Tier 1 Analyst

Allowance (RRA):
Up to £5000 is available for candidates who demonstrate exceptional skills and experience evidenced at interview stage

Plus allowance of between 37.75% which equates to an additional £14,503 based on salary minimum

A Civil Service pension with an employer contribution of 28.97%.

As a Tier 1 Protective Monitoring Analyst, you will monitor, triage, and investigate security alerts across protective monitoring platforms. You will support the identification, analysis, and escalation of potential security incidents, working within a Security Operations Centre (SOC) to help protect critical government systems. This role provides an entry point into hands-on cyber defence in a live operational environment.

• Monitor, triage, and investigate security alerts generated via detection platforms to identify potential security incidents.
• Analyse security event data to support incident investigation, reporting, and timely escalation in line with established procedures.
• Support data acquisition and evidence collection activities for internal security investigations, following defined processes and handling requirements.
• Support the continuous improvement of protective monitoring capabilities by assisting with the implementation of monitoring use cases, dashboards, and alerting aligned with policies and standards, and work with colleagues across government using specialist security monitoring tools, contributing to consistent SOC operational practices.
• Maintain accurate records of investigations, actions taken, and outcomes to support reporting, assurance, and audit needs.
• Continuously develop technical knowledge and operational skills, building an understanding of emerging threats, attacker techniques, and SOC best practice.
• Able to follow documented processes consistently, applying each step during alert monitoring, triage, and escalation, and recognising when it is appropriate to seek guidance or support.
• Demonstrates a foundational understanding of common security alerts and basic indicators of compromise, with the ability to identify when activity may be unusual or suspicious and escalate appropriately.
• Observes and records information accurately and clearly, ensuring that key details are captured in a way that supports fair, efficient, and consistent investigations by colleagues in other teams or tiers.
• Shows a commitment to learning and development, including openness to feedback, willingness to ask questions when unsure, and proactive engagement in building technical and investigative skills over time.
• Provides clear, factual, and objective updates when escalating alerts, contributing to effective handovers between shifts or teams while maintaining professionalism and respect for colleagues.
• Able to manage workload responsibly, completing tasks within expected time frames, maintaining attention during monitoring activities, and raising issues promptly where challenges, delays, or barriers arise.

** You can also sign-up on the Home Office Careers website to receive emails with information about careers with us**

The link to do this is: https://in