Description Department Overview The Cyber Defence Centre (CDC) is responsible for detecting and responding to cyber-attacks against the Bank. The CDC is made up of four key functions: Capability, Threat, Detection Engineering and Defence Operations. The CDC is advertising for two roles, one in the Threat function, and one in Detection Engineering. Both roles share several core responsibilities undertaken by all CDC analysts in addition to their specialism. These core responsibilities include performing occasional security monitoring and incident response activities. In addition, analysts are afforded 20% of their time to be spent contributing to the work of the other functions, developing competencies and skills outside of their specialist area This will ensure the role has varied day-to-day responsibilities, as well as exposure to a range of cutting-edge technology in cyber security, data analytics and intelligence. The roles are available at either Senior Analyst or Analyst level. Threat Intelligence: The Cyber Threat Analyst will work with the Cyber Threat Lead, within the Threat function, and will assist in defence from cyber-attacks by ensuring the CDC has access to structured, actionable intelligence to enhance its capabilities in detection and response. Primary responsibilities will be to assess inbound intelligence from multiple sources, collaborating closely with government, central banking and finance partners, to determine the usefulness and relevance of intelligence to defending the Bank. The Analyst will also be required to ensure that tactical intelligence is analysed and distilled to help the development of detection techniques for the most relevant threat actors. Paired with data analysts in the detection team on specific threats, this analysis will improve understanding and the ability to detect and respond to those threats. Specifically, this role will identify attacker methodology and behaviours, i.e. tactics, techniques and procedures (TTPs). The role will support the Lead and other threat analysts in establishing the operational threat level to the Bank, communicating the threat landscape and its effect on the Bank to senior partners. The jobholder will generate internal intelligence, by analysing CDC incident and event data, to perform campaign and cyber-attack analysis. This intelligence will be primarily consumed by the Bank but may also be presented to external trusted partners. They will also assist in developing the vital technical capabilities and processes within the CDC to process and store incoming intelligence, ensuring it is available to our analytical developers in a structured, logical and easily searchable format. Detection Engineering: The (Senior) Cyber Defence Analyst will report to the Cyber Detect Engineering Lead and will assist in defence from cyber-attacks by ensuring the CDC has cutting-edge detections informed by threat intelligence and data analysis techniques. Primary responsibilities will be to develop and improve CDC detections in Splunk. The analyst will also assist with the analysis and consumption of threat intelligence by the CDC to support detect and respond capabilities. Specifically, the analyst will distil intelligence to enhance their knowledge of attack methodology and behaviours, i.e. tactics, techniques and procedures (TTPs), and combine this with data analysis techniques to create Splunk detections for the CDC’s security monitoring capability. The analyst will also take a leading role in reviewing existing detections and ensuring these remain relevant against emerging threats and technology and advise the Detection Engineering Lead on strategy. The analyst will also ensure detections make the best use of Security Orchestration and Automated Response technologies. The senior analyst will have a particular focus on creation detections for attacks against cloud platforms, including Oracle Cloud and Microsoft Azure platforms. This role provides an excellent opportunity for experienced security analysts to experience a diverse and challenging role at the forefront of cyber security. Role Requirements Minimum (Essential) Criteria Understanding of cyber security fundamentals, including knowledge of common cyber threats and attacker tactics, techniques and procedures (TTPs) Experience using MITRE ATT&CK or similar cyber frameworks Experience analyzing detailed technical information and applying it to the subject area Ability to contribute towards the ongoing evolution of technical strategy for detection of cyber-attacks Ability to clearly communicate technical information to a non-technical audience Ability work independently and provide support to more junior members of the team Problem-solving and strong analytical skills Desirable Criteria Experience of creating, tuning and managing detection analytics in Splunk Experience of creating detection analytics against Cloud-based attacks Experience of working with or in a cyber security operations environment Experience with cyber security monitoring processes Experience with Microsoft Azure and Microsoft cloud-native tools (Defender for Endpoint, Defender for Cloud etc…) Experience with Oracle Cloud Knowledge of incident response principles Understanding of cyber threat intelligence concepts Understanding of common operating system and networking principles Knowledge of data or statistical analysis techniques Our Approach to Inclusion The Bank values diversity, equity and inclusion. We play a key role in maintaining monetary and financial stability, and to do that effectively, we believe we need a workforce that reflects the society we serve. At the Bank of England, we want all colleagues to feel valued and respected, so we're working hard to build an inclusive culture which supports people from all backgrounds and communities to be at their best at work. We celebrate all forms of diversity, including (but not limited to) age, disability, ethnicity, gender, gender identity, race, religion, sexual orientation and socioeconomic status. We believe that it’s by drawing on different perspectives and experiences that we’ll continue to make the best decisions for the public. We welcome applications from individuals who work flexibly, including job shares and part time working patterns. We've also partnered with external organisations to support us in making adjustments for candidates and employees in the recruitment process where they're needed. For most roles where work can be carried out at home, we aim for colleagues to spend half of their time in the office, with a minimum of 40% per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them, their team and stakeholders. Finally, we're proud to be a member of the Disability Confident Scheme. If you wish to apply under this scheme, you should check the box in the ‘Candidate Personal Information’ under the ‘Disability Confident Scheme’ section of the application. Salary and Benefits Information We encourage flexible working, part time working and job share arrangements. Part time salary and benefits will be on a pro-rated basis as appropriate. We offer a salary as follows: Leeds circa £53,900 - £62,190 London circa £59,905 - £69,120 In addition, we also offer a comprehensive benefits package as detailed below: A non-contributory, career average pension giving you a guaranteed retirement benefit of 1/95th of your annual salary for every year worked. There is the option to increase your pension (to 1/50th) or decrease (to 1/120th) in exchange for salary through our flexible benefits programme each year. A discretionary performance award based on a current award pool. A 8% benefits allowance with the option to take as salary or purchase a wide range of flexible benefits. 26 days’ annual leave with option to buy up to 12 additional days through flexible benefits. Private medical insurance and income protection. National Security Vetting Process Employment in this role will be subject to the National Security Vetting clearance process (and typically can take between 6 to 12 weeks post offer) and the passing of additional Bank security checks in accordance with the Bank policy. Further information regarding the vetting and security clearance requirements for the role will be provided to the successful applicant, and information about how the Bank processes personal data for these purposes, is set out in the Bank's Privacy Notice. The Bank of England welcomes applications from all candidates, but as a UK Visas and Immigration (UKVI) approved sponsor, we have a responsibility to comply with the Immigration Rules and guidance. As such, our ability to employ individuals who require sponsorship for immigration purposes is limited. The Bank cannot guarantee that you and / or the role you are applying for will be eligible for sponsorship and that any application made to UKVI will be successful. Eligibility will therefore be considered on a case by case basis. The Application Process Important: Please ensure that you complete the ‘work history’ section and answer ALL the application questions fully. All candidate applications are anonymised to ensure that our hiring managers will not be able to see your personal information, including your CV, when reviewing your application details at the screening stage. It’s therefore really important that you fill out the work history and application form questions, as your answers will form a critical part of the initial selection process. This role closes on 30 January 2025. The assessment process will comprise of two interview stages. Please apply online, ensuring that you complete your work history and answer ALL the application questions fully and in detail as your application will not be considered if all mandatory questions are not fully completed.