On behalf of the Cabinet Office, we are looking for a Cyber Security Analyst (Inside IR35) for a 6 Month contract based Hybrid in London.

We are the Cabinet Office’s Cyber and Information Security function. Our mission is to secure the Cabinet Office’s digital and information assets against misuse, and enable the secure delivery of the department’s mission. We do this by developing, operating, and governing the cyber and information security controls which protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK.

This role is within the Cyber Defence team, which is responsible for understanding, detecting and responding to cyber threats and vulnerabilities impacting the Cabinet Office. As a Cyber Security Analyst, you will support our alert triage and incident response capabilities.

As a Cyber Security Analyst your main responsibilities will be to:

• Triage and investigate cyber security alerts and user reports, analysing systems, files, network traffic, and cloud environments to determine the nature and scope of potential incidents.
• Support the technical response to cyber incidents by identifying and implementing (or assisting with) containment, eradication, and recovery measures.
• Coordinate incident handling and contribute to post-incident reviews to capture lessons learned and actions required.
• Drive continual improvement by identifying opportunities and supporting enhancements to incident investigation and response processes, tools, and workflows.
• Collaborate with Cyber Defence functions to strengthen the broader team’s capabilities, and contribute to internal documentation such as response plans, playbooks, and knowledge base articles.
• Act as an escalation point and provide coaching and mentoring to, apprentice security analysts.

Essential:

• SC Clearance is an essential requirement for this role, as a minimum you must be willing & eligible to undergo checks. Please note, due to the exceptional requirements of this position (short-term nature of this role and speed at which we require a postholder in situ) preference may be given to candidates who meet all of the essential criteria and hold active security clearance.
• Experience investigating and responding to cyber incidents, with hands-on use of security tools such as EDR and SIEM to support incident detection and response.
• Proficient with SIEM tools — ideally Splunk, though experience with Microsoft Sentinel or an equivalent SIEM tool is acceptable.
• Strong analytical and problem-solving skills, with a solid understanding of tools, techniques, and procedures commonly used by threat actors.

Desirable:

• Experience with Splunk.
• Experience working in an Agile environment.
• Experience with cloud environments such as AWS.

Please be aware that this role can only be worked within the UK and not Overseas.

Armed Forces Covenant

The Cabinet Office guarantees to interview veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. In exceptional circumstances, we may also need to apply the desirable criteria in our shortlisting process which may include holding active security clearance.

In applying for this role, you acknowledge the following “this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different”.