Head of Cyber Security Threat Operations

Reporting directly to the Head of Cyber Security Operations, the Head of Cyber Threat Operations oversees the Threat Intelligence, Threat Hunting and Threat & Vulnerability Management functions within the Cyber Security Operations Centre (CSOC).
This critical role involves leading teams who work hard to stay one step ahead of threat actors by performing adversary emulation activity. You will coordinate the response to mitigate vulnerabilities that impact on the integrity and availability of digital systems including Borders, Immigration and Citizenship, Policing and Fire.
This is a key position for those who are ready to protect the nation’s digital infrastructure against an ever-evolving cyber threat landscape.
If you're interested in finding out more, we are holding a Home Office Cyber Security candidate information event on 17th September. You will find out about working for the organisation, hear from staff on their experiences working in Home Office Cyber Security Roles and learn more about our recruitment process. Please register here https://www.eventbrite.co.uk/e/cybersecurity-drop-in-event, As Head of Threat Operations your responsibilities will include:
+ Overseeing and improving the triage and prioritisation of cyber threat intelligence, threat hunting activity, and ensuring appropriate measures to mitigate vulnerabilities are implemented swiftly and safely.
+ Shaping policies and processes to ensure that they meet strategic requirements, in line with appropriate standards.
+ Providing advice to senior stakeholders on ways to improve processes, strengthen security controls, identifying, evaluating, and mitigating risks. Setting direction and recommend investment in strategic tooling and capability to address strategic enterprise-wide risk.
+ Working closely with the Head of Cyber Detect & Response to ensure relevant artefacts related to security events and/or incidents have oversight from the wider Threat Operations teams.
+ Communicating with a broad range of senior stakeholders and being responsible for defining the vision, principles, and strategy for threat operations.
Note: The Head of Cyber Threat Operations may be required to carry out other duties within the scope of the grade and within the limits of their skill, competence, and training.
The successful candidate will be located in the Soapworks, Manchester regional office. Under Home Office hybrid working practices there is an expectation that you will attend the office for a minimum of 60% of your working hours.
Due to the nature of the role, this post is available on a full-time basis only., For guidance and information on how to construct your application (CV, Personal Statement and Behaviours), you are encouraged to visit Civil Service Careers website.
Please use STAR format in your examples – use this link The STAR method , National Careers Service / A brief guide to competencies - GOV.UK (www.gov.uk)
Please remove information that identifies you (for example your name, age, or place of education) so that you will be judged on merit alone and not your personal background, circumstances, race, or gender. Do NOT include e-mail addresses or links to online profiles, resumés, or prior work, either personal or business. Active links or e-mail addresses will result in your application being rejected.
2. Sift - week commencing 30th September 2024
The sift will be held on the CV and the statement of suitability.
3. Interview – week commencing 14th October 2024
If you are successful at sift stage, you will be invited to an interview where you will be asked questions based on:
+ Behaviours and Technical Skills listed in the job advert.
Additionally as part of your interview:
+ You will also be asked to deliver a presentation on a given topic. Details of the presentation will be provided to candidates who are invited to attend an interview.
Interviews will take place remotely. Candidates will be required to have access to:
+ A laptop (personal or work) with a working webcam
+ Good internet connection
+ Microsoft Teams
It is advisable to access your interview from a windows operating system laptop, desktop, phone or tablet as there is no guarantee that Microsoft Teams will work without issue on an Apple laptop, tablet or desktop.
Further Information
In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct.
If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grs@cabinetoffice.gov.uk stating the job reference number in the subject heading.
For further information on National Security Vetting please visit the following page https://www.gov.uk/government/publications/demystifying-vetting
A reserve list may be held for a period of up to 12 months from which further appointments may be made. There is no guarantee that being held on a reserve list will lead to a job offer. Further information can be found on our website.
Reserve lists will be held for each location and profession. Candidates will be appointed in merit order by location and profession.
Candidates judged to be a near miss at interview may be offered a post at the grade below the one advertised without the need to go through a further selection process, providing the role has the same Success Profiles elements and essential skills. There is no guarantee that further such vacancies will arise.
Additional Security Checks
As well as successfully obtaining UK Security Vetting clearance, candidates will be subject to a range of additional checks. The range of checks carried out will depend on whether you are a current Home Office employee, existing civil servant or an external new entrant as well as the role requirements. Further details are included in the Notes to Candidates.
If you are invited to an interview, you will be required to bring documentation for the
purposes of establishing your identity.
You will need to meet the nationality requirements for this role and obtain the necessary
security clearance to take it up. For meaningful security checks to be carried out,
individuals need to have lived in the UK for a sufficient period of time. Learn more on
our website. Security Checks - Home Office Careers
Visa sponsorship
We do not sponsor individuals via Skilled Worker Sponsorship / Tier 2 (General) work visas.
Reasonable Adjustments
If a person with disabilities is at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should:
+ Contact Government Recruitment Service via HOrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs
+ Complete the “Assistance Required” section in the “Additional Requirements” page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a language service professional
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the ‘Contact point for applicants’ section.
Feedback
Feedback will only be provided if you attend an interview or assessment.

Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements
This job is broadly open to the following groups:
+ UK nationals
+ nationals of the Republic of Ireland
+ nationals of Commonwealth countries who have the right to work in the UK
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
+ nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
+ individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
+ Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

You’ll have a demonstrable passion for leading threat operations teams and its underpinning disciplines with the following skills or proven experience in:
+ Leading and developing critical operational teams
+ Knowledge of targeted cyber-attacks, particularly on how to respond and mitigate their impacts
+ Experience in being able to analyse and contextualise information from a variety of sources
+ Communicating effectively about cyber threats at senior levels, including up to ministerial level in the absence of the Head of Cyber Security Operations
Technical Skills
Strategy and Architecture
+ Governance, Risk and Compliance
o Risk Management (BURM) - Level 4
+ Strategy and Planning
o Strategic planning (ITSP) – Level 4
+ Security and Privacy
o Information Security (SCTY) – Level 4
+ Advice and Guidance
o Specialist Advice (TECH) - Level 4
Change and Transformation
+ Change Planning
o Business Process Improvement (BPRE) – Level 5
Relationships and Engagement
+ Stakeholder Management
o Stakeholder relationship management (RLMT) – Level 5
SFIA capability framework
Skills for the information age (SFIA) is the technical framework that sets the standard capability and development of all DDaT skills in the Home Office. This is a link to the capability framework: All skills A–Z — English (sfia-online.org). We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process., Essential
+ Candidates must hold or be prepared to undergo NPPV3 and DV clearance
Desirable
+ A degree in Cyber Security or appropriate level of proven, demonstrable, and current experience in a similar role/environment
+ Achieved appropriate level of qualifications such as CISSP, CISM or qualifications from an industry recognised provider e.g. SANS, ISC2, ISACA, CEH etc., + Making Effective Decisions
+ Changing and Improving
+ Communicating and Influencing

Technical skills
We'll assess you against these technical skills during the selection process:
+ Risk Management (BURM) - Level 4
+ Strategic planning (ITSP) - Level 4
+ Information security (SCTY) - Level 4
+ Business process improvement (BPRE) - Level 5
+ Stakeholder relationship management (RLMT) - Level 5
+ Specialist Advice (TECH) - Level 4

£69,200
Capability & Skills Allowance: An additional allowance may be payable, pending a capability and skills assessment, with a value of up to £26,400. Please see advert for more information. For existing Civil Servants, the usual policy on level transfer and promotion will apply and is non-negotiable.
A Civil Service Pension with an employer contribution of 28.97%
GBP, Alongside your salary of £69,200, Home Office contributes £20,047 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
This role is part of the Digital and Data Technology profession, and utilises a Capability-Based Pay Framework to determine an employee’s total compensation, based on their level of skills capability. The advertised role aligns to the Principal Monitoring Manager in the framework.
Successful applicants will be invited to complete a Capability and Skills Assessment post-interview. The value of any allowance awarded will be based on an assessment of skills and experience. Please see the attached guidance pack for more information on the skills relevant to this particular role.
You’ll also have access to the same benefits available to all civil servants in the Home Office:
+ Membership of the Civil Service Defined Benefit Pension scheme with an average employer contribution of 28.97%. Find out what benefits a Civil Service Pension provides.
+ An in-year performance bonus scheme.
+ 25 days annual leave on appointment, plus 8 days public holidays and 1 day for the King’s Birthday, rising further with service.
+ Flexible working options to enable you to achieve the work life balance that right for you including part-time, flexi time and job sharing.
+ Training and development opportunities tailored to your role.
+ A culture encouraging inclusion and diversity.
+ Season ticket loans and rental deposit loans.
+ Cycle to work and payroll giving.
+ Employee discounts - including a huge number of retailers, Microsoft Home Use programme and gym membership.
+ A variety of staff recognition schemes including thank you vouchers.
+ Health and wellbeing initiatives including monthly mindfulness sessions.
+ Staff support networks.
+ Maternity, adoption or shared parental leave of up to 26 weeks full pay followed by 13 weeks of statutory pay and a further 13 weeks unpaid.
+ Maternity and adoption support leave (paternity leave) of 2 weeks full pay.
+ Up to five days paid leave for volunteering.
+ Study leave and support for studying for a qualification or other accredited development relevant to your role.