Data Security Analyst (Incident Response Lead)

The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.

We are the Cabinet Offices cyber security team, and our mission is to secure the department against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK

This role is within Cyber Defence, which delivers cyber threat intelligence, threat detection, incident response and vulnerability management capabilities for the Cabinet Office, and is responsible for protecting and securing internal IT infrastructure and citizen-facing services.

As a data security analyst, youll focus on the investigation and response to data security incidents, and will:

• triage and investigate data security alerts (including from our email, productivity, network, and endpoint tools)
• use a variety of techniques to analyse systems, network traffic and cloud environments and understand the nature and extent of possible data security incidents
• support the response to data security incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions
• support the response to data security incidents by engaging and collaborating with Data Protection, Security, and wider Corporate Services functions
• support the coordination of data security incidents
• contribute to post-incident reviews to identify lessons and actions
• identify opportunities for, and support the delivery of, continual improvements to the data security capability
• work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
• contribute to internal plans, playbooks and knowledge base articles
• act as an escalation point for, and provide coaching and mentoring to, associate security analysts

Incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.

As a data security analyst, youll focus on the investigation and response to data security incidents, and will:

• Continuous monitoring of security alerts and incidents.
• Creation and tuning of detections for data loss prevention
• Collaborating with the incident response team to mitigate threats.
• Reporting on security risks and trends to senior management.
• Ensuring compliance with data protection regulations.

1. Technical Proficiency in Cybersecurity Tools:

Demonstrated experience with security information and event management (SIEM) tools and other cybersecurity software for monitoring and analysing security events. Splunk experience preferred.

2. Incident Response Expertise:

Experience in handling security incidents, including detection, investigation, containment, and remediation, with an ability to operate effectively under pressure.

2. Knowledge of Threat Intelligence and Vulnerabilities:

Knowledge of current cyber threats, attack vectors, and vulnerability management practices (in particular relating to data loss) as well as experience in applying this knowledge to protect the organisation.

3. Collaboration and Analytical Thinking Skills:

Strong analytical skills to identify patterns, anomalies, and potential threats from complex datasets, and the ability to devise effective solutions to security challenges.

4. Communication and Collaboration Abilities:

Excellent verbal and written communication skills, with experience in preparing reports and documentation, and the capability to collaborate effectively with cross functional teams and stakeholders.

Additional information:

Cabinet Office policy is that a minimum 60% of your working time should be spent at your principal workplace. For some roles, due to their nature and the business need, this may be up to 100%. Requirements to attend other locations for official business will also count towards this level of attendance.