Ministry of housing, communities and local government
Cyber SOC Analyst
Job Description
Details
Reference number
Salary
Job grade
Contract type
Business area
Type of role
Working pattern
Number of jobs available
Contents
Location
About the job
Benefits
Things you need to know
Apply and further information
Location
About the job
Job summary
Here at the Department for Levelling Up, Housing and Communities (DLUHC), we work on things that make a real difference to people’s lives.
Whether it’s through the homes we live in, the work of our local councils, or the communities we’re all part of, our work is at the top of the political agenda. We have ambitious and far-reaching outcomes to achieve this year and, if you’re thinking of joining us, there’s never been a more exciting time.
We have over 3,500 staff who are based in 20 offices across the UK.
Our aim is to provide high quality Digital services for our staff using a mix of internal and external teams to deliver evergreen cloud services. Delivering this responsibility comes with a high demand for adoption of new technologies, systems and applications that require security review and scrutiny to ensure the department operates in a safe and secure environment that is overseen by centralised security products such as a SIEM, vulnerability scanners and security validation tools.
We’re investing in additional roles to ensure that we can continue to mature our cyber security capabilities.
As a Cyber Security SOC Analyst, you will be working with our small team of internal SOC analysts. You will collaborate with cross-functional teams to detect, analyse, and respond to potential security incidents, ensuring the protection of our data and information systems. Your expertise in cybersecurity, team skills and deep technical knowledge will be essential in identifying emerging threats, supporting implementation of effective security measures, and maintaining the highest standard of cybersecurity within our organisation.
We particularly welcome candidates from an ethnic minority background and other underrepresented groups to apply, as we work to continually improve our ability to represent the places and communities we support through our work.
Find out more about what it’s like to work in a digital, data and technology role at DLUHC including our culture, ways of working, career progression and staff benefits. You can also read the DLUHC Digital blog to learn about the work we’re doing.
Job description
As a Cyber SOC Analyst, you’ll:
- conduct the daily operations of the internal SOC, including incident monitoring, analysis, and response
- monitor security events and alerts using Microsoft Sentinel and other security technologies
- implement and enhance SOC procedures, guidelines, and best practices to ensure efficient and effective incident response
- collaborate with internal stakeholders such as system and service owners to develop and enhance protective monitoring, protective and detective controls and work with cyber security teams and stakeholders, internally and externally as required to ensure a co-ordinated approach to cyber security tooling, risk management, information sharing and policies
- support major incident response efforts and lead on incident response efforts, including containment, investigation, analysis, and reporting of security incidents
- conduct post-incident analysis and recommend improvements to enhance the department’s overall security posture
- collaborate with our CSOC service management supplier to ensure the timely resolution of security issues and develop alerting and playbooks for services, IT engineers to ensure the proper configurations and management of security monitoring tools and technologies and with cross-functional teams to develop and improve incident response plans, playbooks, and standard operating procedures (SOPs)
- prepare and present reports on SOC operations, incident response activities, and security posture to key stakeholders and provide timely and accurate incident reports, including analysis, findings, and recommendations for improvement
- conduct real-time threat hunting, identifying, and investigating suspicious activities, and responding promptly to mitigate risks
- stay up to date with the latest security threats, vulnerabilities, and industry trends, sharing knowledge and insights with the team
- perform security log analysis, event correlation, and threat intelligence research to proactively identify potential security risks
- assist in the review of configuration of security technologies, including firewalls, antivirus, and intrusion prevention systems (IPS)
- support vulnerability assessments, and security audits to identify weaknesses and recommend appropriate remediation actions as well as incident response drills and table top exercises to enhance the organisation’s preparedness and response capabilities
- support junior cyber security staff and help upskill engineers and architects in good cyber practices
Person specification
We will use the essential criteria below to evaluate you during the recruitment process. Make sure your CV and cover letter details how you meet the criteria.
As a Cyber SOC Analyst, you’ll have:
- strong experience as a SOC analyst in an enterprise organisation
- strong knowledge of cyber security principles, frameworks, and best practices
- in-depth understanding of security technologies and concepts, including some of the following – Microsoft Sentinel, Cisco Meraki, Zscaler, Microsoft Defender, End-point protection, Advance KQL, automation, playbooks, and workbooks
- hands-on experience with incident response and forensics tools, techniques, and methodology
- ability to analyse and interpret security logs, event data, and alerts to identify potential threats
- proven experience in a cybersecurity role, with a focus on security operations and incident response
- understanding of cybersecurity principles, frameworks, and best practices
- familiarity with security technologies such as SIEM, IDS/IPS, firewalls, endpoint protection systems, and vulnerability scanners
- knowledge of network protocols, traffic analysis, and cyber-attack methodologies
- familiarity with incident response processes, methodologies, and tools
- strong problem-solving and analytical skills, with the ability to investigate and resolve security incidents effectively
- relevant industry qualifications to the role, such as those from SANS or Microsoft. It would be an advantage if you’re keen to develop your cyber security and technical design skills further
- an appetite for continued learning is desirable and we will support your development and achieving qualifications in post
Behaviours
We’ll assess you against these behaviours during the selection process:
- Changing and Improving
- Working Together
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
Things you need to know
Selection process details
MHCLG want to bring in a diverse workforce at all levels.
Our application system is designed to remove as much bias as possible from the recruitment system – this means that a hiring manager does not know your name, your details, see your whole application in one go (or have your CV at review stage unless stated otherwise).
CV Declaration
We recruit based on your knowledge and skills, and not background, gender or ethnicity – this is called name blind recruitment.
Please remove references to your:
- name/title
- educational institutions
- age
- gender
- email address
- postal address
- phone number
- nationality/immigration status
Most of our campaigns utilise multiple assessors and so it is possible that your application would be viewed by different assessors.
In the event that we receive a large number of applications, we may conduct an initial sift using the lead sift question listed in the advert. Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to interview.
Lead sift question (Experience) – Please confirm you closely align to the person specification and describe a recent improvement you’ve been responsible for delivering, relevant to this Job Description?
At sift, through your CV we will be assessing:
- Experience
- Technical
The interview will be of a blended nature consisting of the following success profiles elements:
Behaviour: Changing and Improving, Working Together
Experience
Technical
The Vacancy Manager has also requested that candidates undergo a practical assessment at interview. A practical technical competence test will be conducted during the interview phase to confirm the identified candidate(s) have the required skills detailed in the job description.
In full the campaign will test the below Success Profile Elements:
Experience: Experience questions will be based around the essential skills and criteria as listed in the person specification
Technical: Technical questions will be based around the essential skills and criteria as listed in the person specification
Behaviours: Changing and Improving, Working Together
We do not consider direct CV applications – you must apply for this role via the application link on Civil Service Jobs:
Please note that near miss offers may be made at the lower grade to candidates who do not meet the grade criteria for this campaign.
Group 1 DDaT roles
DLUHC has implemented the DDaT capability framework for Group 1 roles. Applicants that are successful at the sift stage will be required to complete a capability assessment at interview.
DLUHC will honour completed capability assessments for this role from other Government Departments for existing Civil Servants. Please provide a copy of your capability assessment to the Hiring Manager when applying. If you have any queries on pay, please contact the Hiring Manager.
Salary is determined by performance at interview, within the range advertised. Each experience or technical skill is assessed between 1-3, representing working towards, at or above the job level requirements. You are awarded a proficiency level accordingly, and you will be given opportunities at least once a year to re assess your capability and progress through the pay scale within your grade. An additional digital allowance may be payable depending on level of assessed capability.
Candidates moving from another government department have the option to retain their current salary where the principle for implementation is there is no detriment where existing pay exceeds the indicative level. Where individuals are at a lower salary than their assessed level, they will receive an upward adjustment.
SEO Group 1 DDaT salary
The salary for this role will between £48,104 – £51,888 (London), £44,590 – £48,509 (National) depending on the proficiency level assessment.
An additional digital allowance may be payable depending on the level of assessed capability up to £6,665
For applicants in receipt of existing allowances, we will assess each case individually and aim to match the digital allowance implemented with no detriment.
For existing civil servants, the usual policy on level transfer and promotion will apply and is non-negotiable
Please note that the average employer pension contribution is based upon the National minimum salary for this role. Should your agreed starting salary for this role be different, the average employer pension contribution will be calculated accordingly. If you are a Secondee, this will not apply as you will remain on your home organisation’s terms and conditions.
Benefits
Transfers across the Civil Service on or after 4 October 2018:
Any move to DLUHC from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk.
For further information about the benefits available to DLUHC employees, please see the attached Candidate Pack.
Location
- London
- Wolverhampton
- Darlington*
- Bristol
- Leeds
- Manchester
There may be opportunities for candidates to work flexibly depending on the business needs. This will be discussed with the vacancy manager on a case-by-case basis if you are successful for the role.
- Please note: The Darlington Economic Campus is a pioneering new cross-government hub which will bring together people across departments and public organisations to play an active role in the most important economic issues of the day. The work of the Campus will make a real difference to people both across the UK and internationally. There will be substantial career opportunities and exciting prospects – a career at the Campus means you will be working at the heart of Government, with access to the benefits and fantastic opportunities offered by the civil service. This role is based at DLUHC and we will be joined on the campus by:
- HM Treasury
- Department for International Trade
- Department for Business, Energy and Industrial Strategy
- Office for National Statistics
- Department for Education
For further information on the DEC, please take a look at the attached DEC candidate pack.
Sift and Interview dates
Sifting is envisaged to take place from Monday 03/02/2025 with interview dates to be confirmed. All interviews are currently being held remotely via videocall.
Reserve List
In the event that we identify more appointable candidates than we currently have posts available, we will hold applicant details on a reserve list for a period of 6 months from which further appointments can be made. This may include roles at a lower grade. Candidates placed on a reserve list will be informed of this. Due to the length of time CTC checks can take, our HR Shared Services team will contact reserve list candidates for London based roles to commence CTC checks. Those candidates who do not wish to remain on the reserve list should contact recruitment@levellingup.gov.uk to be removed from the reserve list.
SC (Security Check):
Important note
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Check and the process can take up to 8 weeks to complete.
Please note that successful candidates will need to pass the Security Check – this requires you to have been resident in the UK for the past 5 years. Please refer to the DLUHC Notes on Security Clearance section of our Candidate Pack for further information on Security Check (SC).
Candidates should also note that with effect from 1st August 2018 the department will also check all applicants who are successful at interview, against the Internal Fraud Database (IFD) held by the Cabinet Office. In accordance with the Civil Service Internal Fraud Policy, any applicant who is included on the IFD will be refused employment by DLUHC. Please see the Candidate Pack for further information on the Internal Fraud Database.
Before starting your application it’s very important to make sure that you are eligible to apply and meet the Civil Service nationality requirements. All candidates are expected to read the information provided in the DLUHC candidate pack regarding nationality requirements and rules
Candidate Pack Information
Please see attached Candidate pack for further information.
Internal Fraud Database
The Internal Fraud function of the Fraud, Error, Debt and Grants Function at the Cabinet Office processes details of civil servants who have been dismissed for committing internal fraud, or who would have been dismissed had they not resigned. The Cabinet Office receives the details from participating government organisations of civil servants who have been dismissed, or who would have been dismissed had they not resigned, for internal fraud. In instances such as this, civil servants are then banned for 5 years from further employment in the civil service. The Cabinet Office then processes this data and discloses a limited dataset back to DLUHC as a participating government organisations. DLUHC then carry out the pre employment checks so as to detect instances where known fraudsters are attempting to reapply for roles in the civil service. In this way, the policy is ensured and the repetition of internal fraud is prevented.
For more information please see- Internal Fraud Register
Feedback will only be provided if you attend an interview or assessment.
Security
See our vetting charter (opens in a new window).
Nationality requirements
This job is broadly open to the following groups:
- UK nationals
- nationals of the Republic of Ireland
- nationals of Commonwealth countries who have the right to work in the UK
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
- nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
- individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
- Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)
Working for the Civil Service
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission’s recruitment principles (opens in a new window).
Diversity and Inclusion
Apply and further information
Contact point for applicants
Job contact :
Recruitment team