Information Security & Monitoring Specialist

We are seeking a highly skilled and security-focused professional to join our Operational Capability (OC) Team as an Information Security and Monitoring Specialist. In this role, you will support the detection and investigation of security incidents across the organisation, using advanced monitoring tools and SIEM systems. You will analyse alerts, identify threats, and work with internal and external stakeholders to ensure timely and effective responses to threats. This post requires the successful candidate to be a British national and they will be subject to Developed Vetting (DV) clearance. You will work as a member of the OC Team in the Department's Cyber Resilience Centre (CRC), at the forefront of detecting and investigating potential security threats across CRC. Your primary focus will be on identifying indicators of compromise and malicious activity, conducting in-depth analysis of system alerts and logs, and ensuring swift, effective responses to emerging risks.

You will work closely with stakeholders across CRC and the wider security community to coordinate responses, escalate incidents when necessary, and support investigations with clear, actionable intelligence. Your experience in Security Information and Event Management (SIEM) systems will be critical in driving informed decision-making. You will also oversee local security officers, contribute to the development of monitoring capabilities, and support strategic workforce planning activities. This role requires a background in information security, incident response, and protective security practices, with the ability to operate discreetly and decisively in high-assurance environments.

Responsibilities include monitoring and analysing system alerts and logs to detect suspicious or malicious activity; conducting proactive threat hunting and incident investigations; escalating and presenting potential incidents with comprehensive supporting evidence; collaborating with internal teams and external partners to coordinate responses to threats; taking remedial actions following inappropriate internal behaviour or security breaches; overseeing and supporting Rosa Local Security Officers across UK hubs; managing Rosa assets and acting as Partner Security Officer, ensuring compliance and assurance; coordinating secure handling of sensitive materials across CRC and authorised partners; contributing to the development and continuous improvement of monitoring systems, processes, and playbooks; producing workforce analysis for CRC Senior Leadership; supporting workforce planning and strategic capability development alongside the Head of Operational Capability; and providing operational support and resilience to the team as needed.

The sift panel will use information relating to your employment history (CV) and your personal statement of suitability to assess your experience, skills and knowledge and behaviours. When giving details of your employment history, include details of the work involved, outcomes, and your role therein. All applications will be assessed and sifted based on the essential criteria in the advert, using the information you provide in your completed application form. Successful candidates will be invited to a video interview where candidates will be assessed on behaviours and a Technical question will be asked during the interview. Behaviours assessed at interview will include: Making Effective Decisions, Communicating and Influencing, Changing and Improving, Delivering at Pace. Interview dates are to be confirmed; you will be advised of sift and interview timelines as information becomes available.

Further Information: A reserve list may be held for six months from which further appointments can be made. Details on childcare vouchers, criminal record checks, and national security vetting are provided in the advert. Applications from current DWP employees should check terms and conditions related to mobility, pay, and allowances. See the Civil Service Vetting charter and related guidance for more information.

Successful candidates must undergo a criminal record check and meet security requirements (Developed Vetting). See the vetting charter for details. National Security Vetting information is available on the Demystifying Vetting website. New entrants are expected to join on the minimum of the pay band.

Essential

• Experience in cyber security monitoring and incident response.
• Strong analytical skills to interpret complex data and logs.
• Experience in using SIEM tools and other security technologies.
• Excellent communication and stakeholder engagement skills.
• Ability to monitor, investigate and manage sensitive information with discretion.

Desirable

• Experience in government or regulated environments.
• Familiarity with confidential material handling and secure asset management.
• Experience managing multiple priorities and adapting to changing demands.

Experience with SIEM tools to collect, analyse, and correlate security events.

Salary and benefits package includes a salary of £44,355 with £12,849 contributed by the Department for Work and Pensions to the Civil Service Defined Benefit Pension scheme. The benefits package includes flexible working patterns, generous annual leave, health and wellbeing support, learning and development, and an inclusive work environment with employee networks.