Senior Threat Modelling Analyst

The Home Office Cyber Security Operations Centre (CSOC) works 24/7/365 to protect the organisation from cyber threats. Threat Operations is an operational area within the CSOC that consists of several Proactive and Reactive services. The CSOC’s Threat Modelling team is a core function and is responsible for identifying, prioritising, and mitigating potential cyber threats and vulnerabilities within Home Office systems, applications and networks. This function is closely tied to the CSOC Onboarding process, and other crucial areas like Threat Intelligence, Threat Hunting and the Use Case Factory.

The Senior Threat Modelling Analyst will assist in the delivery of cyber threat modelling and aid use case development across Home Office systems onboarded to the CSOC. The Threat Modelling team performs an enabling function to the wider CSOC, ensuring relevant data is onboarded and security controls are recommended to protect the organisation from cyber threats.

We’re recruiting Digital, Data and Tech professionals to join the Home Office, working in a wide range of roles.

The Senior Threat Modelling Analyst role’s focus will be Threat Modelling within the Threat Operations unit and working closely with stakeholders and service owners. Understanding of technical research and analysis of adversary tools, techniques and procedures (TTPs) which might be used to compromise technology components is a key skill needed. Threat Modelling is responsible for identifying preventative, detective and corrective controls which may involve liaison with subject matter experts (SMEs). You will perform deep-dive analysis against technology components, create threat-focussed data flow diagrams using tools like MS Visio, and draft use case proposals articulating your defined detection requirements against that component. You will manage your workload within the Jira ecosystem which integrates closely to our processes.

• Assist in conducting and maturing the CSOC’s threat modelling processes to meet the organisation’s needs in line with appropriate standards. Help provide advice to stakeholders on mitigation, escalating where appropriate.
• Support identifying and classifying security threats to networks, systems and applications. Assist in the prioritisation of controls relevant to identified threats through a risk-based approach.
• Support the development of use-cases, including creation within the CSOC’s security tooling to enable threat detection.
• Prioritise attack vectors and support mitigation efforts by providing standard risk control advice. Help develop and implement threat modelling schedules aligned with organisational goals and compliance needs.
• Communicate common mitigation strategies such as preventative controls and basic configuration changes (system hardening). Continuously seeking to identify potential service and process improvements increasing your knowledge of industry best practices, good judgment and problem-solving skills to execute security operations and investigations.
• Support stakeholder engagement responsibilities such as the need to interpret technical information around networks and infrastructure. Candidate should be able to communicate the threats eloquently to service owners about the potential risks to the components & systems.

Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).

Hybrid Working

DDaT is geographically spread across multiple locations with most staff working in line with the Department’s hybrid working arrangements (a minimum of 60% of time in an office location, with the remainder working from home). The successful candidate will be based at Manchester Soapworks and there may be a requirement for occasional travel to other locations.