Contents
- Location
- About the job
- Benefits
- Things you need to know
- Apply and further information
Location
Belfast, Cardiff, Darlington, Edinburgh, London
About the job
Summary
Join a team at the heart of the global economy!
We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video !
Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas.
Youll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade.
Job description
This role sits within the DIT Security Operations Centre (SOC), which is responsible for the identification and handling of security threats. You will be responsible for the monitoring aspects of the SOCs Target Operating Model (TOM) at a high level, acting as the final point of escalation for the resolution of incidents identified by SOC analysts. A key part of the role will be the identification and implementation of lessons learned from cyber security incidents as part of a continuous improvement cycle. Improvements to DITs capability to detect and response will be a priority. In the role you will be managing and mentoring junior SOC staff, and so this role is suitable for someone looking for a position of responsibility.
Responsibilities
Responsibilities
In your day-to-day role, you will:
- Lead the implementation of the DIT monitoring policyand management of the SOC TOM, providing expert advice to junior SOC staff.
- Review existing and new data sources being ingested into the SIEM and propose and implement use cases for detection and analysis.
- Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks, and tooling.
- Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunterand in line with DITs policies.
- Communicate the significance of the results of investigations and risk mitigation outcomes and engage with a broad range of senior stakeholders.
- Be responsible for defining the vision, principles, and strategy for incident response.
Essential Skills and Experience
You should be able to demonstrate essential skills and experience of:
- Significant experience of working at tier 2 or tier 3 in a SOC with management/mentoring responsibilities .
- Demonstrable experience with KQL or similar query language .
- Solid knowledge of various information security frameworks, for example MITRE.
- Demonstrable experience in cyber security incident management .
- Effective verbal and written communication skills.
- Demonstrable knowledge and experience of intrusion detection and analysis skills .
Desirable Skills and Experience
While not essential, it would be ideal if you have demonstrable skills and experience of:
- SIEM and Security Software, especially Microsoft
- Professional information security certification CISSP or similar.
- Experience of working in a multi-cloud environment.
- Knowledge or experience of forensics.
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
Things you need to know
Security
Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check .
See our vetting charter .
People working with government assets must complete basic personnel security standard checks.
Selection process details
We are closely monitoring the situation regarding the coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. In addition, where appropriate, you may be invited to attend a video interview.
Please continue to follow the application process as normal and ensure that you check your emails regularly as all updates from us will be sent to you this way.
Assessment and Interview
As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role.
At the sift stage for this role, Inspire People will assess you against the essential criteria listed above to compile a long list of applications. If you are progressed through to this stage, you will be asked to complete a short, pre-recorded video interview with Inspire People or provide written answers to questions. These applications will then be sifted by DIT hiring managers.
Initial sifting will take place the week commencing 26th September, with CV submissions to DIT on the 30th September. Interviews will take place the week commencing 10th October. Please note that these dates are indicative and may be subject to change.
At the interview stage for this role, we will assess your technical/specialist experience, outlined in the above role description, testing your ability through relevant assessments/presentations and ask you questions around Behaviours and Technical skills, which are part of the Civil Service Success Profiles .
The technical element within the interview, where you will be asked a series of questions to demonstrate your specific professional skills and knowledge related directly to the job role and context, will assess against these Technical Skills:
- Intrusion detection and analysis
- Threat intelligence and assessment
- Incident management, investigation, and response
- Information risk assessment and risk management
- Applied security capability
- Query language expertise
You will also be assessed against the Behaviours of:
- Developing Self and Others
- Changing and Improving
- Delivering at Pace
Offer Stage
Appointments may be made to candidates in merit order based on location preferences.
The salary we will offer is determined using interview performance. Scores at interview translate to proficiency levels and an associated salary. Once a successful candidate has a proficiency level and is part of the capability framework, they will be given opportunities to self-assess to progress through the pay scale within their grade during their time at DIT. For further explanation of proficiency levels and more information about DDaT click here.
The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
Candidates who pass the bar at interview but are not the highest scoring will be held on a 12-month reserve list for future appointments. Candidates who are judged to be a near miss at interview may be offered a post at the grade below the one advertised.
If successful and transferring from another Government Department a criminal record check may be carried out.
The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation.
Harmonised terms and conditions are attached. Please take time to read the document to determine how these may affect you.
Please note the successful candidate will be expected to remain in post for a minimum of 18 months before being released for another role.
Any move to the Department for International Trade from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at
New entrants are expected to join on the minimum of the pay band.
Reasonable adjustment
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.
If you need a change to be made so that you can make your application, you should contact the DDaT Recruitment team before the closing date to discuss your needs.
Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners Recruitment Principles.
If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DIT by email:
..... click apply for full job details