About the job

Job summary

Cabinet Office Digital

The Cabinet Office is undergoing a significant Digital Transformation. Over the next three years we aspire to make UK Government digital services the best in the world, meeting or exceeding the benchmark set globally by the best public or private sector standards. For us to meet this ambition we are aiming to further improve the conditions, processes and expertise we have in place to be set up for success. This means we need to go much further and faster and strengthen the delivery of DDaT in government.
To support these ambitions we have established a way to build on existing strengths and this is based on six principles:

1. Build trust by stabilising services and getting the basics right
2. Be the gateway for all digital, data and technology services delivered by the Cabinet Office to its civil servants and ministerial bodies.
3. Provide impeccable service to our users.
4. Drive digital, data and technology thought leadership.
5. Transform ways of working.
6. Build sustainable capabilities

Job description

What you'll do 

The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and vulnerability management capabilities for the Cabinet Office, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior detection engineer, you’ll take a leading role in building and delivering these core capabilities, focusing on threat detection.

As a senior detection engineer, you will:

● Lead the development and maintenance of robust detection content in the SIEM, working with service teams across the department to understand and implement
requirements.
● Identify and deliver opportunities for continual improvement of the threat detection capability.
● Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities.
● Develop and update internal documentation, including knowledge base articles, standards, and policies.
● Be able to drive automation efforts for detection content to make it as scalable as possible.
● Act as an escalation point for, and provide coaching and mentoring to, security analysts and detection engineers.
● Be responsible for leadership and line management of security analysts and detection engineers.
● Develop a detection as code repository which will be a centralised location for all splunk detections and documentation.

Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.

Person specification

Its essential that you have:

● Experience working with SIEM tools.
● Experience building, maintaining and tuning detection content using languages such as SPL.
● Broader experience using common enterprise security tools such as EDR.
● An in-depth understanding of the tools, techniques and procedures used by threat actors.
● Experience coaching and mentoring junior staff.
● Excellent analytical and problem solving skills.
● Excellent verbal and written communication skills.
● Scripting knowledge with proficiency in at least one language.

It’s desirable, but not essential, that you have:

● Experience with Splunk.
● Experience working in an Agile environment.
● Experience with cloud environments such as AWS.
● Experience with APIs.

Benefits

Alongside your salary of £53,400, Cabinet Office contributes £14,418 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Things you need to know

Selection process details

Application process

This is to be submitted online at the following portal no later than Sunday 21 April 2024 (23:55) https://www.gatenbysanderson.com/job/GSe106994

When applying, please ensure that you provide the following information:

● Your CV.
● A supporting statement (of no more than 2 pages) detailing how you can address the Essential criteria in the Person Specification.
● Contact details for two referees. Referees should be people who can comment authoritatively on you as a person and as an employee and must include your current or most recent employer or his/her authorised representative. References will not be contacted until a successful appointment is made.
● A completed diversity monitoring form, this will appear on screen as part of the application process.

If you need a change to be made to the application process so you can make your application, you should: Contact GatenbySanderson via joincodigital@gatenbysanderson.com as soon as possible before the closing date to discuss your needs.

For a confidential discussion about the role, please contact our recruitment advisers at GatenbySanderson: Shoaib Haroon, Principal Consultant on M: 07384258626 or E: Shoaib.haroon@gatenbysanderson.com OR Russell Brandon, Associate Researcher on M: 01962 864124 or E: russell.brandon@gatenbysanderson.com

Should you have any general enquiries about the application process, please email: joincodigital@gatenbysanderson.com


Expected timeline (subject to change)
Expected sift date – 26/04/2024
Expected interview date/s – End of w/c Monday 6 May 2024
Interview location - Online

Reasonable adjustments
If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes.

Further information
If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'contact point for applicants' section.

Please note that this role requires SC clearance, which would normally need 5 years UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible.

Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.

Any move to Cabinet Office from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at: https://www.childcarechoices.gov.uk.

A reserve list will be held for a period of 12 months, from which further appointments can be made.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window). People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window). The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.