G4 Senior Cyber Security Operations Centre (SOC) Analyst

IPS officers provide specialist security services to the Agency 24/7/365 to mitigate security risks. IPS plays a key role in safeguarding people, processes, technology and standards across the NCA, supporting operational and non-operational teams, and the Command team to maintain resilience and public confidence in a volatile threat landscape. The Cyber Security Team protects the confidentiality, integrity and availability of NCA information, defends IT platforms and services, and manages cyber security incidents. This is an exciting opportunity to join the NCA's Cyber Security team as a Senior Cyber SOC Analyst working within Integrated Protective Security (IPS).

The Cyber Security Team leads strategic response to cyber risks, oversees audits, and builds internal and external alliances to deliver the NCA's objectives. You will support the Lead Analyst to manage and support all SOC services, monitor, prevent, detect and respond to security incidents, and safeguard the NCA's digital infrastructure. You will report to the Lead SOC Analyst from the Agency's Birmingham office on a 24/7 shift pattern, including nights, weekends and bank holidays. The current 8-hour shift pattern may move to 12-hour shifts (4 days on, 4 days off).

Please note this role is based in Birmingham and is not available on a hybrid basis.

• Monitor, detect, prevent and respond to security incidents across security technologies (IDS, IPS, Firewalls, End Point Security, vulnerability management).
• Respond to security events via calls, emails, alerts, and other channels; handle incidents requiring advanced understanding of the monitored estate.
• Contribute to content development and analytics; tune SOC services using threat intelligence to protect vulnerabilities.
• Assist in engineering tasks to maintain continuous availability of SOC services.
• Complete scheduling and reporting; ensure events and incidents are progressed appropriately.
• Support Security, Risk, Compliance and Service reporting; categorize events with colleagues from security teams and other commands.
• Maintain SOC documentation, processes and procedures; provide expert IT security guidance on networking, applications and emerging technologies.
• Respond to incidents that require detailed knowledge of the monitored estate beyond the SOC Analyst’s capabilities.
• Identify threats in collaboration with trusted partners; recommend mitigations and report to the shift lead.
• Reduce risk to data loss through collaboration with Cyber Defence, IA, Operational, Physical and Personnel security teams and adjacent commands.
• Deputise for senior management to deliver an effective departmental service when appropriate; lead shift team in the absence of the Lead Analyst.
• Develop internal and external partnerships to foster good relations, including with other government departments.
• Lead the shift team during the Absence of the Lead Analyst and report to the SOC Manager.

• Essential criteria: Recognised higher education in an IT-related area (cyber security preferred) or certifications from recognised bodies (e.g., GIAC, ISC2, ISACA, BCS, CompTIA).
• Experience of using SIEM capabilities.
• Experience of incident response and vulnerability scanning software.
• Experience in threat modelling, impact analysis and report writing.
• Ability to obtain DV clearance prior to commencing; candidates may need to obtain DV STRAP in post.

Salary: £45,326 plus National Crime Agency contribution of £13,130 to the Civil Service Defined Benefit Pension scheme. Benefits include: 26 days annual leave (rising to 31 after 5 years), 8 bank holidays, flexible working options (flexi-time, compressed hours, job sharing), family-friendly policies, learning and development opportunities, interest-free loans and advances, housing schemes (Key Worker status), cycle to work and other discounts, staff networks, and access to civil service sports facilities.

• Security and vetting: Criminal record check and developed vetting (DV) requirements; baseline personnel security checks for government assets.
• Nationality: Open to UK nationals only.
• Working for the Civil Service: Civil Service Code and merit-based recruitment; Diversity initiatives including Disability Confident Scheme and Redeployment opportunities.
• Application and assessment: Applications assessed against technical and behavioural criteria; longlisting and scoring timelines may apply; feedback provided for assessment attendees.
• Notes: This vacancy uses the Success Profiles framework; plagiarism and inappropriate use of AI are addressed in guidance.