Security Operations Analyst

Cyber Security and Privacy London, United Kingdom Birmingham, United Kingdom Sheffield, United Kingdom Manchester, United Kingdom


Salary: £48,500 to £60,000 (London) & £44,135 to £54,600 (National) depending on skills and experience  
Contract type: 2-year fixed term appointment
Grade: MoJ Band Bc
Number of open roles: 3
Location: Birmingham/Sheffield/Manchester/London
Hours: 37 hours/week (42 hours incl. lunch)
Working pattern: flexible working, full time, part time 
Interview locations: London/Sheffield/Manchester/Birmingham

These are exciting times at MOJ Digital and Technology. We have a clear vision - to develop a digitally-enabled justice system that works more simply for users - and we’re looking for talented people to help us achieve it.

We’re making things better by building adaptable, effective services and making systems that are simple to use for staff and citizens. It can be challenging but it’s also important and rewarding.

As well as doing great work, we’re creating a place that’s great to do work in. We offer tip-top kit, brilliant training opportunities and support from expert colleagues. On top of that, you’ll find flexible working, an inclusive culture and a place where your opinion is valued.

The Role
This role is critical to the protection of the Ministry of Justice’s technology systems and services, and the vital information they contain and process.

You are part of the Security Operations team, providing expert hands-on cyber security support to our technology systems. Your work supports constant vigilance against cyber security attacks on our systems, and effective response when attacks are detected. You are always working to find better ways to defend and protect our systems and users.

Your work involves enabling security monitoring and threat hunting activities across operational zones, and then consulting on incident investigations and creating remedial work to be undertaken by live service teams and suppliers. You will be constantly looking for ways to improve the security of our estate, working with cyber security consultants and risk advisors, to prioritise investment, and alert them to areas of increased risk.


    • Active defence of the MoJ’s digital and technology solutions against cyber security threats. Working closely with operational zone teams, and service suppliers, to ensure threats and vulnerabilities are remediated effectively. Communication of team findings to stakeholders in a clear and actionable fashion, focussing on real-world impact and with pragmatic options for resolution. 
    • Security monitoring and threat hunting across all of the department’s technology estate to seek out areas of weakness, potential problems, and active threats. 
    • Participation in IT investigations are performed effectively, lawfully, and appropriately, using the skills of the whole cyber security team as required. 
    • Development and implementation of tools and techniques to automate as much of the team’s ‘basic’ work as possible, providing continuous assurance that systems are protected against common threats. 
  • Developing and mentoring junior team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department. 


The essential skills and experience required are 

  • Strong problem solving and analytical skills, i.e. the ability to systematically think through the implications of problems to arrive at sound solutions.
  • Good knowledge of security monitoring approaches, techniques and widely-used products, to seek out security threats, and improve an organisation’s security posture. 
    • Working knowledge of security related technologies such as firewalls, WAFs, IDS/IPS systems, SIEM systems, network protocols, etc.
  • Experience of IT investigations, e-Discovery tasks, digital forensics, etc. Knowledge of appropriate processes and procedures required to effectively collect, interrogate and preserve information from a wide range of enterprise IT sources. 
    • Working knowledge of automation and orchestration SIEM platforms. Managing the chain of custody for all evidence collected during incidents and security investigations.
  • Experience with threat and vulnerability management, and other security operations processes and techniques (such as identity management, cryptography, patch management etc). Knowledge of threat to widely used digital and technology systems, including on-prem and cloud-based solutions. 
    • Knowledge of hacker methodologies and tactics (TTPs), system vulnerabilities and key indicators of attacks and exploits. Ability to perform host-based and network-based analysis across major operating systems and network device platforms
  • Enabling and informing risk based decisions - Works with risk advisors to advise and give feedback. Advise on risk impact. Propose realistic and pragmatic mitigations that address these problems, and work with the product / project team to implement these effectively into their work. 


  • Research and development experience, building and automating common security operation team processes and activities. 
  • Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale. 
  • Mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
  • Working knowledge of creating and tuning detection signatures, Indicators of Compromise (IOCs), and other content to detect malicious activity

Throughout the process we will assess your technical specialist skills and experience on the above requirements.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status or disability status.

Salary and working arrangements

If successful, the salary we offer you will be within the advertised range and will depend on the skills and experience you demonstrate at the interview.

Therefore in your cover letter it would be helpful to the hiring teams if you can indicate your salary expectations and if possible your notice period.

You’ll also get:

  • Flexible working options such as working from home or remotely, working part-time, job sharing, or working compressed hours, we have people doing it and are happy to discuss further
  • Lots of training and development opportunities
  • A civil service pensionwith an average employer contribution of 22%
  • 25 days annual leave (plus bank holidays), and an extra day off for the Queen’s birthday. No promises you’ll be invited to her party, though
  • Great maternity, adoption, and shared parental leave, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
  • Bike loans and secure bike parking (subject to availability and location)
  • Season ticket loans, childcare vouchers, and eye-care vouchers.

Selection process details

Candidates must submit:

  • a current and relevant CV;
  • a Cover letter  (1 page max) setting out why you are interested in the role and how you meet the essential skills and experience required

The job advert lists the essential, specialist skills and experience as well as key Civil Service competencies required for the role.

At the CV review/sift stage we will use the technical/specialist skills and experience to determine your suitability for the role. At the interview we ask you questions based on the specialist/technical skills and experience in the job advert. If invited to an interview we will send you a detailed Job description to help you prepare for your interviews.

We conduct competency based interviews which means the interviewers will ask open-ended questions to which they are seeking answers/evidence of essential, previous experience in order to guide their hiring decision. Some roles may also require us to use assessments as part of the interview process.

Please note that due to the volume of applications we receive we are unable to provide feedback after the CV review (sift) stage.

Things you need to know

Security and Immigration checks

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check.

Candidates will be subject to UK immigration requirements as well as Civil Service nationality rules.

If you're applying for a role requiring security clearance please be aware that foreign or dual nationality is not an automatic bar. However certain posts may have restrictions which could affect those who do not have sole British nationality or who have personal connections with certain countries outside the UK.

Nationality requirements

Open to UK, Commonwealth and European Economic Area (EEA) and certain non EEA nationals. Further information on whether you are able to apply is available here.


Candidates in their probationary period are not eligible to apply for vacancies within this department.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles.

The Civil Service embraces diversity and promotes equality of opportunity. There is a guaranteed interview scheme (GIS) for candidates with disabilities who meet the minimum selection criteria.

Contact point for applicants

For further information regarding this role please contact MoJ D&T Recruitment

Further information

All Civil Servants will adhere to the'Civil Service code’, which outlines the Civil Service's core values, and the standards of behaviour expected of all civil servants in upholding these values.

Note for Civil Servants only: If successful, the salary offered would normally be determined by applying the MoJ salary progression rules. If the appointment is on level transfer your substantive salary (excluding any allowances) will remain unchanged, unless it exceeds the maximum stated within the MoJ pay band, and unless your current salary is below the relevant MoJ grade minimum. If the appointment is on temporary or substantive promotion the salary will be increased by the appropriate promotion percentage or moved to the minimum of the relevant MoJ grade minimum, whichever is the greater.

Note for all Applicants: This post is open to UK Nationals, Commonwealth Citizens, EEA Nationals of other member states and certain non-EEA family members. There must be no employment restrictions or time limit on your permitted stay in the UK. You should normally have been resident in the United Kingdom for at least 3 years and in some cases 5 or even 10 years preceding your application due to the requirement to have a checkable history for security vetting purposes. If you answer 'No' to the questions regarding nationality then it is unlikely your application will be pursued. If you are unsure as to your eligibility on any of these points, please contact the recruitment team for clarification or advice.