About the job

Job summary

NRS are looking for dynamic individuals to join the Cyber Security Operations Team as a Senior Cyber Security Analyst.

 

National Records of Scotland (NRS) is the Scottish nation's record keeper and official source of demographic statistics – information about population, households, migration, vital events, life expectancy and electoral statistics and maintains the nation’s records archive as one of Scotland’s five National Collections.

 

You will be responsible for protecting the confidentiality, integrity, and availability of information and information systems used by the Scottish Government and our partners across government.

 

You will bring demonstrable experience in SOC management including (but not limited to): vulnerability management, security monitoring and security administration.

 

DDaT (Digital, Data and Technology) Pay Supplement

 

This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review.

 

This post is part of the Scottish Government DDaT profession.

 

As a member of the profession, you will join the professional development system, currently BCS RoleModelplus.

Job description

Responsibilities

• Information Security: Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems. Investigates suspected attacks and manages security incidents. Uses forensics where appropriate.

 

• Security Administration: Maintains security administration processes and checks that all requests for support are dealt with according to agreed procedures. Provides guidance in defining access rights and privileges. Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.

 

• Vulnerability Management: Maintains current knowledge of malware attacks, and other cyber security threats. Assesses and prioritises vulnerabilities using in-depth technical analysis of risks and typical vulnerabilities. Raises requests through incident management system, detailing the vulnerability, assets impacted and required remediation activity. Works with remediation team to understand the priority and required actions, tracking each vulnerability through to remediation. Reports upon success of vulnerability management through the appropriate risk boards. Recommend service improvements to reduce resource overhead, facilitate quicker remediation of vulnerabilities or reduce risk to the organisation.

 

• Security Monitoring: Monitors the Security Information and Event Management tool for alerts, investigating and resolving or escalating as appropriate. Support in the on-boarding of new systems into the SIEM solution, identify the use case for the logs, appropriate alerts and the playbooks that will be followed to resolve the alert. Recommend service improvements to reduce resource overhead, facilitate quicker remediation of vulnerabilities or reduce risk to the organisation.

 

• Technical Specialism: Maintains knowledge of specific specialisms, provides detailed advice regarding their application and executes specialised tasks. The specialism can be any area of information or communication technology, technique, method, product or application area.

Person specification

Essential Criteria : 

 

1. High level knowledge and understanding of the internal and external cyber security risks to IT systems, services and data storage.

2. Demonstrable experience of working with cyber security technologies such as security monitoring, vulnerability detection, privilege access management, penetration testing, sandboxing etc.

3. Knowledge and understanding of Government and International Security standards, e.g. HMG Security Policy Framework, and ISO 27001 (Information Security Standard). 

4. The ability to analyse, interpret and apply complex technical information.

Benefits

Alongside your salary of £35,196, Scottish Government contributes £9,502 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

The sift will be completed 1 week following the closing date with dates for interviews offered approximately 2 weeks after the application closing date.

Please apply using link provided.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.