Details
Reference number
428106
Salary
£44,720
You may be eligible for an additional non-pensionable allowance, pending a Capability and Skills assessment, with a value of up to £12,680 (location dependent).
A Civil Service Pension with an employer contribution of 28.97%
GBP
Job grade
Senior Executive Officer
Contract type
Permanent
Business area
HO - Digital Data and Technology - Cyber Security
Type of role
Digital
Information Technology
Security
Working pattern
Full-time
Number of jobs available
2
Contents
* Location
* About the job
* Benefits
* Things you need to know
* Apply and further information
Location
Soapworks - Manchester
About the job
Job summary
The Home Office Cyber Security Operations Centre (CSOC) works 24/7/365 to protect the organisation from cyber threats. Threat Operation's is an operational area within the CSOC that consists of several Proactive and Reactive services.
The CSOC's Threat Modelling team is a core function and is responsible for identifying, prioritising, and mitigating potential cyber threats and vulnerabilities within Home Office systems, applications and networks. This function is closely tied in with the CSOC Onboarding process specifically but also other crucial areas like Threat Intelligence, Threat Hunting and the Use Case Factory.
The Senior Threat Modelling Analyst will assist in the delivery of cyber threat modelling and aid use case development across Home Office systems onboarded to the CSOC. The Threat Modelling team performs an enabling function to the wider CSOC, ensuring relevant data is onboarded and security controls are recommended, to protect the organisation from cyber threats.
We're recruiting Digital, Data and Tech professionals to join the Home Office, working in a wide range of roles. Click this link to find out more - UK Home Office Careers
Job description
The Senior Threat Modelling Analyst role's focus will be Threat Modelling within the Threat Operations unit and working closely with stakeholders and service owners. Understanding of technical research and analysis of adversary tools, techniques and procedures (TTPs) which might be used to compromise technology components is a key skill needed. Threat Modelling is responsible for identifying preventative, detective and corrective controls which may involve liaison with subject matter experts (SMEs). You will perform deep-dive analysis against technology components, create threat-focussed data flow diagrams using tools like MS Visio, and draft use case proposals articulating your defined detection requirements against that component. You will manage your workload within the Jira ecosystem which integrates closely to our processes.
Key Responsibilities:
* Assist in conducting and maturing the CSOC's threat modelling processes to meet the organisation's needs in line with appropriate standards. Help provide advice to stakeholders on mitigation, escalating where appropriate.
* Support identifying and classifying security threats to networks, systems and applications. Assist in the prioritisation of controls relevant to identified threats through a risk-based approach.
* Support the development of use-cases, including creation within the CSOC's security tooling to enable threat detection.
* Prioritise attack vectors and support mitigation efforts by providing standard risk control advice. Help develop and implement threat modelling schedules aligned with organisational goals and compliance needs.
* Communicate common mitigation strategies such as preventative controls and basic configuration changes (system hardening). Continuously seeking to identify potential service and process improvements increasing your knowledge of industry best practices, good judgment and problem-solving skills to execute security operations and investigations.
* Support stakeholder engagement responsibilities such as the need to interpret technical information around networks and infrastructure. Candidate should be able to communicate the threats eloquently to service owners about the potential risks to the components & systems.
Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).
Hybrid Working
DDaT is geographically spread across multiple locations with most staff working in line with the Department's hybrid working arrangements (a minimum of 60% of time in an office location, with the remainder working from home). The successful candidate will be based at Manchester Soapworks and there may be a requirement for occasional travel to other locations.
Person specification
Please note that this role requires Security Clearance, which would normally need 5 years' UK residency in the past 5 years. Candidates must also hold or be prepared to undergo NPPV3 clearance.
Essential Skills
You'll bring a demonstrable passion for cyber security and demonstrate experience in:
* Developing and sharing actionable insights on current and emerging cyber threats, helping organisations understand their impact on system architecture.
* Coordinating responses to cyber security incidents, minimising negative impacts and restoring service as quickly as possible through identification of likely threat scenarios and attack paths followed by security recommendations.
* Developing, improving or deploying detective use cases within security software, for example within SIEM or EDR tools.
* Delivering management, technical and administrative services to implement security controls and security management strategies.
* The ability to build strong partnerships and influence stakeholder attitudes, decisions, and actions for mutual benefit by guiding decision making on monitoring and improved detections, whilst navigating complex technological landscapes.
* Experience in management, vulnerability research, malware and exploit analysis, investigations, or working in a Security Operations Centre (SOC).
* Familiarity with standards and models such as NIST, ISO27001, COBIT, BS EN 31111, Cyber Essentials, Cyber Defence Controls, Cloud Principles, NCSC guidelines, and threat analysis frameworks.
SFIA capability framework
Skills for the Information Age (SFIA) is the technical framework that sets the standard capability and development of all IT Operations levels in the Home Office. This is a link to the capability framework: All skills A - Z English (sfia-)
We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process.
SFIA levels of responsibility – Use the SFIA Levels of responsibility to understand what would be expected for each Technical Skill listed below.
SFIA Technical skills
The essential technical skills required for this role are listed below and are reflective of the Home Office Government Digital and Data Profession Career Framework.
Qualifications
Certification in one or more of the following is desirable but not essential and should not prevent application:
* Desirable to have certification in one or more of the following: CRTIA, CRTIM, CRISC, CISSP, CEH, CCSP and equivalent.
Capability & Skills Allowance
The advertised role is part of the Home Office Government Digital and Data Profession. This role has access to a Digital Capability-Based Allowance. Applicants who are successful at interview will be invited to complete a Capability and Skills Assessment post-interview. Any allowance awarded will be based on the assessment of your capability against the six skills advertised for this role. Please see the attached candidate pack for more information.
The allowance values are set by the Home Office, subject to remaining in a qualifying role, and are non-pensionable. This allowance is non-contractual, subject to an annual review and could be withdrawn at any time.
To qualify for the additional allowance, your skills must align to the following role: Senior Monitoring Manager
For both new entrants and existing civil servants, the total compensation offer is a combination of base salary and, if applicable, a capability-based allowance. New entrants to the Civil Service will start on the pay range minimum. For existing civil servants, our policies on level transfer and promotion will apply.
Technical skills
We'll assess you against these technical skills during the selection process:
* Threat intelligence (THIN) – Level 3
* Incident management (USUP) – Level 3
* Service level management (SLMO) – Level 3
* Security Operations (SCAD) – Level 3
* Specialist Advice (TECH) – Level 3
* Stakeholder relationship management (RLMT) – Level 3
Benefits
Alongside your salary of £44,720, Home Office contributes £12,955 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
You'll also have access to the same benefits available to all civil servants in the Home Office:
* A highly competitive pension with an employer contribution of 28.97%
* 25 days annual leave on appointment rising 1 day per year up to 30 days, plus 8 days public holidays and 1 day for the King's Birthday.
* Flexible working options to enable you to achieve the work life balance that is right for you including; Full time, part-time, flexi time, compressed hours and job sharing.
* A hybrid working model of a minimum 60% of your contracted hours in the workplace and 40% remote.
* Training and development opportunities tailored to your role, including access to technical and professional accreditations.
* Access to funded qualifications (subject to approval)
* A capability allowance reviewed annually.
* A culture encouraging inclusion and diversity.
* Enhanced parental leave schemes.
* Annual performance-based bonus and recognition awards.
This link is to a short guide to employee benefits: Benefits - Home Office Careers
Things you need to know
Selection process details
This vacancy is using Success Profiles, and will assess your Experience and Technical skills.
As part of the application process you will be asked to complete a CV and 1000 word Personal Statement.
Further details around what this will entail are listed on the application form.
Please note your CV and personal statement should include all relevant experience that relates to our essential skills criteria listed in the advert and role description. Use STAR format in your examples and consider tips on and consider tips on how to write your personal statement.
Remove information that identifies you (for example your name, age or place of education) so that you will be judged on merit alone and not your personal background, circumstances, race or gender.
(Do NOT include e-mail addresses or links to online profiles, resumés, or prior work, either personal or business. Active links or e-mail addresses will result in your application being rejected).
Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. All applications are screened for plagiarism, copying, and generating of examples/ answers from internet sources including Artificial intelligence. If detected, the application may be withdrawn from the process.
Further action, including disciplinary action, may be considered in such cases involving civil servants. Providing false or misleading information would be contrary to the core values of honesty and integrity expected of all civil servants.
Sift Stage
The sift will be held on the CV and Personal Statement. Please read the Essential skills for this position carefully. We will only consider those who meet the listed requirements.
In the event of a high number of applications, we will conduct the sift on the Personal Statement only.
Interview Stage
Candidates reaching the required standard will then be invited to attend a final interview. The interview will assess your Technical Skills (SFIA Framework) and experience using technical and experience-based questions.
Sift and interview dates
Sift will be conducted from 2 October 2025.
Interviews will be held during the week commencing 13 October Subject to the Panel's operational requirements/priorities)
Interviews will be conducted remotely via MS Teams.
We will try to meet the dates set out in the advert. There may be occasions when these dates will change. You will be provided with sufficient notice of the confirmed dates.
Reserve list
A reserve list of successful candidates will be kept for 12 months. Should another role become available within that period you may be offered this position.
Job offers to this post are made on the basis of merit. We often have similar roles available at different grades. If a candidate is suitable for a similar role or a lower grade than they have applied for, we may offer the candidate that role without the need to go through a further selection process providing the role has the same competencies and essential skills.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Serviceon your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct.
If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre- stating the job reference number in the subject heading.
Reasonable Adjustments
If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
* Contact Government Recruitment Service via as soon as possible before the closing date to discuss your needs
* Complete the "Assistance Required" section in the "Additional Requirements" page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.
Feedback will only be provided if you attend an interview or assessment.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .
See our vetting charter .
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This job is broadly open to the following groups:
* UK nationals
* nationals of the Republic of Ireland
* nationals of Commonwealth countries who have the right to work in the UK
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
* nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
* individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
* Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements
Working for the Civil Service
The Civil Service Code sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles .
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy .
Apply and further information
This vacancy is part of the Great Place to Work for Veterans initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job contact :
* Name : AC Recruitment Team
* Email :
Recruitment team
* Email :
Further information
If you feel that your application has not been treated in accordance with the Civil Service recruitment principles and you wish to make a complaint, then contact the Government Recruitment Service via If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission.