Job description
Flexible working: We recognise the importance of a healthy work-life balance and offer full-time, part-time, and compressed hours. While hybrid working can be more restricted, due to the nature of the work, around 40% home working may be available depending on business needs.
About Us
GCHQ is an intelligence, cyber and security agency with a mission to keep the UK safe. We use cutting-edge technology, ingenuity and partnerships to identify, analyse and disrupt threats. Working with our intelligence partners MI5 and MI6, we protect the UK from terrorism, cyber-attacks and espionage. At GCHQ you’ll do varied and fascinating work in a supportive and inclusive environment that puts the emphasis on teamwork.
The Role
As a Senior Cyber Security Analyst, you’ll be key to protecting our organisation against a range of cyber threats. From malware outbreaks and insider activity to denial-of-service attacks and phishing, your role will be vital in detecting, responding to, and mitigating risks.
On any given day, you might investigate high-priority alerts, analyse logs, or network traffic and endpoint activity using tools like Splunk. Whether you're monitoring security alarms, creating new detection content, using threat intelligence to strengthen our defences, or responding to breaches, each day will begin with a team meeting to review ongoing investigations and plan.
Continuous improvement is central to all we do. So, you’ll lead efforts to streamline our operating processes that make the team more efficient and effective. As a senior leader, you'll also mentor junior analysts and provide expert guidance. Plus, you’ll have the opportunity to dive into Digital Forensics and supporting security incidents.
While much of your work will contribute to the future direction of the team, offering insight into new initiatives and staying up to date with the latest cyber security tools and techniques. You’ll also have an overview of past alerts, reviewing notifications from the previous night and prioritising incidents based on severity and impact.
About You
You’ll bring a background in cyber security analysis and a passion for IT. Ideally, you’ll have experience with host intrusion detection analysis, but don’t worry if that’s an area you’re still developing in - plenty of training will be provided. You’ll also have a solid understanding of both Windows and Linux Operating Systems.
You’ll need to have at least 6 months experience as a Cyber Security or Secure Operations Centre (SOC) Analyst.
As a leader, you’ll be as comfortable working independently as you are when collaborating with others. In this role, working closely with IT teams and network administrators will be vital to tackling and neutralising threats. Alongside your technical skills, you’ll bring effective communication and problem-solving abilities.
Training and Development
From the moment you join us, we’ll support your growth. Here, you’ll benefit from a mix of internal and external training that refines your skills and expands your expertise.
Variety is built into this role, so you’ll have the opportunity to work across several cyber security specialisms. We’ll also support your pursuit of industry-recognised qualifications like SANS (SysAdmin, Audit, Network and Security) and CISSP (Certified Information Systems Security Professional), and offer opportunities to travel, attend conferences, and stay up-to-date with cyber security innovation. Any travel opportunities are not mandatory and will likely be infrequent.
Rewards and Benefits
You’ll receive a starting salary of £44,044, plus other benefits including:
* 25 Days Annual Leave automatically rising to 30 days after 5 years' service, and an additional 10.5 days public and privilege holidays
* Opportunities to be recognised through our employee performance scheme
* Interest-free season ticket loan
* Excellent pension scheme
* Cycle to work scheme
* Facilities such as a gym, restaurant, and on-site coffee bars (at some locations)
* Paid parental and adoption leave.
Equal Opportunities
At GCHQ diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds.
Find out more about our culture, working environment and diversity on our website:
https://www.gchq-careers.co.uk/life-at-gchq/diversity-inclusion.html
We’re Disability Confident
GCHQ is proud to have achieved Leader status within the DWP’s Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people. As a Disability Confident Leader we aim to ensure that a fair and proportionate number of disabled applicants who best meet the essential minimum criteria for this position, will be offered an interview, if it is practical for us to do so. (This is known as Offer of an Interview.) To secure an interview for this role, the minimum criteria (in order of application process) are:
* At least 6 months’ experience of working as a Cyber Security / Security Operations Centre Analyst
* Evidence of experience working in at least one of the following fields: malware analysis, intrusion detection and incident response
* Evidence of experience of line management; OR of tasking of, or delegation to, team members.
These criteria will be assessed at CV sift.
There is a wide range of extra support available throughout the recruitment process to enable you to do your best, see our website for information on reasonable adjustments (link) we can offer.
What to Expect
Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:
* Application sift, looking at your motivation for the role and the organisation and your essential skills
* Virtual competency and technical based interview
* If successful, you will receive a conditional offer of employment
Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 - 9 months to process including vetting, so we advise you continue any current employment until you have received your final job offer.
Before You Apply
To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here .
This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here .
Please note we have a strict drugs policy, so once you start your application, you can’t take any recreational drugs and you’ll need to declare your previous drug usage at the relevant stage.
Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid having identifying features in your email address, such as your first and/or surname and date of birth. This is good practise and will help you manage your application with us more securely.
The role is based in Cheltenham so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs.
Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member.
Right to Withdraw Statement:
Please be aware that we withhold the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment.
#J-18808-Ljbffr