Lead Cyber Security Analyst

Job description

Job Title: Lead Cyber Security Analyst

Band: 5

Salary: £57,954 - £65,400

Location: Liverpool/Newport/Norwich/Birmingham

Terms:Permanent

Hours: Full time/compressed

Closing Date: 24/04/25

Insight into CCS - Webinar

Don't miss out on gaining valuable insight into CCS and our recruitment process!

Join us on Tuesday 10th June at 5:30 PM. Please use this link to register your attendance for this session or any of our upcoming sessions.

Would you like to be a part of a digital transformation journey and be part of a growing team that is constantly evolving? Do you want to be involved in work that has a meaningful purpose? If yes, then this could be the role for you!

CCS is on an exciting digital transformation journey. We are reviewing our entire business and delivering new and improved digital technologies to enhance the services we provide, the ways we work, and how we interact with our customers, suppliers and other stakeholders. We're implementing a new cyber security function as part of Agile digital delivery within our growing team, and the pace and scale of change within the Directorate is unprecedented

Job Summary

In this critical role, establishing and leading our newly formed cyber security team, you will be responsible for understanding, detecting and responding to cyber threats and vulnerabilities affecting the Services we operate, as well as leading on regular IT Health Check's, resolving any issues identified that need addressing, and working with Operations and Development teams to prevent these issues in the future.

This role reports to the Head of Service and Infrastructure, and is responsible for setting standards, developing policies and processes and operating and continually improving the team's monitoring and response capabilities.

Directorate Overview

Digital and Data Services (DDS) supports our digital and technology design, implementation and service delivery. They maintain our digital systems and work with other teams to deliver the business plan with a digital mindset.

Team Summary

The post sits within the Digital Services (DDS) Service Management team, responsible for the ongoing development, delivery and support of digital services to internal and external users. Reporting to the Head of Service and Infrastructure, you will head up our new cyber security team, working alongside cross-functional product teams, leading in the design, development and enablement of automated monitoring processes, advising on the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity, while communicating directly with leadership on the progress and status of cyber threat monitoring and response.

Key Responsibilities

• Leading on the wider implementation of a monitoring strategy, ensuring roadmaps are achieved as expected, ensuring requirements, policies and standards to govern all activities and outputs are met
• Lead monitoring, triaging, and investigation of security alerts on Azure and AWS platforms to identify security incidents
• Review high-priority or high-complexity analysis of security event data to manage security incident response, making key decisions on reporting or escalations for monitoring
• Lead the cyber security team in the design, development and enablement of automated monitoring processes, advising on the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity, while communicating directly with leadership on the progress and status of monitoring
• coordinate the triage and remediation of identified threats using a risk-based approach, working closely with service teams and developers to ensure that appropriate mitigation measures are implemented
• work closely with other teams within the Directorate and Information Security to proactively reduce cyber security threats and vulnerabilities
• produce regular reporting which delivers insights on security monitoring activities and the impact on cyber security risk
• establish a detailed understanding of our data security and architectures enabling the delivery of consistent security advice
• define requirements for improving and expanding our security tooling
• develop and update internal plans, processes, and knowledge base articles
• support wider Cyber Defence activities
• line manage, act as an escalation point for, and provide coaching and mentoring to Security analysts

Essential Criteria (To be assessed at application):

• A track record in cyber security leadership, strategy development and planning in large and complex organisations, with demonstrable technical security knowledge of modern security concepts, principles and technologies for Azure, AWS, and SaaS.
• Expert knowledge of typical threats and attack vectors with appropriate monitoring and remediation strategies.
• experience using a variety of sources of information to identify, analyse and report on relevant threats and vulnerabilities.
• Developed problem solving skills including addressing complex technical security and process challenges that ensure delivery at pace to an appropriate risk appetite.
• Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders, influence stakeholders and create easy to consume articles such as blogs, policies and presentations.

Desirable

• Experience of day-to-day management of multi-disciplinary teams of cyber security professionals.
• Experience deploying, configuring and using vulnerability assessment (such as Tenable and the NCSC's Active Cyber Defence Toolkit) and Attack Surface Management tools
• Experience using cloud provider monitoring tools such as AWS CloudWatch, CloudTrail and GuardDuty for threat monitoring, alerting and response

In the event of a strong pool of candidates, desirable will be used as a second sift

Success profiles (To be assessed at interview):

Behaviours:

• Delivering at Pace
• Managing a Quality Service
• Making Effective Decisions
• Changing and Improving
• Working Together

Technical:

• understanding of security event analysis and remediation specific to AWS Cloud environments and workloads.

(A link to the Civil Service Success Profiles Framework is provided below)

Success Profiles Framework

The Civil Service Code sets out the standards of behaviour expected of civil servants.

If you are successful in this role, the job title would be SecOps Principal.

What we will offer you, here are some of the benefits you can expect:

• Competitive salary
• Generous pension scheme
• A discretionary non-contractual performance related bonus
• Working remotely in addition to working in advertised office location
• Flexi time scheme (available for B1-B6)
• Minimum 25 days annual leave to a maximum service related 30 days excluding bank

Explore fully how we will reward your work.

Want to make a difference? Find out more about the rewarding work that we do in our candidate pack

At CCS, we actively support, promote and celebrate our differences for the benefit of our employees, suppliers and customers. CCS is proud to be an equal opportunities employer. CCS believes that diversity and inclusion is critical to our success and we seek to recruit, develop and retain the most talented people.

We want to make our recruitment process accessible to everyone, so if there is any way that we can support you, please contact recruitment@crowncommercial.gov.uk

Working flexibly, delivering outcomes

CCS is a flexible business with a smarter working model where our colleagues benefit from a mix of home and office working. Successful candidates are expected to work from one of the office locations listed. Our current office attendance approach requires a minimum of 26 days per quarter (approx 2 days per week, which may be subject to change) in CCS office locations or off site meetings with suppliers, customers, partners, networking / industry events. This is pro rata for those who work part time. Our smarter working principles mean that our people have the advantage of both office and offsite based collaboration and learning, as well as working from home. This way of working allows us to honour our commitment to being a responsible business, offer flexibility and better work life balance as well as ensuring we deliver our business with confidence and in accordance with our CCS values.

Selection Process

Candidates who are successful at sift will be contacted as soon as possible following the closing date and advised of the interview process in more detail. The sift and interview times and dates to be confirmed. (Subject to change)

To find out more about our recruitment process please click here

Please note: Applicants can make use of artificial intelligence but the information presented at application must be factual.

A reserve list may be held for up to 12 months, which the Civil Service may use to fill future suitably similar vacancies across government for candidates who are considered appointable following interview. Should you be placed on a reserve list and want to be removed please contact recruitment@crowncommercial.gov.uk.

Complaints procedure:

Our recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commissioners' Recruitment Principles details of which can be found at http://civilservicecommission.independent.gov.uk

If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact recruitment@crowncommercial.gov.uk in the first instance.

If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at info@csc.gov.uk

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

Complaints Procedure

Our recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commission's Recruitment Principles details of which can be found at https://civilservicecommission.independent.gov.uk/recruitment/recruitment-principles/

If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, you should contact recruitment@crowncommercial.gov.uk in the first instance.

If you remain unsatisfied with the response you receive you can then contact the Civil Service Commission at info@csc.gov.uk

Internal candidates should apply using their Workday account. Please use the careers hub for your application.