Working as a Cyber Security Monitoring and Investigations Lead, you will lead, manage, and develop an innovative and service-orientated team of analysts focused on the investigation and clearance of security alerts as well as the proactive detection and investigation of potential indicators of compromise or malicious activity on DWP systems. You will manage resources across the team to ensure they are focused on the key threat areas, organising workloads appropriately to deal with competing demands and actively monitoring and reviewing your teams performance indicators. You will provide third tier escalation for the resolution of security events and will provide direction on technical investigations including the validation of malware and other analysis. You will have responsibility for coordinating resources and activities in the technical response to security incidents and will collaborate with stakeholders across DWP and the wider security community to ensure an effective response is delivered. This is an important leadership role that relies on technical skills and understanding of technical information as well as the ability to communicate effectively with technical and non-technical audiences. Responsibilities Successful candidates can expect to be involved in a range of the following: Lead, direct and manage a team of security analysts with responsibility for protecting the integrity of DWP systems from internal and external threat actors You will deliver at pace, ensuring that team resources are focused on the key threat areas, organising workloads appropriately to deal with competing demands and actively monitoring and reviewing your teams performance indicators Provide third tier escalation and management of cyber security incidents, coordinating activities and communications across the team to ensure a cohesive response. You will involve expert domains and stakeholders timeously, as appropriate, to ensure the most effective resolutions Support the Security Incident Response Team (SIRT) by providing expert technical input to ongoing investigations in relation to the mitigation, detection and response to potential cyberattacks Provide timely intervention to protect the DWP IT Estate through operating and directing containment processes to isolate and prevent the spread of attacks Oversee threat hunting activities across the team ensuring that all hunts are carried out in accordance with accepted processes and procedures, ensuring the Departments data is used safely, proportionately, and legally at all times Lead and manage technical investigations that arise from security alerts and events Perform complex analysis in a high-pressure environment encouraging analysts to demonstrate adaptability and creativity, demonstrating professionalism at all times, and upholding the teams credibility across DWP Coach and develop a team of analysts to grow capability and ensure team members are equipped with the skills and knowledge to effectively undertake their job roles Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continual improve existing capabilities Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity Demonstrate strong analytical and detail-oriented skills with excellent understanding of the latest analytical SIEM tools and how these can be used to identify security compromises within large amounts of complex data Have strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies Demonstrate excellent communication skills with an ability to clearly articulate, summarise and describe technical issues to non-technical colleagues Co-ordinating resources and activities in the technical response to incidents, working within the confines of relevant legislation as it applies to cyber security and digital forensics activities ensuring that all legal and internal compliance standards are maintained and that all outputs and reports are fit for purpose Look across Government and private industry to continually review processes and identify best practice in the rapidly developing world of responding to security threats Use understanding of device and audit logging standards to develop effective security monitoring Line manage a team of security monitoring analysts The Security Monitoring and Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work as part of an on-call rota and to work outside of usual office hours as investigations dictate. Travel to different DWP sites and Government agencies with occasional overnight stays will also be required. The job holder will be expected to work an appropriate pattern that allows them to maintain regular contact with team members and attend meetings and host 1-2-1s within the shift pattern. Person specification Successful candidates will need to demonstrate their suitability for the role by evidencing the essential criteria below in their personal statement: Essential Criteria : ( LEAD CRITERIA ) Proven track record in cyber security, with experience of leading and coaching a team of analysts working across a broad tool set to detect malicious activity on the IT estate. Experience of performing in-depth analysis of cyber security alerts to quickly determine if systems have been compromised and experienced in providing tiered analysis of technical events escalated by other team members. Proven experience of security incident management, leading and managing technical investigations and assessing risk, and of providing technical input to ongoing investigations. Experience of using a variety of SIEM and network analysis tools, techniques, and procedures to detect malicious activity on the IT estate. Proven ability to foster and develop influential relationships, possessing excellent communication and inter-personal skills to develop substantial credibility with key stakeholders across the Department. Behaviours We'll assess you against these behaviours during the selection process: Communicating and Influencing Making Effective Decisions Leadership Developing Self and Others Changing and Improving Technical skills We'll assess you against these technical skills during the selection process: Incident management, incident investigation and response - (Government Cyber Security Profession Skills Framework Practitioner Level) Intrusion detection and analysis - (Government Cyber Security Profession Skills Framework Practitioner Level) Threat Understanding - (Government Cyber Security Profession Skills Framework Practitioner Level) Benefits Alongside your salary of 55,557, Department for Work and Pensions contributes 16,094 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. DWP have a broad benefits package built around your work-life balance which includes: Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours. Generous annual leave at least 23 days on entry, increasing up to 30 days over time (prorata for part time employees), plus 9 days public and privilege leave. Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme. Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly). Family friendly policies including enhanced maternity and shared parental leave pay after 1 years continuous service. Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes. An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Womens Network, National Race Network, National Disability Network (THRIVE) and many more. Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills. Stage 1: APPLICATION & SIFT Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use. As part of the application process you will be asked to complete a CV & personal statement of suitability (1,000 words). All applications will be assessed and sifted based on the essential criteria in the Person Specification section of the advert, using the information you provide in your completed application form.Further details around what this will entail are listed on the application form. In the event of a large number of applications being received we will use the Lead Criteria to initially assess your application during the sift stage: Proven track record in cyber security, with experience of leading and coaching a team of analysts working across a broad tool set to detect malicious activity on the IT estate. Candidates who pass the initial sift will be progressed to a full sift. The sift panel will use the information relating to your employment history (your CV) and your personal statement of suitability, to assess your experience, skills and knowledge. When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein. Applications must include: A. A completed Personal Details application form. B. A curriculum vitae* with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description. C. A personal statement. In no more than 1000 words, please demonstrate how you meet the essential criteria, outlined in the 'Person Specification' section of the job advert. A NOTE ON ANONYMISATION *Due to DWPs use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role. IMPORTANT INFORMATION: Please include all other information that you would customarily provide when presenting a CV, as the sift panel use this information to assess your application. DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn. Stage 2 SIFT & INTERVIEW INFORMATION: Applications will be sifted at regular intervals from the date the posts are advertised. Sifting for this role will be concluded as soon as the advert closes. The final stage of the process will be a face-to-face interview where you will be assessed against the behaviours and technical skills outlined in the advert. For the Behaviour based questions it may help to use one or more examples of a piece of work you have completed or a situation you have been in, and use the WHO or STAR model to explain: What was the task/work/situation, how did you approach it and what were the outcomes / what did you achieve Candidates will be required to give a short presentation at interview, details of which will be provided prior to you attending. Only candidates that have been successful at the previous stage will be invited to attend. Sift and Interview dates to be confirmed. Further Information Find out more about Working for DWP Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action. A reserve list may be held for a period of 6 months from which further appointments can be made. Any move to the Department of Work and Pensions from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare; for further information visit the Childcare Choices website. If successful and transferring from another Government Department a criminal record check may be carried out. In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading. For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk NSV For these vacancies, we strongly recommend that applicants consult with an immigration specialist or qualified advisor to assess their eligibility for Visa Sponsorship before deciding to apply. Please note that while we consider sponsorship requests in accordance with current DWP guidance and Home Office policy, sponsorship cannot be guaranteed. For further information on National Security Vetting please visit the Demystifying Vetting website. New entrants are expected to join on the minimum of the pay band. Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicants details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. Reasonable Adjustment At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DWPRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the Reasonable Adjustments section in the Additional requirements page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if youre deaf, a Language Service Professional. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Feedback Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window). Apply and further information This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative. Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Louise Williams Email : louise.c.williams@dwp.gov.uk Recruitment team Email : dwprecruitment.grs@cabinetoffice.gov.uk Further information Appointment to the Civil Service is governed by the Civil Service Commissions Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DWP by email: HR.BUSINESSASSURANCE@DWP.GOV.UK. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission. Click here to visit the Civil Service Commission. Attachments Candidate Pack SMI Lead Sept 25 Opens in new window (pdf, 1011kB)