This role is an exciting position in the Cyber Resilience Centre, part of DWP Security and Data Protection.
The Security Monitoring & Investigations Team (SMI) plays a vital role in securing the DWP estate; ensuring that service delivery is not affected by potential malicious activity from either internal or external threat actors. The team operates in a dynamic environment at the forefront of the Department’s cyber protection capability.
This role is for a Cyber Security Monitoring & Investigations Lead who will have responsibility for managing people and work across the team and for providing technical direction and advice for the investigation and resolution of security incidents.
Working as a Cyber Security Monitoring and Investigations Lead, you will lead, manage, and develop an innovative and service-orientated team of analysts focused on the investigation and clearance of security alerts as well as the proactive detection and investigation of potential indicators of compromise or malicious activity on DWP systems.
You will manage resources across the team to ensure they are focused on the key threat areas, organising workloads appropriately to deal with competing demands and actively monitoring and reviewing your team’s performance indicators.
You will provide third tier escalation for the resolution of security events and will lead on technical investigations including the validation of malware analysis and forensic investigations. You will have responsibility for coordinating the technical response to security incidents and will collaborate with stakeholders across DWP and the wider security community to ensure an effective response is delivered.
This is an important leadership role that relies on technical skills and understanding of technical information as well as the ability to communicate effectively with technical and non-technical audiences.
Responsibilities
* Successful candidates can expect to be involved in a range of the following:
* Lead, direct and manage a team of security analysts with responsibility for protecting the integrity of DWP systems from internal and external threat actors
* You will deliver at pace, ensuring that team resources are focused on the key threat areas, organising workloads appropriately to deal with competing demands and actively monitoring and reviewing your team’s performance indicators
* Provide third tier escalation and management of cyber security incidents, coordinating activities and communications across the team to ensure a cohesive response. You will involve expert domains and stakeholders timeously, as appropriate, to ensure the most effective resolutions
* Support the Security Incident Response Team (SIRT) by providing expert technical input to ongoing investigations in relation to the mitigation, detection and response to potential cyberattacks
* Provide timely intervention to protect the DWP IT Estate through operating and directing containment processes to isolate and prevent the spread of attacks
* Oversee threat hunting activities across the team ensuring that all hunts are carried out in accordance with accepted processes and procedures, ensuring the Department’s data is used safely, proportionately, and legally at all times
* Lead and manage technical investigations that arise from security incidents
* Perform complex analysis in a high-pressure environment encouraging analysts to demonstrate adaptability and creativity, demonstrating professionalism at all times, and upholding the team’s credibility across DWP
* Coach and develop a team of analysts to grow capability and ensure team members are equipped with the skills and knowledge to effectively undertake their job roles
* Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continual improve existing capabilities
* Develop influential relationships with key stakeholders across the Department to support improvement activity thereby mitigating the risks from malicious activity
* Demonstrate strong analytical and detail-oriented skills with excellent understanding of the latest analytical SIEM tools and how these can be used to identify security compromises within large amounts of complex data
* Strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies
* Demonstrate excellent communication skills with an ability to clearly articulate, summarise and describe technical issues to non-technical colleagues
* Directing the technical response to investigations working within the confines of relevant legislation as it applies to cyber security and digital forensics activities ensuring that all legal and internal compliance standards are maintained and that all outputs and reports are fit for purpose
* Look across Government and private industry to continually review processes and identify best practice in the rapidly developing world of responding to security threats
* Use understanding of device and audit logging standards to develop effective security monitoring
* Line manage a team of security monitoring analysts
The Security Monitoring and Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work as part of an on-call rota and to work outside of usual office hours as investigations dictate. Travel to different DWP sites and Government agencies with occasional overnight stays will also be required.
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident .