Cyber Security Analyst

On behalf of the Cabinet Office, we are looking for a Cyber Security Analyst (Inside IR35) for a 6 Month contract based Hybrid in London.

We are the Cabinet Office's Cyber and Information Security function. Our mission is to secure the Cabinet Office's digital and information assets against misuse, and enable the secure delivery of the department's mission. We do this by developing, operating, and governing the cyber and information security controls which protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK.

This role is within the Cyber Defence team, which is responsible for understanding, detecting and responding to cyber threats and vulnerabilities impacting the Cabinet Office. As a Cyber Security Analyst, you will support our alert triage and incident response capabilities.

As a Cyber Security Analyst your main responsibilities will be to:

1. Triage and investigate cyber security alerts and user reports, analysing systems, files, network traffic, and cloud environments to determine the nature and scope of potential incidents.
2. Support the technical response to cyber incidents by identifying and implementing (or assisting with) containment, eradication, and recovery measures.
3. Coordinate incident handling and contribute to post-incident reviews to capture lessons learned and actions required.
4. Drive continual improvement by identifying opportunities and supporting enhancements to incident investigation and response processes, tools, and workflows.
5. Collaborate with Cyber Defence functions to strengthen the broader team's capabilities, and contribute to internal documentation such as response plans, playbooks, and knowledge base articles.
6. Act as an escalation point and provide coaching and mentoring to apprentice security analysts.

Essential:

1. SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.
2. Experience investigating and responding to cyber incidents, with hands-on use of security tools such as EDR and SIEM to support incident detection and response.
3. Proficient with SIEM tools - ideally Splunk, though experience with Microsoft Sentinel or an equivalent SIEM tool is acceptable.
4. Strong analytical and problem-solving skills, with a solid understanding of tools, techniques, and procedures commonly used by threat actors.

Desirable:

1. Experience with Splunk.
2. Experience working in an Agile environment.
3. Experience with cloud environments such as AWS.

Please be aware that this role can only be worked within the UK and not Overseas.