About the job

Job summary

GCHQ is an intelligence, cyber and security agency with a mission to keep the UK safe.  We use cutting-edge technology, ingenuity and partnerships to identify, analyse and disrupt threats.  Working with our intelligence partners MI5 and MI6, we protect the UK from terrorism, cyber-attacks and espionage.  At GCHQ you’ll do varied and fascinating work in a supportive and inclusive environment that puts the emphasis on teamwork. 

The National Cyber Security Centre (NCSC), part of GCHQ, is the UK Government’s lead authority on cyber security. The organisation is at the heart of the Government’s cyber security strategy and has the aim of making the UK the safest place to live and work online.    

Job description

As an Intrusion Analyst, you’ll be part of NCSC Threats investigations team (TI) working across a range of cyber-crime and hostile state threat mission areas, and tasked to detect, analyse, and counter cyber threats targeting the UK. As a member of a “Mission Team” - a community of individuals who collaborate towards a common goal, you’ll work closely with other analysts to address threats posed by specific groups within a particular geographic area, or from a specific group of threats.   

Working with other analysts you’ll use a wide variety of classified and open sources to make progress against the highest priority of cyber threats the UK face.  Collaborating with our partners in UK intelligence, and with the significance on technical analysis, you may have the opportunity to represent your work in local, national and international forums. Excited by innovation and eager to discover new techniques, you’ll bring fresh ideas to the team as you get hands on with a broad range of analysis.  

The Threat Investigations analyst team is made up of technical analysts across our mission area and exists to share tradecraft and knowledge, it’s a shared community that provides support through mentoring and upskilling.   

There’s never been a better time to join NCSC as an Intrusion Analyst, you’ll be working in a unique and challenging environment, your work will change as the threat landscape evolves and you’ll get to work on some of the most interesting and wide-ranging topics looking at a spectrum of technologies and capabilities. Influencing leaders and working diligently to build close relationships with customers, our partners and the wider analyst community you’ll help us to build a collective understanding of the key cyber threats that impact the security of the UK. 

Person specification

Successful applicants will: 

• Take a lead on investigations into threats from key hostile cyber actors that affect the UK. 

• Develop a range of technical analysis skills to progress investigation outcomes.  

• Manage cyber incidents through their lifecycle, triaging and enriching information to support customers. 

• Curate knowledge and share tradecraft to enable collaboration.  

• Engage with partners in industry and the wider intelligence community as well as other areas of NCSC to achieve community aims.  

• Foster close working relationships with other analysts, acknowledging diverse approaches and ideas to deliver greater impact.   

We actively encourage continuous learning and we’re dedicated to allowing you space and resources for development, innovation and experimentation i.e. trial new tradecraft. 

But this isn’t just a desk job, you’ll collaborate with colleagues in your efforts to support our vital work, ensuring the right information is shared with the right people. Adaptable, motivated and collaborative, you’re comfortable engaging with colleagues at all levels, so you’ll be keen to work with others to find solutions. Whatever your background, you’re comfortable engaging with people, enjoy solving problems and embracing challenges to support our mission with a willingness to learn new things. 

The successful applicant will need to have: 

• Bachelor’s Degree in Cyber Security, Computer Science, Network Analysis, Information Technology or equivalent qualification, 

 And/or 

• Candidates will have some level of practical experience or workplace experience in cyber security analysis - e.g. in a range of technical analysis roles, information security incident handling and/or security operations/SOC.   

GCHQ Competencies 

The NCSC will assess you against competencies used by the UK Intelligence Community. These competencies are based closely on the Civil Service Behaviours. The Level 2 competencies you’ll assessed against are: 

• Continuously Developing (Civil Service Behaviour Equivalent: Developing Self and Others) 

• Working Collaboratively (Civil Service Behaviour Equivalent: Working Together) 

• Leading Inclusively (Civil Service Behaviour Equivalent: Leadership) 

• Delivering Outcomes (Civil Service Behaviour Equivalent: Delivering at Pace) 

• Providing Customer Value (Civil Service Behaviour Equivalent: Managing a Quality Service) 

Further information on Civil Service Behaviours 

Benefits

At NCSC and GCHQ, we are proud of our inclusive and supportive working environment that’s designed to encourage open minds and attitudes. As an organisation that values and nurtures talent, we are committed to helping you fulfil your potential.  With comprehensive training and development opportunities, tailored to your needs and the requirements of your work, we will enable you to flourish in your role and perform to the very best of your abilities. 

You’ll receive a starting salary of £34,663.  

The role attracts specialist pay starting from £6,900, which is achieved via evidence-based assessment approximately after 12 months in the role.  

Other benefits: 

• 25 Days Annual Leave automatically rising to 30 days after 5 years' service, and an additional 10.5 days public and privilege holidays 

• An environment with flexible working options 

• Opportunities to be recognised through our employee performance scheme. 

• Interest-free season ticket loan 

• Cycle to work scheme 

• Facilities such as a gym, restaurant and on-site coffee bars (at some locations) 

• Paid parental and adoption leave. 

• Excellent pension scheme - Civil Service pension with an average employer contribution of 27% 

Equal Opportunities 

At GCHQ diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds. 

Find out more about our culture, working environment and diversity on our website: 

Disability Confident 

GCHQ are proud to have achieved Leader status within the DWP’s Disability Confident scheme.  This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people.  Being Disability Confident, we aim to offer a person-to-person interview to any candidate who self-identifies as disabled and meets the essential criteria for the role.  This is our ‘Offer of Interview’ (OOI). To secure an interview for this vacancy, the essential criteria (in order of application process) are: 

• Bachelor’s Degree in Cyber Security, Computer Science, Network Analysis, Information Technology or equivalent qualification, and/or 

• Ideally Candidates will have some level of practical experience or workplace experience in cyber security analysis - e.g. in a range of technical analysis roles, information security incident handling and/or security operations/SOC.   

Things you need to know

Selection process details

What to Expect 

Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order: 

• Online Application. 

• Application sift. 

• Interview. 

• If successful, you’ll receive a conditional offer of employment. 

Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 - 9 months to process including vetting, so we advise you to continue any current employment until you have received your final job offer. 

Before You Apply 

To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here. 

This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here. 

Please note we have a strict drugs policy, so once you start your application, you can’t take any recreational drugs and you’ll need to declare your previous drug usage at the relevant stage. 

Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid having identifying features in your email address, such as your first and/or surname and date of birth. This is good practice and will help you to manage your application with us more discretely. 

The role is based in Cheltenham or Manchester, so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs. 

Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member. 

The closing date for this role is: 12/08/2024 

Right to Withdraw Statement:  

Please be aware that we withhold the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment. 

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission. The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.