Length of employment: Job Summary: We are seeking a highly skilled and security-focused professional to join our Operational Capability (OC) Team as a Senior Information Security and Monitoring Specialist. In this role, you will lead the detection and investigation of potential security incidents across the organisation, using advanced monitoring tools and Security Information and Event Management (SIEM) systems. You will analyse system alerts, identify indicators of compromise, and coordinate with internal and external stakeholders to ensure timely and effective responses to threats. A key part of the role involves the secure handling, custody, and destruction of classified materials, including STRAP, and providing assurance to partner organisations. Job Description: You will work as a Senior member of the OC Team in the Department's Cyber Resilience Centre (CRC), at the forefront of detecting and investigating potential security threats across CRC. Your primary focus will be on identifying indicators of compromise and malicious activity, conducting in-depth analysis of system alerts and logs, and ensuring swift, effective responses to emerging risks. You will work closely with stakeholders across CRC and the wider security community to coordinate responses, escalate incidents when necessary, and support investigations with clear, actionable intelligence. Your expertise in Security Information and Event Management (SIEM) tools will be critical in driving informed decision-making. You will also oversee local security officers, contribute to the development of monitoring capabilities, and support strategic workforce planning activities. This role requires a strong background in information security, incident response, and protective security practices, with the ability to operate discreetly and decisively in high-assurance environments. DWP have a broad benefits package built around your work-life balance which includes: Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours. Generous annual leave - at least 23 days on entry, increasing up to 30 days over time (pro-rata for part time employees), plus 9 days public and privilege leave. Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme. Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly). Family friendly policies including enhanced maternity and shared parental leave pay after 1 year's continuous service. Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes. An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Women's Network, National Race Network, National Disability Network (THRIVE) and many more. Key Responsibilities Monitor and analyse system alerts and logs to detect suspicious or malicious activity. Conduct proactive threat hunting and incident investigations. Escalate and present potential incidents with comprehensive supporting evidence. Collaborate with internal teams and external partners to coordinate responses to threats. Lead remedial actions following inappropriate internal behaviour or security breaches. Oversee and support Rosa Local Security Officers across UK hubs. Manage Rosa assets and act as Partner Security Officer, ensuring compliance and assurance. Coordinate secure handling of STRAP material across CRC and authorised partners. Contribute to the development and continuous improvement of monitoring systems, processes, and playbooks. Produce workforce modelling and analysis for CRC Senior Leadership. Support workforce planning and strategic capability development alongside the Head of Operational Capability. What We're Looking For We're seeking a highly motivated and experienced professional who can demonstrate Essential Criteria Proven experience in cyber security monitoring and incident response. Strong analytical skills with the ability to interpret complex data and logs. Proficiency in using SIEM tools and other security technologies. Excellent communication and stakeholder engagement skills. Ability to lead investigations and manage sensitive information with discretion. Desirable Criteria Experience working in a government or regulated environment. Familiarity with STRAP material handling and secure asset management. Knowledge of workforce planning and capability development. As part of the application process you will be asked to complete a CV, personal statement and Behaviour Statement. Further details around what this will entail are listed on the application form. Application Candidates will be required to provide a CV covering work history, achievements in role and qualifications. Additionally, a Personal Statement is required, demonstrating how you meet the Essential Criteria (listed in responsibilities section) for this role (maximum 750 words). You are also requested to provide a 250 word statement at application for the lead Behaviour, \"Making Effective Decisions\". Should a large number of applications be received, an initial sift may be conducted using the lead Behaviour, "Making Effective Decisions". Candidates who pass the initial sift may be progressed to a full sift or progressed straight to assessment/interview. The sift panel will use the information relating to your employment history (your CV) and your personal statement of suitability to assess your experience, skills and knowledge and the lead Behaviour. When giving details of your employment history, you should include details of the work that you have been involved in, outcomes, and your role therein. All applications will be assessed and sifted based on the essential criteria in the advert, using the information you provide in your completed application form. Interview Successful candidates will be invited to a video interview where candidates will be assessed on Behaviours and Strengths. We'll assess you against these behaviours at the interview stage: Making Effective Decisions Communicating and Influencing Changing and Improving Leadership We will also ask a Technical question during the interview. Application sifting will take place week commencing 2nd June and interviews will take place from 16th June. Sift and interview dates to be confirmed. Further Information Find out more about Working for DWP A reserve list may be held for a period of 6 months from which further appointments can be made. Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website. If successful and transferring from another Government Department a criminal record check may be carried out. In order to process applications without delay, we will be sending a Criminal Rec ord Check to Disclosure and Barring Service on yo ur behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing stating the job reference number in the subject heading. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant's details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. NSV For further information on National Security Vetting please visit the Demystifying Vetting website. New entrants are expected to join on the minimum of the pay band. Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action. Reasonable Adjustment At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DWPRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the "Reasonable Adjustments" section in the "Additional requirements" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a Language Service Professional. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Feedback