G7 Cyber Security Vulnerability Analyst

The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.
We are the Cabinet Office’s Cyber and Information Security function. Our mission is to secure the Cabinet Office’s digital and information assets against misuse, and enable the secure delivery of the department’s mission. We do this by developing, operating, and governing the cyber and information security controls which protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK., This role is within the Cyber Defence team, which is responsible for understanding, detecting and responding to cyber threats and vulnerabilities impacting the Cabinet Office. This role reports to the Red Team Manager, and is responsible for operating and continually improving the team’s vulnerability management capabilities., As a cyber security vulnerability analyst, you will:
+ manage the implementation and operation of vulnerability assessment capabilities across the Cabinet Office’s on-premise and cloud-based IT estate and digital services
+ coordinate the triage and remediation of identified vulnerabilities using a risk-based approach, working closely with service teams and developers to ensure that appropriate mitigation measures are implemented
+ work closely with other teams across Cyber and Information Security and the wider Cabinet Office to proactively reduce cyber security vulnerabilities
+ produce regular reporting which delivers insights on vulnerability management activities and the impact on cyber security risk
+ establish a detailed understanding of Cabinet Office data security and architectures enabling the delivery of consistent security advice
+ define requirements for improving and expanding our security tooling
+ develop and update internal plans, processes, and knowledge base articles
+ support wider Cyber Defence activities
+ line manage, act as an escalation point for, and provide coaching and mentoring to, associate security analysts
Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join., We'll assess you against these behaviours during the selection process:
+ Changing and Improving
+ Communicating and Influencing
+ Managing a Quality Service
+ Delivering at Pace, This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours and Experience.
As part of your application you will be required to provide a CV setting out your career history, qualifications and previous skills and experience, highlighting specific responsibilities and achievements that are relevant for this role.
Your CV will be assessed against the essential criteria listed in the 'Person Specification' section of the job advert.
Should you be successful at sift, you will be invited to attend an interview.
There will be 2 interview rounds -
First round - The first found will be a shorter interview assessing your experience.
Final round - The final round of interviews will assess your experience in more depth. You will also be assessed on behaviours during the second round of interviews. You will also be asked to deliver a 10 minute presentation on a relevant topic. Further details will be released for candidates successful at interview 1.
Please note - You must pass the first round of interviews to progress to the final round.
Expected timeline (subject to change)
Expected sift date – WC 10/11/2024
Expected interview date/s – WC 02/12/2024
Interview location – Your interview will either be conducted face to face or by video. You will be notified of the location if you are selected for interview.
Reasonable adjustments
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
+ Contact Government Recruitment Service via menurecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.
+ Complete the ‘Assistance required’ section in the ‘Additional requirements’ page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you’re deaf, a Language Service Professional.
Further information
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.
Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.
Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.
For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting
A reserve list will be held for a period of 6 months, from which further appointments can be made.
Any move to Cabinet Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at: https://www.childcarechoices.gov.uk
If successful and transferring from another Government Department a criminal record check may be carried out.
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf.
However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.
For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on and ask to speak to the operations manager in confidence, or email Info@disclosurescotland.co.uk
New entrants are expected to join on the minimum of the pay band.
Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.
A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government.
Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.
Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements
This job is broadly open to the following groups:
+ UK nationals
+ nationals of the Republic of Ireland
+ nationals of Commonwealth countries who have the right to work in the UK
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
+ individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
+ Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

We’re interested in people who have strong vulnerability management experience, including:
+ experience developing, implementing and operating vulnerability management capabilities
+ experience using a variety of sources of information to identify, analyse and report on relevant threats and vulnerabilities.
+ experience deploying, configuring and using vulnerability assessment (such as Tenable and the NCSC’s Active Cyber Defence Toolkit) and Attack Surface Management tools
+ excellent stakeholder management skills
+ excellent verbal and written communication skills, and the ability to communicate technical security issues to both technical and non-technical stakeholders
+ experience with cloud environments such as AWS and Azure
Desirable Criteria
+ experience with bug bounty programmes and platforms
+ experience with digital brand protection
+ experience investigating and responding to cyber incidents
+ ability to work as part of a team in a multidisciplinary environment

Alongside your salary of £53,400, Cabinet Office contributes £15,469 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
+ Learning and development tailored to your role.
+ An environment with flexible working options.
+ A culture encouraging inclusion and diversity.
+ A Civil Service Pension which provides an attractive pension, benefits for dependants and average employer contributions of 27%.
+ A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.