Back to search

Lead Cyber Security Analyst

Civil Service

Job Description

Job summary

Across government, cyber security is fundamental to protecting critical services, safeguarding sensitive data and maintaining public trust. As cyber threats continue to evolve in scale and sophistication, organisations must strengthen their ability to detect, analyse and respond to potential incidents in real time. Ofgem plays a vital role in the UKs energy system, protecting consumers and enabling a more secure, fair and sustainable energy future, and effective cyber security operations are essential to ensuring resilience and continuity of services.

Ofgem is on a significant transformation journey. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our cyber security capability to support a modern, digitally enabled organisation. This includes enhancing monitoring, threat intelligence and incident response processes to ensure that risks are identified early and managed effectively.

As a Lead Cyber Security Analyst, you will play a critical role in protecting Ofgems systems and services. You will lead the monitoring and analysis of security events, drive improvements to detection capabilities and support the effective investigation and response to incidents. You will work across security operations, threat intelligence and vulnerability management, ensuring that the organisation remains resilient against a dynamic threat landscape.

This is a technically demanding and high-impact role, requiring strong analytical capability, experience in security operations and the ability to lead activity across complex environments. You will act as both a subject matter expert and a leader, supporting the development of capability and driving continuous improvement across cyber security operations.

Job description

You will be responsible for:

  • Leading the monitoring and analysis of security events, ensuring threats are identified, investigated and responded to effectively.
  • Managing the development and implementation of the monitoring roadmap, enhancing detection capabilities across the organisation.
  • Overseeing the triage and investigation of security alerts using SIEM and other monitoring tools, ensuring appropriate escalation and response.
  • Leading the development of automated monitoring and detection processes, improving efficiency and accuracy of threat detection.
  • Managing vulnerability assessment and remediation activities, ensuring risks are prioritised and addressed using a risk-based approach.
  • Leveraging threat intelligence to inform security operations, identify risks and enhance preventative controls.
  • Leading incident response activities, including investigation, containment and recovery, and contributing to continuous improvement through lessons learned.
  • Providing expert advice to stakeholders on security risks, mitigations and best practice.
  • Supporting resilience through preparedness exercises, red teaming and continuous capability development.
  • Producing reporting and insight on security posture, risks and trends for senior stakeholders.

We are looking for:

A skilled and experienced cyber security professional who can operate effectively in a complex, fast-moving environment. You will bring strong technical expertise in security operations, along with the ability to lead and influence across teams.

You may come from a security operations, threat intelligence or cyber defence background, but you will demonstrate:

  • Experience working within a Security Operations environment
  • Strong experience in incident detection, analysis and response across complex systems
  • Expertise in intrusion detection, threat intelligence and vulnerability management
  • Experience working with security tools, including SIEM and monitoring platforms
  • The ability to communicate complex security issues clearly to technical and non-technical stakeholders

Relevant certifications such as SANS, GIAC or CISSP are expected (or willingness to achieve).

Experience working in government or regulated environments, and familiarity with threat landscapes relevant to energy or critical infrastructure, would be beneficial.

This is an opportunity to play a key role in safeguarding Ofgems digital environment. You will help ensure that systems and services are secure, resilient and capable of responding effectively to cyber threats, supporting the organisations mission at a time when cyber security has never been more critical.

Person specification

Essential Criteria

  • Demonstrable experience in analysing incidents across a complex environment. (Lead Criteria)
  • Experience in intrusion detection and analysis. (Lead Criteria)
  • Experience in a Security Operations environment.
  • Previous exposure to IT and network security and networking technologies and with system, security, and network monitoring tools.
  • Either holds, or can achieve, SC clearance.
  • SANS or GIAC Security Operations Modules or CISSP.

Desirable Criteria

  • Sound awareness of the threat environment faced by government, regulatory departments and the energy industry.
  • Experience with M365 and Azure-related Security tooling.

Yodel are hiring now

Working at Yodel, they promise to support you, develop you and give you all the tools you need to do a great job. They have a range of opportunities across the UK now - why not see if Yodel have the perfect role for you?

See Yodel jobs

Good luck with your application