Cyber Operations Vulnerability Analyst/Disclosure Programme Coordinator

Our team leads the government's operational response to cyber threats, vulnerabilities and incidents through the Government Cyber Coordination Centre (GC3). This is an exciting opportunity to contribute to the UK Government's cyber resilience efforts by helping to ensure public sector systems are better protected against cyber threats. In this role, you will improve cyber security and digital resilience across the entire public sector, set priorities that will shape the future of governmental functions, and deliver the outcomes of the Government Cyber Security Strategy (GCSS) into wider departmental objectives. In June 2025, the Government Cyber Unit moved from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT) as part of a machinery of government (MoG) change. This role is in scope to transfer to DSIT when the change takes effect. We are currently consulting with Trade Unions on which policies, terms and conditions will apply on transfer. The statement of changes applied to all other Cabinet Office staff will also apply to you if you are successful.

We are recruiting for complementary roles within the Government Cyber Coordination Centre (GC3): a Vulnerability Disclosure Programme Coordinator and a Vulnerability Analyst, both at HEO grade. These roles sit at the heart of the UK Government's efforts to identify, manage, and mitigate cyber vulnerabilities across public sector systems.

The Vulnerability Disclosure Programme Coordinator will support the delivery and continuous improvement of the cross‑government Vulnerability Reporting Service (VRS), working closely with departments and the security research community to ensure known vulnerabilities are effectively reported, tracked, and resolved. This role requires the maintenance of the digital service and technology, close stakeholder engagement, and the strategic coordination of vulnerability disclosure activities across government.

The Vulnerability Analyst will focus on technical triage, prioritisation, and urgent communication of vulnerabilities, providing protective advice and supporting operational responses to critical cyber vulnerabilities, threats, and incidents. This role will work closely with internal teams and external partners to understand risk and improve cyber resilience across government systems.

Both roles offer the opportunity to work in a fast‑paced, collaborative environment at the intersection of cyber operations, digital resilience, and stakeholder engagement, contributing to the UK's national cyber security efforts.

• Support the triage and prioritisation of reported vulnerabilities, assessing potential impact and urgency;
• Assist in the coordination and tracking of remediation activities across government systems;
• Provide clear, actionable guidance to departments on improving security controls and reducing cyber risk;
• Contribute to the drafting and dissemination of protective guidance and alerts on critical vulnerabilities;
• Collaborate with internal teams and external partners to support effective vulnerability triage and response;
• Use available data and intelligence to inform operational decisions and targeted interventions;
• Support the Senior Vulnerability Analyst in delivering GC3's objectives;
• Contribute to the GC3 cyber incident response function when required, supporting operational response activities.

• Support the day‑to‑day operation of the Vulnerability Reporting Service (VRS), including triage, tracking, and coordination of reported vulnerabilities;
• Assist in the development and maintenance of documentation, guidance, and communications related to vulnerability disclosure;
• Contribute to the analysis of vulnerability trends and producing regular reporting outputs;
• Build relationships with stakeholders across government departments, and the security research community to support coordinated responses to vulnerabilities;
• Provide administrative and logistical support for governance forums and stakeholder meetings;
• Collaborate with the wider GC3 team to support incident response activities where appropriate;
• Escalate complex or high‑priority issues to the Senior Coordinator and contribute to continuous improvement of processes.

We’ll assess you against these behaviours during the selection process: Seeing the Big Picture, Communicating and Influencing, Developing Self and Others. This vacancy is using Success Profiles, and will assess your Behaviours and Experience. As part of your application, you will be required to provide a CV setting out your career history, qualifications and previous skills and experience, highlighting specific responsibilities and achievements that are relevant to the essential criteria in the person specification section of the job advert. Should you be successful at sift, you will be invited to attend an interview. There will be 2 interview rounds: 1st round – the first round will assess your experience only. 2nd round – the final round of interviews will assess your behaviours. Further details will be released for candidates successful at interview 1. Please note – you must pass the first round of interviews to progress to the final round.

• Expected sift date – WC 24th November 2025
• Expected interview date/s – WC 8th December 2025
• Interview location – Your interview will either be conducted face‑to‑face or by video. You will be notified of the location if you are selected for interview.

If a person with disabilities is put at a substantial disadvantage compared to a non‑disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via menurecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs; Complete the 'Assistance required' section in the 'Additional requirements' page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if you're deaf, a Language Service Professional.

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting. See our vetting charter. People working with government assets must complete baseline personnel security standard checks.

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre‑settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre‑settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles. The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy.

• Experience of working in IT or cyber security, ideally within a SOC or Operations environment;
• Working knowledge of one or more of: application, infrastructure, and network security;
• Strong analytical skills, with the ability to assess technical information, prioritise risks, and support decision‑making when challenged;
• Proven written and verbal communication skills, with the ability to present complex or technical information clearly to a range of technical and non‑technical audiences, including senior stakeholders;
• Ability to manage multiple tasks in a fast‑paced environment, with strong attention to detail and organisational skills;
• Experience working collaboratively across teams and with external partners, demonstrating effective stakeholder engagement;
• A proactive and adaptable approach to problem‑solving, with a focus on continuous improvement and learning.

• Familiarity with web application vulnerabilities (e.g. OWASP Top 10) and vulnerability assessment tools;
• Proficiency in data analysis, computer or query languages (e.g. Python, SQL);
• Proven ability to produce clear, structured, and impactful outputs such as reports, guidance, or notifications;
• Practical experience in vulnerability disclosure programmes, bug bounty platforms, or coordinated vulnerability management;
• Experience working in government, with the National Cyber Security Centre (NCSC), or in national security contexts;
• Experience handling sensitive information or working with intelligence sources;
• Understanding of UK Government Security Classifications, and the relevant legislation (e.g. Computer Misuse Act 1990).

Alongside your salary of £40,974, Cabinet Office contributes £11,870 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

• Learning and development tailored to your role.
• An environment with flexible working options.
• A culture encouraging inclusion and diversity.
• A Civil Service Pension which provides an attractive pension, benefits for dependants and employer contributions of 28.97%.
• A minimum of 25 days of paid annual leave, increasing by one day per year up to a maximum of 30.