Cyber Security Monitoring and Investigations - Threat Detection Analyst

You will work as part of the Department’s Cyber Resilience Centre (CRC) as a Threat Detection Analyst in the Cyber Security Monitoring & Investigations team. You will play a vital role in securing the DWP IT Estate; ensuring that service delivery is not affected as a result of potential malicious activity from either internal or external threat., Working as a Threat Detection Analyst in the Cyber Security Monitoring and Investigations team, you will be part of an innovative and service-orientated team of analysts, focused on the detection and investigation of potential indicators of compromise or malicious activity on DWP systems and devices. Your main responsibilities will be to: + Provide a second-tier escalation function for the resolution of security events that have been triaged by others, providing direction and guidance, and ensuring an effective response to alerts and risks as they are identified. + Undertake comprehensive investigation of security alerts as well as proactive analysis of activity captured in system logs and security tools, to quickly determine if systems have been compromised. + Support Intelligence Analysts and the Security Incident Response Team, by providing detailed technical input to on-going investigations, building on detailed log data, digital outputs, and threat intelligence in relation to the mitigation, detection and response to potential cyber-attacks. + Effectively use the latest analytical SIEM tools including open-source intelligence to identify security compromises within large amounts of complex data. + Use digital forensic and malware analysis tools (commercial and/or open source) to support analysis and decision making. + Demonstrate strong knowledge of the latest security threats and indicators of compromise to ensure a robust response to new threats and attack vectors. + Provide timely intervention to protect the DWP IT Estate through recommending and operating containment processes to isolate and prevent the spread of malware. + Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities. + Ensure intelligence is effectively used to maintain the integrity of alerts and to ensure alerts continue to remain relevant and focused on the latest threats. + Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity. + Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies. + Support the transformation of the Department’s response to digital delivery and the security threats this presents; including operating new analytical tools to generate innovative security alerts. + Support remedial activity as a result of identified weaknesses within the estate. + Manage multiple priorities and respond flexibly to competing demands. The Cyber Security Monitoring & Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work outside of usual office hours as investigations dictate. Travel to different sites with occasional overnight stays may also be required., The sift panel will use the information relating to your employment history (your CV) and your personal statement of suitability, to assess your experience, skills and knowledge. When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein. Applications must include: A. A completed Personal Details application form. B. A curriculum vitae

• with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description.
C. A personal statement. In no more than 1000 words, please demonstrate how you meet the essential criteria, outlined in the 'Person Specification' section of the job advert. A NOTE ON ANONYMISATION
• Due to DWP’s use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role.
IMPORTANT INFORMATION: Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application. DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn. Stage 2 – SIFT & INTERVIEW INFORMATION: Applications will be sifted at regular intervals from the date the posts are advertised. Sifting for this role will be concluded as soon as the advert closes. The final stage of the process will be a face-to-face interview where you will be assessed against the behaviours and technical skills outlined in the advert as well as strengths. Candidates will be required to give a short presentation at interview, details of which will be provided prior to you attending. To help you prepare and settle into the interview you will be sent the behaviour questions in advance of the interview. These questions should be treated as confidential and should not be shared. The interview panel may ask you other questions which will not be shared in advance, including follow-up questions, and those about your experience, strengths, and technical abilities. Only candidates that have been successful at the previous stage will be invited to attend. Interviews will commence after 15th October 2024 Further Information Find out more about Working for DWP A reserve list may be held for a period of 6 months from which further appointments can be made. Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk If successful and transferring from another Government Department a criminal record check may be carried out., The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action., Complete the “Reasonable Adjustments” section in the “Additional requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Feedback will only be provided if you attend an interview or assessment.Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.Nationality requirements This job is broadly open to the following groups: + UK nationals + nationals of the Republic of Ireland + nationals of Commonwealth countries who have the right to work in the UK + nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) + nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) + individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 + Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window)Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

+ Experience of performing in-depth analysis of cyber security alerts to quickly determine if systems have been compromised. + Skilled in using a variety of the latest SIEM/network analysis tools and of proactively interrogating large data sets of structured and unstructured data, to identify malicious activity or anomalous behaviour. + Comprehensive knowledge of tactics or techniques an adversary could use to bypass or evade security controls, and an understanding of how to mitigate such activities so that they could be detected. + Experience of providing technical input into security investigations and of analysing and extracting relevant information in relation to the detection and response to potential cyber-attacks., + Making Effective Decisions + Working Together + Communicating and Influencing + Changing and ImprovingTechnical skills We'll assess you against these technical skills during the selection process: + Intrusion detection and analysis + Incident management, incident investigation and response

+ Learning and development tailored to your role + An environment with flexible working options + A culture encouraging inclusion and diversity + A Civil Service pension with an average employer contribution of 28.97% At DWP we are committed to creating a great place to work for all our colleagues; an inclusive and respectful environment that reflects the diversity of the society we serve. We want to maximise the potential of everyone who chooses to work for us, and we offer a range of flexible working patterns and support to make a fulfilling career at DWP accessible to you. Diverse perspectives and experiences are critical to our success, and we welcome applications from all people from all backgrounds with the experience and skills needed to perform this role. As one of the largest government departments, almost every individual in the UK is a direct customer of DWP at some point in their lives. DWP’s mission is to improve people’s quality of life, both now and in the future. We do that by focussing on delivering excellent services that make a difference to millions of people. We trust and empower our people to deliver these services to customers every day, including the most vulnerable in society. We seek to be an exemplar of the modern Civil Service, and to build on our achievements for the benefit of those we serve. When we are at our best, we care, we deliver, we adapt, we work together and we value everyone, and we seek to ensure that these values guide the way we serve our country, our communities, and our fellow citizens. DWP is looking to fill 2 roles in Finance directorate. These are key roles, and we are looking for people who will help us deliver Cyber Security Monitoring & Investigations. We welcome applications from candidates who can demonstrate the essential criteria listed in the ‘Person Specification’ part of this form. Hybrid working This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need, but personal circumstances and other relevant circumstances will also be taken into account. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post., At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should:Contact Government Recruitment Service via DWPRecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.