Security Analyst; Incident Response Lead

Overview

The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.

The Cyber Defence team delivers cyber threat intelligence, threat detection and incident response capabilities for the Cabinet Office, and is responsible for defending both internal IT infrastructure and citizen-facing services. As an Incident Response Lead, you’ll take a primary role in building and delivering these core capabilities, focusing on managing and responding to incidents.

IMPORTANT:
SECURITY VETTING

This role requires SC (Security Check) which will be conducted by the NSV (National Security vetting). You need to have been resident in the UK within the past five years in order to apply. Here is a short video why this is necessary.

• Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents
• Lead the forensic analysis of systems, files, network traffic and cloud environments
• Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions
• Support the wider coordination of cyber incidents
• Review previous incidents to identify lessons and actions
• Identify and deliver opportunities for continual improvement of the incident response capability
• Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
• Develop and update internal plans, playbooks and knowledge base articles
• Act as an escalation point for, and provide coaching and mentoring to, security analysts
• Be responsible for leadership and line management of security analysts

Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.