Working as a Security Alert Analyst you will monitor systems to detect potential indicators of compromise. You will lead the first stage categorisation and investigation of security alerts generated by analytical tools and capabilities operating across DWP systems and networks. You will be responsible for interpreting reports and dashboards and, using your knowledge of security risks and latest cyber intelligence, will ensure an effective response to alerts. Where appropriate you will escalate potential incidents, collating and presenting all necessary information to others, to enable immediate and accurate investigations. You will use malware analysis tools as appropriate to support your decision-making. You will support the development of theoretical rules to test and deploy across large data sets and will continually review and refine those rules to ensure high quality outputs are maintained and supplied to operational stakeholders. Responsibilities: Successful candidates can expect to be involved in a range of activities including the following Effectively use security tooling including Security Information and Event Management (SIEM) platforms and open-source intelligence, to identify security compromises within large amounts of complex data. Provide in-depth analysis of reports and dashboards and respond to alerts generated by the latest analytical tools and capabilities operating across machine data within DWP systems. Demonstrate knowledge of the latest security threats and indicators of compromise, to ensure an effective response to alerts as well as to new threats and attack vectors. Undertake proactive interrogation of activity captured in system logs and across large data sets to quickly determine if systems have been compromised. Use intelligence effectively to ensure appropriate response actions to security threats. Provide cyber security specific input to investigations through the application of technical knowledge and exploitation of cyber intelligence. Use malware analysis tools (commercial and/or open source) to support analysis and decision making. Work within the confines of relevant legislation as it applies to cyber security and digital forensics activities. Provide timely intervention to protect the DWP IT estate through initiating containment processes to isolate and prevent the spread of malware. Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities. Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies. Ensure that all team activities comply with legal and internal requirements and that all evidence produced from investigations is suitable for use in disciplinary or legal actions. Ensure the Departments data is used safely, proportionately, and legally at all times. Support remedial activity as a result of identified weaknesses within the estate. Manage multiple priorities and respond flexibly to competing demands. Person specification Key Criteria for the Role : Successful candidates will need to demonstrate their suitability for the role using the essential and desirable criteria below: Essential criteria : ( LEAD CRITERIA ) Experience of working in a cyber security or IT based role or have completed, or be working towards completion of, a cyber focused qualification Familiar with SIEM products and an understanding of their capabilities as monitoring tools and how they can be used to identify security or data compromises Experience of working in an operationally focused delivery team, with the ability to manage multiple priorities and respond flexibly to competing demands and organise work accordingly Demonstrable aptitude for analytical work including using data from a variety of sources and in different formats to draw conclusions Good knowledge of cyber security threats and how to mitigate against them Desirable : Experience in handling and categorising security alerts Behaviours We'll assess you against these behaviours during the selection process: Communicating and Influencing Making Effective Decisions Delivering at Pace Working Together Benefits Alongside your salary of 37,497, Department for Work and Pensions contributes 10,862 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides. DWP have a broad benefits package built around your work-life balance which includes: Working patterns to support work/life balance such as job sharing, term-time working, flexi-time and compressed hours. Generous annual leave at least 23 days on entry, increasing up to 30 days over time (prorata for part time employees), plus 9 days public and privilege leave. Support for financial wellbeing, including interest-free season ticket loans for travel, a cycle to work scheme and an employee discount scheme. Health and wellbeing support including our Employee Assistance Programme for specialist advice and counselling and the opportunity to join HASSRA a first-class programme of competitions, activities and benefits for its members (subscription payable monthly). Family friendly policies including enhanced maternity and shared parental leave pay after 1 years continuous service. Funded learning and development to support progress in your role and career. This includes industry recognised qualifications and accreditations, coaching, mentoring and talent development programmes. An inclusive and diverse environment with opportunities to join professional and interpersonal networks including Womens Network, National Race Network, National Disability Network (THRIVE) and many more. Things you need to know Selection process details This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Strengths and Experience. Stage 1: APPLICATION & SIFT As part of the application process you will be asked to complete a CV & personal statement (1,000 words). All applications will be assessed and sifted based on the key criteria in the Person Specification section of the advert, using the information you provide in your completed application form. Further details around what this will entail are listed on the application form. In the event of a large number of applications being received we will use the Lead Criteria to initially assess your application during the sift stage: Experience of working in a cyber security or IT based role or have completed, or be working towards completion of, a cyber focused qualification. Candidates who pass the initial sift will be progressed to a full sift. The sift panel will use the information relating to your employment history (your CV) and your personal statement, to assess your experience, skills and knowledge. When giving details of your employment history, you should therefore include details of the work and projects that you have been involved in, and your role therein. Applications must include: A. A completed Personal Details application form. B. A curriculum vitae with education, professional qualifications and full employment history, giving details of key achievements relevant to the skills and experience outlined in this job description. C. A personal statement. In no more than 1000 words, please demonstrate how you meet the key criteria, outlined in the 'Person Specification' section of the job advert. A NOTE ON ANONYMISATION Due to DWPs use of anonymised recruitment practices it is not possible for applicants to upload/attach a CV; any information that you would customarily share on a CV should therefore be entered onto the application form. Please ensure you provide sufficient information to enable to sift panel to make an informed judgement about your suitability for this role. IMPORTANT INFORMATION: Please include all other information that you would customarily provide when presenting a CV/cover letter, as the sift panel use this information to assess your application. DWP operates an anonymised recruitment process. When entering information relating to your employment history you will be asked to remove any personal details that could be used to identify you. This relates to name and contact details which might usually appear on your CV/Cover letter. Failure to do so will result in your application being withdrawn. Stage 2 SIFT & INTERVIEW INFORMATION: Applications will be sifted at regular intervals from the date the posts are advertised. Sifting for this role will be concluded once the advert closes. The final stage of the process will be a face-to-face interview where you will be assessed against the behaviours outlined in the advert as well as strengths. Candidates will be required to give a short presentation at interview, details of which will be provided prior to you attending. To help you prepare and settle into the interview you will be sent the behaviour questions in advance of the interview. These questions should be treated as confidential and should not be shared. The interview panel may ask you other questions which will not be shared in advance, including follow-up questions, and those about your strengths. Only candidates that have been successful at the previous stage will be invited to attend. Sift and Interview dates to be confirmed. Further Information Find out more about Working for DWP A reserve list may be held for a period of 6 months from which further appointments can be made. Any move to DWP from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at visit the Childcare Choices website. If successful and transferring from another Government Department a criminal record check may be carried out. In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service/Disclosure Scotland on your behalf. However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing Pre-EmploymentChecks.grscabinetoffice.gov.uk stating the job reference number in the subject heading. For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager inconfidence, or email Infodisclosurescotland.co.uk Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicants details held on the IFD will be refused employment. A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5 year period following a dismissal for carrying out internal fraud against government. New entrants are expected to join on the minimum of the pay band. For further information on National Security Vetting please visit the Demystifying Vetting website. Before applying for this vacancy, current employees of DWP should check whether a successful application would result in changes to their terms & conditions of employment, e.g. mobility, pay, allowances. Civil Servants that would transfer into DWP from other government organisations, following successful application, will assume DWP's terms & conditions of employment current on the day they are posted, unless DWP has stated otherwise in writing. The Civil Service values honesty and integrity and expects all candidates to abide by these principles. Please ensure that all examples provided in your application are taken directly from your own experience and that you describe the examples in your own words. Applications will be screened and if evidence of plagiarism or copying examples/answers from other sources is found, your application will be withdrawn. Internal DWP candidates may also face disciplinary action. Reasonable Adjustment At DWP we value diversity and inclusion and actively encourage and welcome applications from everyone, including those that are underrepresented in our workforce. We consider visible and non-visible disabilities, neurodiversity or learning differences, chronic medical conditions, or mental ill health. Examples include dyslexia, epilepsy, autism, chronic fatigue, or schizophrenia. If you need a change to be made so that you can make your application, you should: Contact Government Recruitment Service via DWPRecruitment.grscabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs. Complete the Reasonable Adjustments section in the Additional requirements page of your application form to tell us what changes or help you might need further on in the recruitment process. For instance, you may need wheelchair access at interview, or if youre deaf, a Language Service Professional. If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section. Feedback Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window). See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks. Nationality requirements This job is broadly open to the following groups: UK nationals nationals of the Republic of Ireland nationals of Commonwealth countries who have the right to work in the UK nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window) nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS) individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020 Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service Further information on nationality requirements (opens in a new window) Working for the Civil Service The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Diversity and Inclusion The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window) .