Cyber Security Analytics Lead

This Cyber Security Analytics Lead role is in the Cyber Security division within the Security and Information Management directorate.
As a Cyber Security Analytics Lead you will be responsible for delivering a strategic approach to the development and implementation of the Cyber Security Analytics services within ONS and UKSA.
Working as part of a high-performing, proactive team, you will support the Cyber Analytics Principal with delivery of strategic milestones that are designed to enhance and strengthen the controls in place in support of ONS’s priority outcomes.
We’re enhancing, revising and improving across our key services to better support these priority outcomes, but also to strengthen our defence against the increased external threat we face as part of the UK Government.
We’re looking for individuals who can work concurrently across several workstreams and who understand that there are always unknowns that require urgent attention above the day-to-day to-do list., This role is part of the Cyber Security function and will deliver Cyber Security Analytics services at tactical, operational and strategic levels for colleagues within the Security and Information Management directorate and across the business.
The role holder will be involved in onboarding and maintaining security tools and services to enable the protective monitoring service provided by the Cyber Security Operations Centre as part of a critical element of the Cyber Security strategy.
This role is responsible for maximising benefits of security monitoring tools such as Security Information and Event Management systems (SIEM), User Entity and Behaviour Analytics (UEBA), Security Orchestration, Automation and Response (SOAR) and other security tools, ensuring that appropriate protective monitoring is in place for new data sources and services, and maintaining this suite of security tools. This includes deployment, configuration and ongoing monitoring, maintenance and tuning of security tooling.
Responsibilities
+ Support the Cyber Security Analytics Principal in the implementation of deliverables from the Security and Information Management strategy.
+ Identify and onboard new security tooling to develop Cyber Security capability in line with the security roadmap.
+ Lead the end-to-end monitoring onboarding process to ensure a quality protective monitoring service. This includes working with project teams to onboard relevant log sources and feeds, data normalisation, creating and scheduling detection rules and providing the SOC with information required for meaningful interpretation of detections.
+ Deploy SOAR capabilities to streamline the protective monitoring service.
+ Develop and maintain expert knowledge of the monitoring coverage across the ONS estate to provide advice and inform organisational risk., At ONS we are always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a member of the Business Disability Forum and a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.
As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.
If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist., This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Security Clearance
The requirement for SC clearance is to have been present in the UK for 3 consecutive years immediately prior to applying.
A lack of UK residency in itself is not always a bar to security clearance but the Department will need to consider eligibility by exception on a case-by-case basis. You will be asked to provide information regarding your UK residency during your application, and failure to provide this will result in your application being rejected.
If you are unsure that you meet the eligibility above, please contact the recruitment email on the advert before applying to discuss, as failure to meet the residency requirements will result in your security clearance application being rejected and any offer of employment being withdrawn.
At the point of SC application you will need to provide or give access to the following evidence:
+ Departmental or company records (personnel files, staff reports, sick leave reports and security records)
+ UK criminal records covering both spent and unspent criminal records
+ Your credit and financial history with a credit reference agency
+ Security Services records.
Applicant support
Applicants may utilise AI resources in their submissions; ensuring all information provided is factually accurate, truthful, and original, avoiding any form of plagiarism to maintain the authenticity and credibility of the application process.
Stage 1 – Application & Sift
Assessment at application stage will be based on your work history, skills, experience, CV and personal statement.
Your application should be tailored to demonstrate any skills, knowledge and experience that are relevant to the content of the role.
Your personal statement should be no longer than 1250 words. You should use this space to provide evidence for each essential skills criteria within the person specification. As the criteria are scored, we would recommend that you give clear examples for each including the impact of your actions and set them out using the STAR acronym (Situation, Task, Action, Result).Success Profiles Behaviour examples are not required at this stage.
In cases where there are a high number of applications the sift pass mark may be adjusted and candidates will be invited to interview in merit order, i.e. those scoring the highest.
Stage 2 – Interview
Should you be invited to interview, you will be assessed using various assessment techniques aligned to the Civil Service Success Profiles framework, where you'll be assessed against all the behaviours outlined in this advert.
Interviews will be conducted by Video Conference.
A reserve list may be held for a period up to 12 months from which further appointments may be made.
Important Dates:
Sift date: From 05/07/2024
Interview dates: From 19/07/2024
For the full terms and conditions of the post, please see attachment below.
This role falls within the remit of the Government Digital and Data Pay Framework (formerly DDaT Pay Framework) that was introduced at the Office for National Statistics from June 2022. This means that in the event that you are successful at interview, your starting salary will be calculated based on the scores achieved during the Technical section of the interview. Full feedback will be provided to you at the point of offer.
Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements
This job is broadly open to the following groups:
+ UK nationals
+ nationals of the Republic of Ireland
+ nationals of Commonwealth countries who have the right to work in the UK
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
+ individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
+ Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

+ Experience of working in the Cyber Security field.
+ Demonstrable experience of creating security content in industry standard security monitoring tools.
+ Working knowledge of query languages such as KQL, SPL.
+ Working knowledge of rule tuning as part of an ongoing development process to reduce false positives and enhance the baseline ruleset in line with emerging threats.
+ Ability to create documentation that accurately represents security systems and develop processes for ongoing monitoring and maintenance of security tools and sensors.

We'll assess you against these behaviours during the selection process:
+ Working Together
+ Making Effective Decisions

Technical skills
We'll assess you against these technical skills during the selection process:
+ Cyber Security Operations
+ Intrusion Detection and Analysis
+ Protective Security
+ Secure Operations Management, Alongside your salary of £40,964, Office for National Statistics contributes £11,060 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our 5400 valued colleagues across the business.
This role is part of the cross-government Government Digital and Data (formerly DDaT) profession framework. As a role within Government Digital and Data (formerly DDaT) at the ONS, we also offer benefits such as:
• Protected Learning Time to spend on your personal development and side-projects.
• A supportive and active Community of Practice which you will be expected to contribute to, helping ensure you and your colleagues get the training, development and opportunities you need to progress your careers.
ONS are committed to flexible ways of working that support a healthy work-life balance. ONS has already considered how this job could be right sized for applicants working flexibly and we are happy to explore options with you about working part time, in a job share or flexibly, in line with our hybrid working policies.