Details Reference number 433809 Salary £40,398 - £51,398 Base salary is £40,398 with an additional, non-pensionable DDaT allowance of £4,350 - £11,000 available. The final salary and allowance awarded will be based on an assessment of your skills and experience as demonstrated at interview. A Civil Service Pension with an employer contribution of 28.97% GBP Job grade Higher Executive Officer DDaT Senior / DDaT D(IT) Contract type Permanent Business area CH - Digital Services Type of role Security Other Working pattern Flexible working, Full-time Number of jobs available 1 Contents Location About the job Benefits Things you need to know Apply and further information Location Belfast, Northern Ireland, BT2 8BG : Cardiff, Wales, CF14 3UZ : Edinburgh, Scotland, EH8 8FT About the job Job summary We are looking for a technically skilled Senior Security Operations Specialist to help drive the transformation of our Security Operations Centre (SOC). This role is to collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses. Companies House offers a flexible and welcoming culture that promotes a healthy work life balance as well as a proactive approach to wellbeing that allows us to be our best at work. We recognise that people are the key to our success so offer a fantastic benefits package including flexible working with no core hours, 30 days annual leave, 8 bank holidays and 1 privilege day as well as enrolment into the Civil Service Pension scheme with a contribution rate averaging 28%. Find out more about what a great place Companies House is to work Job description As the Senior Security Operations Specialist, your key deliverables will include: Supporting implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs Monitoring, triaging and investigating security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate Designing, developing and supporting automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to: Detect malicious activity Ensure continuous improvement through dashboard monitoring or retrospective assessment About the team Our team is at the forefront of establishing a new Security Operations Centre (SOC) function, focused on building robust security capabilities from the ground up. We are implementing cutting-edge technologies, designing and refining processes and policies, and embedding modern security controls across the organisation. A key part of our mission is to significantly improve monitoring visibility and threat detection across hybrid cloud environments. The team operates in a highly collaborative and forward-thinking culture, offering an exciting opportunity to shape the future of security operations in a dynamic and fast-evolving landscape. To be eligible for this role you also need to meet our Nationality requirements which are outlined below and also successful candidates must meet the security requirements for Security Clearance (SC) before they can be appointed. To gain (SC) you will need to have been a UK resident for a minimum of 3 years out of the last 5 years. Further information can be found below. Companies House also cannot offer Visa sponsorship to candidates through this campaign. Where you will be working You will be aligned to either our Cardiff, Belfast or Edinburgh office, where you will be expected to attend on a regular basis. We are currently using a hybrid approach to the way we work which provides opportunities for you to be adaptable in the way you work so that you can achieve a healthy balance between your work and home life. The degree of choice you have will depend on your role and your day-to-day work activities. Your manager will agree regular patterns of attendance with you, however you may be required to make yourself available to attend the office more frequently when required to meet business needs. Working Hours Due to the nature of this role and structure of the team, this is only a full time position of 37 hours per week. Person specification To be successful in this role, we are looking for the following: Knowledge Good understanding of security operations workflows, threat detection techniques, and common attack vectors Knowledge of cloud security concepts, particularly within AWS environments Awareness of security incident categories and how to differentiate between benign and malicious behaviours Familiarity with SOC playbooks, escalation paths, and incident response processes Experience Hands-on experience in a SOC environment, performing first-line alert triage and initial investigation Experience using Microsoft Sentinel and Microsoft Defender products in a professional or lab setting Exposure to AWS cloud services, with a focus on security-related features (CloudTrail, GuardDuty, IAM, etc.) Familiarity with Terraform or similar IaC tools in the context of managing cloud resources or security controls Experience escalating incidents according to defined processes and documenting actions taken Abilities Ability to quickly assess security alerts, determine relevance/priority, and escalate as needed Strong attention to detail and methodical approach to log review and data analysis Capability to follow and improve existing SOC procedures and monitoring playbooks Willingness to work in a shift-based environment and respond to evolving security threats Qualifications Degree or diploma in Cybersecurity, Information Technology, or related field (or equivalent hands-on experience) Certifications such as CompTIA Security, Microsoft SC-200 (Security Operations Analyst), AWS Security Specialty are desirable. Behaviours We'll assess you against these behaviours during the selection process: Making Effective Decisions Working Together Technical skills We'll assess you against these technical skills during the selection process: Strong analytical and diagnostic skills for assessing and triaging security events Proficiency in using SIEM tools (particularly Microsoft Sentinel) for alert analysis and log investigation Skilled in using Microsoft Defender suite (Defender for Endpoint, Identity, etc.) for threat detection Basic scripting or automation skills (e.g., PowerShell, Python, or using Terraform) to support response or rule tuning Clear written and verbal communication skills for documenting findings and escalating appropriately We only ask for evidence of these technical skills on your application form: Strong analytical and diagnostic skills for assessing and triaging security events Proficiency in using SIEM tools (particularly Microsoft Sentinel) for alert analysis and log investigation Skilled in using Microsoft Defender suite (Defender for Endpoint, Identity, etc.) for threat detection Basic scripting or automation skills (e.g., PowerShell, Python, or using Terraform) to support response or rule tuning Benefits Alongside your salary of £40,398, Companies House contributes £11,703 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. We believe that our success is driven by the well-being and satisfaction of our team members at all levels of the organisation. At Companies House were committed to providing a comprehensive benefits package that goes beyond the ordinary, ensuring your career journey with us is not only fulfilling, but also rewarding. We pride ourselves on offering a quality work-life balance with our employee wellbeing being central to our working practices. Head to Our benefits - Working for us - Recruitment ( to find out more about the fantastic benefits package we have at Companies House. We celebrate diversity As an equal opportunity employer, we celebrate diversity, being committed to ensuring were representative of the citizens we serve and creating an inclusive environment. Everyone in Companies House brings something different, and so will you. To fulfil our commitment to recruiting and attracting diverse talent we welcome applications from underrepresented groups. We also welcome applications from Welsh speakers. We are proud to be a disability confident leader. Our recruitment process is fully inclusive and we can make adjustments as needed through our process. These could include having an interview buddy, extra time at interviews/assessments and receiving interview questions in advance, to name a few. If you require any reasonable adjustments at application stage, or if you'd like to discuss any person-centred adjustments, please contact us by emailing. Things you need to know Selection process details This vacancy is using Success Profiles, and will assess your Behaviours, Experience and Technical skills. In your application form wed like you to: Tell us about your employment history, including any key responsibilities and achievements which we will use to assess the experience criteria listed above. Provide evidence to demonstrate how you meet the technical skills listed in the advert. The sift criteria is as follows: Hands-on experience in a SOC environment, performing first-line alert triage and initial investigation Experience using Microsoft Sentinel and Microsoft Defender products in a professional or lab setting Exposure to AWS cloud services, with a focus on security-related features (CloudTrail, GuardDuty, IAM, etc.) Familiarity with Terraform or similar IaC tools in the context of managing cloud resources or security controls Experience escalating incidents according to defined processes and documenting actions taken Strong analytical and diagnostic skills for assessing and triaging security events Proficiency in using SIEM tools (particularly Microsoft Sentinel) for alert analysis and log investigation Skilled in using Microsoft Defender suite (Defender for Endpoint, Identity, etc.) for threat detection Basic scripting or automation skills (e.g., PowerShell, Python, or using Terraform) to support response or rule tuning Were committed to being diverse and inclusive, so please make your application anonymous by removing all identifying personal information (such as names) from your employment history and statements. Sift Process Well carry out a sift of applications. We may raise the score required at sift stage to progress to interview if we receive a high number of applications. Also, if we receive a high volume of applications, we will carry out a pre-sift on your demonstration of your experience in your work history. At sift we may choose to take through the highest performing candidates to the next stage. If, after the final stage is completed and roles are unfilled, we will proceed to invite lower scoring candidates to interview. Successful candidates at sift will be invited to a virtual interview. Interview Process Companies House uses a blended interview technique, allowing us to find out more about you. We use the Success Profile framework and at interview we will use Success Profiles assessing the Behaviours, experience and technical skills listed in the advert and Strengths. There will be an activity as part of the interview. Further information will be provided to candidates selected for interview. A reserve list may be held for up to 12 months from which further appointments may be made for the same or similar roles. If after interview you are not found appointable at the advertised grade you may be offered the lower grade role if you are considered to meet the skills, experience and behaviours for the lower level. The benchmark for appointing to the lower grade is set at the start of each campaign. All offers will be made in merit order. Key dates (dates are indicative only and could be subject to change) Closing date - 02 November 2025 (at 23:55) Sifting - w/c 03 November 2025 Interviews - w/c 17 November 2025 Artificial Intelligence (AI) We understand that you might use AI and other resources for your application; however, please ensure all information you provide is factually accurate, truthful, and original and doesnt include ideas or work that isnt your own. This is so that your application is authentically and credibly your own. Your application may be rejected if evidence of plagiarism or reliance on AI is detected. Examples include presenting the ideas and experience of others, or generated by artificial intelligence (AI), as your own. If you are invited to interview, please be aware the use of AI tools is prohibited (including recording or note taking) and any suspected use may result in the termination of your interview and subsequent withdrawal from the campaign. More information on the ways you should and shouldnt use AI can be found here. Sponsorship Companies House cannot offer Visa sponsorship to candidates through this campaign. Companies House holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify. Should you apply for this role and require sponsorship, your application may be rejected, and any provisional offers of employment withdrawn. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check. See our vetting charter. People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements Working for the Civil Service The Civil Service Code sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles. The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy. Apply and further information This vacancy is part of the Great Place to Work for Veterans initiative. Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Jade Palmer Email : Recruitment team Email : Further information We welcome applications in Welsh / Rydym yn croesawi ceisiadau yn y Gymraeg. Selection for appointment to the Civil Service is on merit, on the basis of fair and open competition, as outlined in the Civil Service Commissions Recruitment Principles. In accordance with the Civil Service Commissioners Recruitment Principles, our recruitment and selection processes are underpinned by the requirement of appointment on the basis of merit by fair and open competition. If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, you should contact in the first instance. If you are not satisfied with the response you receive you can contact the Civil Service Commission. Civil Service Commission, Room G/8, 1 Horse Guards Road SW1A 2HQ