Birmingham
Job Summary
IPS officers provide specialist security services to the Agency 24 hours a day, 7 days a week, 365 days a year, to mitigate security risks. People are at the heart of the NCA and IPS play a key role in ensuring the Agency stays at the forefront of combating serious and organised crime.
IPS are responsible for the security of people, processes, technology and standards, operating across the NCA to support operational and non-operational teams, along with the Command team, to ensure the Agency remains resilient and retains public confidence in a volatile and complex threat landscape.
Information about the Business Area
The Cyber Security Team comprises of three areas: Information Assurance, Defend and Respond, and the Security Analysis and Threat Intelligence Team.
The purpose is to protect and maintain the confidentiality, integrity and availability of NCA information, whilst defending the NCA IT platforms, systems and services from existing and emerging threats.
The team also provide the managed response to cyber security incidents and ensure that cyber controls are proportionate, managed and balance risk against operational needs.
This is an exciting opportunity to join the NCA's Cyber Security team. We are currently looking to recruit a Senior Cyber SOC Analyst to work within our Integrated Protective Security command( IPS).
The Cyber Security Team leads the strategic response to cyber risks, cybersecurity function, oversees audit, building internal and external alliances with diverse stakeholders to deliver the NCA's strategic objectives.
Job Description
If successful you will support the Lead Analyst to manage and support all SOC services. You will be responsible for monitoring, preventing, detecting and responding to security incidents playing a crucial role in safeguarding the NCA's digital infrastructure from security threats.
You will report to the Lead SOC Analyst, working from the Agency's Birmingham office, on a
24/7 shift pattern
. This will include working nights, weekends and bank holidays. The team currently work an 8 hour sift pattern, with the proposal of moving over to 12 hour shifts. This would typically be working 4 days, followed by 4 days off.
* Please note due to the nature and requirements of this role, it is not available on a hybrid basis. The role will be based in our Birmingham office only**
*Duties & Responsibilities
Monitoring events*
Monitoring for events across multiple security technologies, including intruder detection systems (IDS), Intruder prevention systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
Responding to security events
Receiving and acting on calls, emails, alerts, etc. relating to security events and possible security incidents. Including responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the SOC Analyst.
Content development
Assisting in content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agency's vulnerabilities.
Assisting engineers
Assisting in engineering tasks in support of the continuous availability of SOC services.
Complete scheduling and reporting
Complete SOC scheduled tasks and ensure reported events and incidents are appropriately progressed.
Risk and compliance
Assisting as with Security, Risk, Compliance and Service reporting.
Categorising events
Work alongside colleagues from personnel and physical security to assess events and categorise them appropriately.
Administration
Maintenance of SOC documentation, processes, and procedures.
Provide expert advice on IT security
Provide expertise, guidance and advice in IT Security related matters, including maintaining up to date knowledge of network, application and communications security solutions, as well as emerging technologies.
Responding to Incidents
Responding to incidents where a detailed understanding of the monitored
estate is required and is beyond the capabilities of the SOC Analyst.
Identifying threats
Liaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to the shift lead.
Reduce risk to data loss
Collaboration with other Security Teams (Cyber Defence, IA, Operational, Physical and Personnel) and adjacent commands to support the overall aim of lowing risk to data loss.
Deputising to support delivery
Support of senior management in the delivery of an effective and efficient departmental service, deputising where appropriate. The Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
Building effective working relationships and collaboration
Develop and build internal and external partnerships working collaboratively to foster good relations, including working with other government departments to further the SOC capabilities.
Leading the team
The Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
To be considered, you will need to successfully complete DV clearance before commencing the role candidates will be required to obtain DV STRAP whilst in post.
If successful you will support the Lead Analyst to manage and support all SOC services. You will be responsible for monitoring, preventing, detecting and responding to security incidents playing a crucial role in safeguarding the NCA's digital infrastructure from security threats.
You will report to the Lead SOC Analyst, working from the Agency's Birmingham office, on a
24/7 shift pattern
. This will include working nights, weekends and bank holidays. The team currently work an 8 hour sift pattern, with the proposal of moving over to 12 hour shifts. This would typically be working 4 days, followed by 4 days off.
* Please note due to the nature and requirements of this role, it is not available on a hybrid basis. The role will be based in our Birmingham office only**
*Duties & Responsibilities
Monitoring events*
Monitoring for events across multiple security technologies, including intruder detection systems (IDS), Intruder prevention systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
Responding to security events
Receiving and acting on calls, emails, alerts, etc. relating to security events and possible security incidents. Including responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the SOC Analyst.
Content development
Assisting in content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agency's vulnerabilities.
Assisting engineers
Assisting in engineering tasks in support of the continuous availability of SOC services.
Complete scheduling and reporting
Complete SOC scheduled tasks and ensure reported events and incidents are appropriately progressed.
Risk and compliance
Assisting as with Security, Risk, Compliance and Service reporting.
Categorising events
Work alongside colleagues from personnel and physical security to assess events and categorise them appropriately.
Administration
Maintenance of SOC documentation, processes, and procedures.
Provide expert advice on IT security
Provide expertise, guidance and advice in IT Security related matters, including maintaining up to date knowledge of network, application and communications security solutions, as well as emerging technologies.
Responding to Incidents
Responding to incidents where a detailed understanding of the monitored
estate is required and is beyond the capabilities of the SOC Analyst.
Identifying threats
Liaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to the shift lead.
Reduce risk to data loss
Collaboration with other Security Teams (Cyber Defence, IA, Operational, Physical and Personnel) and adjacent commands to support the overall aim of lowing risk to data loss.
Deputising to support delivery
Support of senior management in the delivery of an effective and efficient departmental service, deputising where appropriate. The Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
Building effective working relationships and collaboration
Develop and build internal and external partnerships working collaboratively to foster good relations, including working with other government departments to further the SOC capabilities.
Leading the team
The Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
To be considered, you will need to successfully complete DV clearance before commencing the role candidates will be required to obtain DV STRAP whilst in post.
Person specification
*Skills, Knowledge And Experience*
SIEM - Experience of using SIEM capabilities.
Responding to incidents - Experience of incident response.
Using scanning software - Experience with using vulnerability scanning software.
Modelling, analysing and reporting - Experience of Threat modelling, Impact analysis and report writing.
Qualifications
You must meet the essential criteria and evidence this within your application to be considered for the role.
Recognised higher education in an IT related area with preference for those held within Cyber security relevant to this role
Or
Certifications from a recognised body in Digital Security e.g. GIAC, ISC2, ISACA, BCS, CompTIA
Any applications from candidates not meeting this eligibility criteria will not progress
Please see our privacy notice for details on how your data is handled.
Behaviours
We'll assess you against these behaviours during the selection process:
* Communicating and Influencing
* Changing and Improving
Technical skills
We'll assess you against these technical skills during the selection process:
* Experience of using SIEM capabilities.
* Experience of incident response.
* Experience with using vulnerability scanning software.
* Experience of threat modelling, Impact analysis and report writing.
Alongside your salary of £45,326, National Crime Agency contributes £13,130 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
New entrants to the NCA receive 26 days annual leave, rising to 31 on completion of 5 years continuous service, plus 8 bank holidays.
If qualifying criteria is met new joiners from UK Police Forces or the UK Intelligence Community (UKIC) will have service with those employers taken into account for continuous service purposes for annual leave entitlement only, this will be up to a maximum of 31 days leave (including 1 privilege day).
Other Benefits Include:
* Flexible working, including flexi-time, compressed hours and job sharing (in line with business requirements)
* Family friendly policies, notably above the statutory minimum
* Learning and Development opportunities
* Interest free loans and advances, including season tickets, childcare and rental deposits
* Housing schemes - Key Worker status
* Discounts and Savings with a wide variety of services including Cycle to Work, Smart Tech schemes, dental insurance, gym discounts and savings on everyday spending, available through the Reward Gateway, Edenred and Blue Light Card schemes.
* Staff support groups/networks
* Sports and social activities, including membership to the Civil Service Sports Council (CSSC)
Further information is available on the NCA Website.
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
This vacancy is using the Success Profiles framework and will assess using the following criteria: Behaviours, Technical Skills
Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.
*How We Will Assess You*
Your application will be assessed against the following:
Technical
- this will be assessed by 250 word examples on:
* Experience of using SIEM capabilities.
* Experience of incident response.
* Experience with using vulnerability scanning software.
* Experience of threat modelling, Impact analysis and report writing.
A panel will assess how well your application demonstrates the requirements outlined above.
Longlist
In the event of a high number of applications, we may operate a longlist. Applicants will need to meet the minimum pass mark for the lead criteria.
* Experience of using SIEM capabilities. .
Candidates who do not meet the minimum pass mark for the lead criteria will not progress to having their other criteria assessed. Applications must meet the minimum criteria to be progressed to the assessment stage.
You will receive an acknowledgement once your application is submitted.
We aim to have sift completed and scores released within 10 working days of the closing date of the advert. For high volume campaigns this timeframe may be extended.
Scores will be provided but further feedback will not be available at this stage.
For Guidance On The Application Process, Visit:
NCA Applying and Onboarding
Assessment 1
The format of this assessment will be Interview which will be tested on the criteria listed in the
Success Profiles at Assessment
section.
Success Profiles at Assessment
Behaviours
* Communicating and Influencing
* Changing and Improving
Technical
* Experience of using SIEM capabilities.
* Experience of incident response.
* Experience with using vulnerability scanning software.
* Experience of threat modelling, Impact analysis and report writing.
Assessment Outcome
Outcomes will be communicated via the NCA recruitment portal.
If successful but no role is immediately available, you may be placed on a reserve list for 12 months.
In The Event Of a Tie At The Assessment Stage, Available Roles Will Be Offered In Merit Order Using The Following Order:
* Lead criteria (behaviours/technical/experience)
* If still tied, desirable criteria will be assessed (if advertised)
* If still tied, application sift scores will be used
Feedback is provided only to those who attend an assessment.
You will be subject to vetting and pre-employment checks before appointment.
Once the vacancy closes, the advert will no longer be accessible. Please save a copy for your records.
We encourage all candidates to visit the NCA Careers Page for more information.
Full advert details for this vacancy can be found within the advert on NCA Recruitment portal. Please follow the link to apply via advertisers site.
Feedback will only be provided if you attend an interview or assessment.
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Medical
Successful candidates will be expected to have a medical.
Nationality requirements
Open to UK nationals only.
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job Contact :
* Name : The Recruitment Team
* Email :
Recruitment team
* Email :
Further information
If you believe your application has not been treated fairly, email: (quoting the vacancy reference).
If unresolved, you may escalate your complaint to the Civil Service Commission.