We're looking for an exceptional Security Operations Centre Incident Responder / Senior Analyst - Level 3to help us make a difference to our planet.
As our Security Operations Centre Incident Responder / Senior Analyst - Level 3, the job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work.
Our opportunity is full time, 37 hours per week. Our people are at the heart of what we do, and we'll do our best to agree a working pattern that works for everyone.
World changing work
From science to technology, from meteorology to management, and from planning to communication, our expertise helps us stand out as the authority on weather accuracy and climate prediction. We help individuals, industries and government to make better decisions to stay safe and thrive. This is the Met Office. This is who we are.
* We're a force for good - focusing on our environmental and social impact
* We're experts by nature - always learning and developing to do things better
* We live and breathe it - putting our purpose at the heart of decision-making
* We're better together - understanding partnerships and inclusivity make us greater
* We keep evolving - pushing boundaries to make tomorrow better for our customers
Your world of expertise
As our Security Operations Centre Incident Responder / Senior Analyst - Level 3 you won't just respond to alerts, you'll lead the defence of the organisation at the highest technical level. This is where expertise meets impact.
You will be the final escalation point for complex cyber threats, trusted to investigate sophisticated attacks, uncover hidden adversary behaviour, and drive rapid, effective response. From identity-based attacks and advanced persistent threats to insider risks, you'll be working on the incidents that truly matter.
* Act as the final escalation point for complex, high-severity, and major security incidents.
* Lead end-to-end incident response activities including triage, containment, eradication, and recovery.
* Perform advanced threat analysis, including malware analysis and attacker techniques.
* Conduct digital forensics across endpoints, networks, and cloud environments
* Lead threat hunting activities using intelligence, hypotheses, and behavioural analytics.
We operate an on-call roster in Technology to provide 24/7/365 support to respond to operational service requirements. This post may be part of an on-call roster and the postholder would be required to participate in an on-call roster where in operation.
Our work is life-changing, often life-saving and always life-enhancing. The Met Office is Great Place to Work UK certified. We are also featured on their 'Best Workplaces in Tech' 2023, 2024 and 2025 lists, as well as their '54 Best Workplaces for Women' 2023 list.
Essential Criteria, skills and experience
* An extensive knowledge of Cyber Security Incident response principles and practices within a Security Operations Centre environment. Degree in Cyber Security, Information Technology, or equivalent experience. Ideally with advanced industry certifications such as: GIAC Certified Incident Handler (GCIH) & or GIAC Certified Forensic Analyst (GCFA) (Expert by nature)
* Strong understanding of network security, including packet analysis and intrusion detection including NDR tooling, and advanced knowledge of SIEM platforms (e.g., Microsoft Sentinel) along with deep expertise with EDR technologies (e.g., Microsoft Defender for Endpoint). Act as the technical lead during major incidents, liaising with senior stakeholders and maintain strict confidentiality and integrity of sensitive information.
* Deep knowledge of operating systems (Windows, Linux) and system internals along with cloud security (Azure, AWS,) and hybrid environments. Experience with digital forensics and incident response (DFIR) tools and methodologies, and experience with scripting and automation (PowerShell, Python).
* Provide technical leadership and mentoring to Level 1 and Level 2 analysts. Review and validate incident investigations and response actions and lead knowledge sharing sessions and training initiatives. (Better Together)
How to apply
If you share our values, we'd love to hear from you! Click apply to begin your application. Please complete your career history and provide evidence against each of the essential criteria in the supporting statement questionnaire. We recommend candidates use the CARL method (Context, Action, Result and Learning) for presenting evidence of experience and skills.
Closing date 15/03/2026 at 23:59 with first stage interviews commencing from 23/03/2026. You will hear from us once the closing date has passed.
Using AI in your application
We welcome applications that use AI tools for support in drafting or refining, as long as they accurately reflect your own skills and experience. All hiring decisions at the Met Office are made by people, not AI. For more details, visit our approach to recruitment.
How we can help
If you have any questions or would like to discuss this opportunity further, please contact us at .
If you're considering applying and need support to do so, please get in touch. You can request adjustments either within your application or by contacting us. Should you be offered an interview, please be aware there may be a selection exercise which could include a presentation, written test or a scenario-based activity. You can select in your application to be considered under the Disability Confident Scheme. To be invited to interview/assessment under this scheme, your application must meet the essential criteria for the role.
We understand that great minds don't always think alike and as an equal opportunities employer we welcome applications from those with all protected characteristics. We recruit on merit, fairness, and open competition in line with the Civil Service Code.
We can only accept applications from those eligible to live and work in the UK - please refer to GOV.UK for information. We require Security clearance, for which you need to have resided in the UK for at least 3 of the last 5 years to be eligible, 2 of these years must be immediately preceding the point of your application. You will need to achieve full security clearance within your first 6 months with us.
If you feel that your application has not been treated in accordance with the Recruitment Principles, and wish to make a complaint, then in the first instance you should contact us at: If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission at:
#J-18808-Ljbffr