. Provide timely intervention to protect the DWP IT Estate through recommending and operating containment processes to isolate and prevent the spread of malware. Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities. Ensure intelligence is effectively used to maintain the integrity of alerts and to ensure alerts continue to remain relevant and focused on the latest threats. Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity. Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies. Support the transformation of the Departments response to digital delivery and the security threats this presents; including operating new analytical tools to generate innovative security alerts. Support remedial activity as a result of identified weaknesses within the estate. Manage multiple priorities and respond flexibly to competing demands. Line management of Tier 1 analysts. The Cyber Security Monitoring & Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work outside of usual office hours as the work dictates. Person specification A strong candidate will be able to demonstrate the following ESSENTIAL CRITERIA. Please use the personal statement to evidence your skills and experience in the following areas : Experience of performing in-depth analysis of cyber security alerts with evidence of ability to determine if systems have been compromised. Skilled in using a variety of the latest SIEM/network analysis tools and of proactively interrogating large sets of structured and unstructured data, to identify malicious activity or anomalous behaviour. Comprehensive knowledge of tactics and techniques an adversary could use to bypass or evade security controls, and experience of developing detections to mitigate such activities. Demonstrable experience of providing technical input into security investigations and be skilled at communicating that information to both technical and non-technical stakeholders. Behaviours We'll assess you against these behaviours during the selection process: Communicating and Influencing Making Effective Decisions Working Together Changing and Improving Technical skills We'll assess you against these technical skills during the selection process: Intrusion detection and analysis - (Government Cyber Security Profession Skills Framework Practitioner Level) Incident management, incident investigation and response - (Government Cyber Security Profession Skills Framework Practitioner Level) Benefits Alongside your salary of 44,447, Department for Work and Pensions contributes 12,876 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. DWP have a broad benefits package built around your work-life balance which includes: Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours. Generous annual leave at least 23 days on entry, increasing up to 30 days over time (prorata for part time employees), plus 9 days public and privilege leave. Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme. Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly). Family friendly policies including enhanced maternity and shared parental leave pay after 1 years continuous service. Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes. An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Womens Network, National Race Network, National Disability Network (THRIVE) and many more. Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. Stage 1: APPLICATION & SIFT As part of the application process you will be asked to complete a CV & personal statement of suitability (1,000 words). All applications will be assessed and sifted based on the essential criteria in the Person Specification section of the advert, using the information you provide in your completed application form.Further details around what this will entail are listed on the application form. The sift panel will use the information relating to your employment history (your CV) and your personal statement of suitability, to assess your experience, skills and knowledge. When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein. In the event of a large number of applications we will use the Lead Criteria 'Experience of performing in-depth analysis of cyber security alerts with evidence of ability to determine if systems have been compromised' to initially assess your application during the Sift stage. Applications must include: A. A completed Personal Details application form. B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description. C. A personal statement. In no more than 1000 words, please demonstrate how you meet the essential criteria, outlined in the 'Person Specification' section of the job advert. A NOTE ON ANONYMISATION *Due to DWPs use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role. IMPORTANT INFORMATION: Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application. DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn. Stage 2 SIFT & INTERVIEW INFORMATION: Applications will be sifted at regular intervals from the date the posts are advertised. Sifting for this role will be concluded as soon as the advert closes. The final stage of the process will be a face-to-face interview where you will be assessed against the behaviours and technical skills outlined in the advert. Candidates will be required to give a short presentation at interview, details of which will be provided prior to you attending. Only candidates that have been successful at the previous stage will be invited to attend an interview. Interviews will commence sometime after 3rd October 2025. Sift and interview dates to be confirmed. Further Information Find out more about Working for DWP A reserve list may be held for a period of 6months from which further appointments can be made. Any move to DWPfrom another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk If successful and transferring from another Government Department a criminal record check may becarried out. In order to process applications without delay, we will be sending a Criminal Record Check toDisclosure and Barring Service/Disclosure Scotlandon your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading. For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk For further information on National Security Vetting please visit the Demystifying Vetting website. New entrants are expected to join on the minimum of the pay band. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicants details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action. Reasonable Adjustment At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should contact Government Recruitment Service via DWPRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the Reasonable Adjustments section in the Additional requirements page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if youre deaf, a Language Service Professional. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use. For these vacancies, we strongly recommend that applicants consult with an immigration specialist or qualified advisor to assess their eligibility for Visa Sponsorship before deciding to apply. Please note that while we consider sponsorship requests in accordance with current DWP guidance and Home Office policy, sponsorship cannot be guaranteed. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window). Apply and further information This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative. Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Louise Williams Email : louise.c.williams@dwp.gov.uk Recruitment team Email : dwprecruitment.grs@cabinetoffice.gov.uk Further information Appointment to the Civil Service is governed by the Civil Service Commissions Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DWP by email: HR.BUSINESSASSURANCE@DWP.GOV.UK. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission. Click here to visit the Civil Service Commission. Attachments Candidate Pack SMI Security Threat Detection Analyst Sept 25 422051 Opens in new window (pdf, 1004kB) DWP Terms and Conditions January 2024 (3) Opens in new window (docx, 17kB) Success-Profiles-Candidate-Overview-Accessble-Version Opens in new window (docx, 69kB)