Principal Cyber Security Analyst (4385)
- Civil Service
- Full Time
- Dundee
- 62,111 - 77,439
Job Description
Job summary
At Social Security Scotland, security is fundamental to delivering trusted public services. We're looking for an exceptional Principal Cyber Security Analyst to lead our Security Operations capability, helping us defend critical systems, protect sensitive data, and respond to an evolving cyber threat landscape. This is an opportunity to combine strategic leadership with hands-on technical expertise while making a genuine difference to the lives of people across Scotland.
As a senior technical leader within the Security Operations function, you will lead a team of Cyber Security Engineers and Analysts, providing both strategic direction and hands-on technical oversight. You will take ownership of the organisations core security tooling estate, driving continuous evolution and optimisation to ensure our capabilities remain effective against an evolving threat landscape.
You will be accountable for the design, implementation, and operation of key security technologies and services across a cloud-first environment, including:
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation and Response (SOAR)
- Endpoint Detection and Response (EDR/XDR)
- Network Detection and Response (NDR)
- Vulnerability and Exposure Management
- Security Incident Management and Response
- Cyber Threat Intelligence (CTI)
This role requires deep technical expertise across modern security operations tooling and architectures, with a strong understanding of how to operate and optimise these capabilities within a complex, cloud-native environment. You will be expected to articulate and influence security strategy, manage technical risk, and ensure the effective implementation of controls to mitigate cyber threats.
If you are passionate about security operations and eager to make a real difference in public services, we invite you to join our talented team and take the next step in your career.
GDD Pay Supplement
This post is part of the Government Digital and Data (GDD) profession and currently attracts a 4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.
Job description
- Lead and develop the Security Operations team, establishing governance, standards and performance measures that drive effective threat detection, incident response and continuous improvement, aligned to organisational risk appetite and a cloud-first strategy.
- Own and optimise the organisation's security tooling and detection platforms, ensuring they are effectively integrated, maintained and continuously enhanced to deliver scaleable, automated security operations.
- Build and influence relationships with senior stakeholders, acting as a trusted adviser and key point of contact on all aspects of cyber security.
- Provide expert cyber security leadership and authoritative guidance on the implementation and operation of security controls across the organisation and wider government community.
- Understand user and business needs, identifying emerging technology trends and usage patterns to help shape effective, risk-based security policies and controls.
- Deliver strategic cyber security initiatives that support the Cyber Security Strategy and strengthen the management of business risk, information security and data protection.
- Lead and continuously improve incident management, investigation and response processes, ensuring effective preparation for and response to cyber security incidents.
- Manage the assessment and response to cyber threats, maintaining the confidentiality, integrity, availability and compliance of organisational systems and information.
- Lead security testing activities, overseeing the design, delivery and assessment of exercises and reviews while ensuring compliance with relevant policies, procedures and standards.
- Develop and maintain cyber security policies, standards and guidance that meet business, technology and legal requirements, and reflect industry best practice.
Person specification
Success Profiles
We use an assessment framework called Success Profiles which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here.
For this post, the following Success Profile elements will be assessed:
Experience
1. Experience of leading and developing cyber security teams, with the ability to design, implement and continuously improve Security Operations capabilities, including threat detection, automation, orchestration and the development of security processes and procedures to meet evolving business and threat requirements.
2. Experience of advising on organisational and technical responses to cyber security incidents, with responsibility for developing and driving incident investigation, response policies, processes and procedures.
3. Expert knowledge of system architectures, with the ability to assess and articulate the impact of vulnerabilities on existing and future systems, services and designs.
Behaviours
- Communicating and Influencing (Level 4)
You can find out more about Success Profiles Behaviours here
Technical / Professional Skills
This role is aligned to Principal Cyber Security Analyst within the Government Digital and Data Profession.
Please review the following to understand the skill expectations:
These skills will be tested during the Technical Assessment if you are successful at sift stage. They will not be assessed at application stage.