Job vacancy: Cyber Security Operations Technical Team Lead, UK Health Security Agency, Homeworking

Job summary

Main area

Cyber Secruity

Grade

Civil Service: Grade 7

Contract

Permanent

Hours

Full time
Part time
Job share
Flexible working

37.5 hours per week

Job ref

919-GB-62190982-EXT

Employer: UK Health Security Agency
Employer type: Public (Non NHS)
Site: Homeworking
Town: Homeworking
Salary: £54,416 - £68,344 Per annum, Pro Rata ( Market Pay Supplement from £5,000 to £15,000 )
Salary period: Yearly
Closing: 14/08/2025 23:59

Cyber Security Operations Technical Team Lead

Civil Service: Grade 7

The United Kingdom Health Security Agency (UKHSA) is a system leader for health security; taking action internationally to strengthen global health security, providing trusted advice to government and the public and reducing inequalities in the way different communities experience and are impacted by infectious disease, environmental hazards, and other threats to health.

UKHSA’s remit, as an agency with a global-to-local reach, is to protect the health of the nation from infectious diseases and other external threats to health. As the nation’s expert national health security agency UKHSA will:

Prevent: anticipate threats to health and help build the nation’s readiness, defences and health security
Detect: use cutting edge environmental and biological surveillance to proactively detect and monitor infectious diseases and threats to health
Analyse: use world-class science and data analytics to assess and continually monitor threats to health, identifying how best to control and mitigate the risks
Respond: take rapid, collaborative and effective actions nationally and locally to mitigate threats to health when they materialise
Lead: lead strong and sustainable global, national, regional and local partnerships designed to save lives, protect the nation from public health threats and reduce inequalities.

Detailed job description and main responsibilities

Detailed job description and main responsibilities

The successful individual will be expected to carry out all functions in all of the “Operations” Role Family outlined in Government Security Profession Career Framework, including:

Monitoring

Manage the monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents, and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate
Lead small monitoring teams in the design, development and enablement of automated monitoring processes, recommending and implementing the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity and ensure continuous improvement through dashboard monitoring or respective assessment

Response

Manage an organisation’s response policies and processes to meet the needs in line with appropriate standards
Manage post-incident review, including root cause analysis, to feedback information and so improve monitoring
Vulnerability Management
Manage the triage of vulnerabilities, ensuring mitigation measures are implemented, and managing the life cycle of vulnerability management for a set of assets, providing tailored advice on ways to improve control mechanisms and mitigate risks
Manage collaboration with stakeholders to create tactical plans relating to managing vulnerabilities, and oversee subsequent activities

Digital Forensics

Co-ordinate team scene investigation and capture evidence in accordance with legal guidelines to minimise disruption to the business and preserve evidentiary integrity, using specialist equipment as appropriate
Review evidence to identify breaches of policy, regulation or law

In addition to the above core skills the successful individual will be expected to:

Manage individuals within the Cyber Security Operations team which may include UKHSAs external Cyber Security partners that provide augmented resourcing.
Maintain Cyber Threat Intelligence and analysis capabilities to improve organisational understanding and awareness of technical security risks.
Contribute to strong operational relationships with internal cyber security, technology, and privacy teams to maintain efficient communication and collaboration on security issues.
You will coordinate your teams to investigate problems, implement solutions and take preventive measures and form part of an on-call rota for service continuity.
Any other responsibilities appropriate for this grade. Cyber Security Operations can be fast paced and will require a degree of flexibility.

Essential role criteria

Undergraduate degree in a STEM subject, or Professional Cyber Security qualification
Significant experience of working at tier 2 or tier 3 in a SOC
Previous management/mentoring responsibilities
Effective verbal and written communication skills
Leadership skills
Demonstrable experience with KQL or similar query language.
Demonstrable knowledge and experience of intrusion detection and analysis skills.
Demonstrable experience in cyber security incident management
Solid knowledge of various information security frameworks, for example MITRE.
Demonstrable experience of vulnerability management

Selection Process Details:

This vacancy is using Success Profiles and will assess your Behaviours, Experience and Technical skills.

All individuals must undertake a technical test, presentation and pass the interview process successfully. This allows us to set the rate of the MPS awarded successfully.

Stage 1: Application & Sift

You will be required to complete an application form. You will be assessed on the listed (10) essential criteria, and this will be in the form of a:

Application form (‘Employer/ Activity history’ section on the application)
1250 word supporting statement.

This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.

The Application form and supporting statement will be marked together.

Longlisting:

In the event of a large number of applications we will longlist into 3 piles of:

Meets all essential criteria
Meets some essential criteria
Meets no essential criteria

The following will be taken through to the next stage:

Meets all essential criteria
Meets some essential criteria

Shortlisting:

In the event of a large number of applications we will shortlist on the following:

• Significant experience of working at tier 2 or tier 3 in a SOC
• Demonstrable experience in cyber security incident management
• Previous management/mentoring responsibilities

If you are successful at this stage, you will progress to interview & assessment.

Please do not exceed 1250 words. We will not consider any words over and above this number.

Feedback will not be provided at this stage.

Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible. Please do not email us your CV.

Stage 2: Interview (success profiles)

You will be invited to a (single) remote interview.

Behaviours, technical, and experience, will be tested at interview.

You will be asked to prepare and present a 10-minute presentation. The subject of this will be sent to you prior to interview.

The Behaviours tested during the interview stage will be

Making Effective Decisions
Managing a Quality Service – Lead behaviour
Delivering at Pace
Leadership

Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Eligibility Criteria - External 

 Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).  

Location

This is a homeworking role.

Security Clearance Level Requirement  

Successful candidates must pass a disclosure and barring security check.  

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Clearance.

For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC) clearance.  UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice. 

Person specification

Application form & supporting statement

Essential criteria

Application form & supporting statement

Behaviours

Essential criteria

Making effective decisions
Managing a Quality Service – lead behaviour
Delivering at Pace
Leadership

Interview

Essential criteria

Presentation

IMPORTANT - PLEASE READ

Artificial Intelligence (AI)

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Link below:

Artificial intelligence and recruitment | Civil Service Careers

This is a Non-Reserved post under the Civil Service Nationality Rules. To be eligible for employment in the UK Civil Service applicants must meet the Civil Service Nationality Rules (CSNRs) which operate independently of and additionally to the Immigration Rules. Applicants must also meet necessary security and vetting requirements, along with any other relevant pre-employment checks.

This job is broadly open to the following groups:

UK nationals
nationals of the Republic of Ireland
nationals of Commonwealth countries who have the right to work in the UK
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

For more information on job nationality requirements and the right to work in the UK, see the Civil Service Nationality rules (opens in a new window) and the UK Visas and Immigration rules (opens in a new window)

For posts on UKHSA Civil Service terms and conditions, new entrants to the Civil Service are expected to start on the minimum of the pay band. For existing Civil Servants and roles advertised across government, the rules of transfer apply, i.e., level transfers move on current salary or the pay range minimum, transfers on promotion move to new pay range minimum or receive a 10% increase. Either case is determined by whichever is the highest.

The Civil Service pay structure and progression is different from NHS Agenda for Change (AfC), most local authority pay grades and other systems that have annual pay increments. For further details, please refer to the Information Sheet- Starting Salaries & Benefits attachment.

For AfC or Medical/Dental posts, you must have the correct professional registration to be appointed. The pay will follow the AfC or Medical & Dental terms & conditions. You may be asked to provide evidence of previous service whilst we are conducting pre-employment checks to determine your starting salary.

For Temporary Appointments, if you are not currently a civil servant, you will take up the post on a Fixed Term appointment.  You may be able to take this role up as a Secondment. If you are an existing Civil Servant, based outside of the UKHSA, you will take up the post as a loan which you will need your department to agree. You cannot take the post up as a fixed term. If you are an existing UKHSA member of staff, you will take up the post as either a level transfer or a temporary promotion as per the UKHSA’s Pay policy. 

Given the nature of the work of the UKHSA, as a Category 1 responder under the Civil Contingencies Act, you may be required in an emergency, if deemed a necessity, to redeploy to another role at short notice. You may also be required to work at any other location, within reasonable travelling distance of your permanent home address, in line with the provisions set out in your contract of employment.

Late Applications will unfortunately not be considered.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).

The Civil Service embraces diversity and promotes equality of opportunity. The law requires that selection for appointment to the Civil Service is on merit on the basis of fair and open competition, as outlined in the Civil Service Commission's Recruitment Principles.

If you feel your application has not been treated in accordance with the Recruitment Principles, and you wish to make a complaint, in the first instance, you should contact UKHSA Public Accountability Unit via  email:  [email protected] If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website here.

Reserve List - If more than the required number of suitable candidates pass the interview criteria, you may be kept on a reserve list for 12 months subject to your agreement. You may be contacted, in merit-order, if similar roles with closely matching essential criteria become available and the department choose to appoint from a reserve list.

The panel will assess if candidates meet the requirement of the role first, using a specific benchmark system. If you are interviewed for the post and do not meet the required threshold for the specified grade, your application may be assessed against a similar, lower grade role and you may be offered the post should one be available.

Interview expenses will not be reimbursed.

UKHSA is required to check employment and/or education history covering three consecutive years. Please ensure you give details of at least two different referees, even if you were employed in one company for three years or more.

If you are offered a job, information will also be transferred into the national NHS Electronic Staff Records system. Please note, all communication regarding your application will be made via email, please ensure you check your junk/spam folders as emails are sometimes filtered there.

Any move to UKHSA from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

 Benefits of working at UKHSA include:

Generous annual leave:
-26 days for the first 5 years of continuous service
-28 days after 5 years of continuous service
-32 days after 10 years of continuous service
-Plus public holidays and one privilege day for the King’s birthday
Access to a generous Defined Benefit pension scheme with employer contributions.
Access to a cycle-to-work salary sacrifice scheme, season ticket advances and payroll giving.
Access to a retail discounts and cashback site.
We also promote flexible working patterns (part-time, job-share, condensed hours). UKHSA views flexible working as essential in enabling us to recruit and retain talented people, ensuring that they are able to enjoy a long-lasting career with us. All employees have the right to apply for flexible working and there are a range of options available including working from home, compressed hours and job sharing.
We also offer a generous maternity/ paternity and adoption leave package.

Hybrid Working

UKHSA operates a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce.

As a hybrid worker, you will usually spend a minimum of 60% of your contracted hours (averaged over a month) working at one of UKHSA's locations (approximately 3 days a week pro rata) and the rest of your time working from home.

Disability Confident Scheme

The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme for candidates with disabilities who meet the minimum selection criteria at sift to ensure these candidates are invited to interview.   If you wish to be included in this scheme please tick the box on your application form.

Reasonable Adjustments

The Civil Service is committed to making sure that our selection methods are fair to everyone.

To help you during the recruitment process, we will take into account any reasonable adjustments that could help you.

An adjustment is a change to the recruitment process or an adjustment at work.

This is separate to the Disability Confident Scheme.

If you need an adjustment to be made at any point during the recruitment process you should:

Contact the recruitment team in confidence as soon as possible to discuss your needs.

You can find out more information about reasonable adjustments across the Civil Service here: https://www.civil-service-careers.gov.uk/reasonable-adjustments/

International Police Check

If you have spent more than 6 months abroad over the last 3 years you may need an International Police Check. This would not necessarily have to be in a single block, and could be time accrued over that period.

Internal Fraud check

If successful for this role as one aspect of pre-employment screening, applicant’s personal details – name, national insurance number and date of birth - will be checked against the Cabinet Office Internal Fraud Hub and anyone included on the database will be refused employment unless they can show exceptional circumstances. Currently this is only for External candidates to the Civil Service.

Security Vetting

Please check the Security Clearance needed for the role and follow the link for more information:

https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels/national-security-vetting-clearance-levels

Future location

UKHSA is investing in a new state-of-the-art National Biosecurity Centre in Harlow, Essex, which will eventually bring together teams currently based at Canary Wharf, Colindale and Porton Down. For more details, please see: Huge biosecurity centre investment to boost pandemic protection - GOV.UK.

The new facilities will start becoming operational in the mid-2030s, with full completion by 2038. Staff will move in phases as facilities become available. If you're appointed to a role currently based at Canary Wharf, Colindale or Porton Down, please note that we'll continue investing in these sites for the next decade. As we get closer to the transition, we'll provide full information about relocation support available to staff.

Mindful employer. Being positive about mental health.

Applicant requirements

The postholder will have regular contact with vulnerable people and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.

Documents to download

Apply online now

Further details / informal visits contact

Name: Gurkamal Bhambra
Job title: Resourcing
Email address: [email protected]

List jobs with UK Health Security Agency in Administrative Services or all sectors

Apply online now Alert me to similar vacancies

Find jobs in...

Featured jobs:

Senior Autism Assessor for Children and Young People (ADOS and/or ADIR trained) - Remote (Employed)

Time commitment: Full-time employment is preferred, though we can also offer part-time (minimum of 3 days per week).

Location: This is a fully remote role; however, you must permanently reside in the UK throughout your employment with Paloma.

The Opportunity

Paloma Health has developed a new gold-standard autism assessment pathway and our own Patient Record software system, which allows us to offer:

An exceptional service and timely assessments, as well as clear strengths and needs-based outcomes, regardless of whether an autism diagnosis is made.
High assessor role satisfaction by improving the experience of delivering assessments. For example, we are building an AI tool to streamline diagnostic report writing, which we know is a pressure of the role.

You will be a Senior Assessor within our multidisciplinary assessment team, delivering:

Remote developmental histories and child observations (via video calls)
Peer MDT diagnostic decision-making, with the support of the senior clinical MDT where required
Tech-enabled outcome report writing
Outcome calls with parents and families (via video call)

As a Senior Assessor, you have the opportunity to focus on delivering direct care. Furthermore, if you have the relevant experience and skills, you can take on an additional responsibility. We limit this to one responsibility to allow for focused time on that topic, rather than having your time stretched too thinly. When taking on an additional responsibility, your case volume is reduced, making time available for this focused time.

For Senior Assessors, additional responsibility options include supporting more complex cases, ensuring quality assurance, providing training, facilitating family engagement, and contributing to pathway development.

About you, and how we will support you

From a cultural perspective, you are:

Comfortable working in a dynamic environment and embracing change
Excited about using new technologies in your role
Always looking for ways to improve our staff and patient experience

We commit to supporting your development and well-being, including:

The Paloma Clinical Academy programme supports all clinicians at all stages of their careers to develop (e.g. to our additional responsibility Senior Assessor roles) and cross-skill (e.g. into ADHD when we launch that service).
1 protected day per month for assessor team training, Continuing Professional Development (CPD), clinical supervision and reflection.
Quarterly development conversations with clear career progression pathways.
Clear weekly timetables that support a role mix across appointments, documentation, development, and team building.

For full details please click below.

Autism Assessor for Children and Young People (ADOS and/or ADIR trained) - Remote (Employed)

Time commitment: Full-time employment is preferred, though we can also offer part-time (minimum of 4 days per week).

Location: This is a fully remote role; however, you must permanently reside in the UK throughout your employment with Paloma.

The Opportunity

Paloma Health has developed a new gold-standard autism assessment pathway and our own Patient Record software system, which allows us to offer:

An exceptional service and timely assessments, as well as clear strengths and needs-based outcomes, regardless of whether an autism diagnosis is made.
High assessor role satisfaction by improving the experience of delivering assessments. For example, we are building an AI tool to streamline diagnostic report writing, which we know is a pressure of the role.

You will work as a member of a multidisciplinary assessment team, delivering:

Remote developmental histories and child observations (via video calls)
Peer MDT diagnostic decision-making, with the support of the senior clinical MDT where required
Tech-enabled outcome report writing
Outcome calls with parents and families (via video call)

From a cultural perspective, you are:

Comfortable working in a dynamic environment and embracing change
Excited about using new technologies in your role
Always looking for ways to improve our staff and patient experience

We commit to supporting your development and well-being, including:

The Paloma Clinical Academy programme supports all clinicians at all stages of their careers to develop (e.g. to our Senior Assessor role) and cross-skill (e.g. into ADHD when we launch that).
1 protected day per month for assessor team training, Continuing Professional Development (CPD), clinical supervision and reflection.
Quarterly development conversations with clear career progression pathways.
Clear weekly timetables that support a role mix across appointments, administration, development, and team building.

For full details please click below.

ADOS Autism Assessor for Children and Young People - Exeter/South West England

ADOS Autism Assessor for Children and Young People, based in our Exeter clinic

Time commitment: Full-time employment is preferred, though we can also offer part-time (minimum of 3 days per week) or a self-employed role (again a minimum of 3 days per week).

Location: This role is in-person based at our Exeter, Devon clinic.

The Opportunity

Paloma Health has developed a new gold-standard autism assessment pathway and our own Patient Record software system, which allows us to offer:

An exceptional service and timely assessments, as well as clear strengths and needs-based outcomes, regardless of whether an autism diagnosis is made.
High assessor role satisfaction by improving the experience of delivering assessments. For example, we are building an AI tool to streamline diagnostic report writing, which we know is a pressure of the role.

You will work as a member of a multidisciplinary assessment team, delivering:

In-person child observations at our Exeter clinic
Peer MDT diagnostic decision-making, with the support of the senior clinical MDT where required
Tech-enabled outcome report writing
Outcome calls with parents and families (via video call)

From a cultural perspective, you are:

Comfortable working in a dynamic environment and embracing change
Excited about using new technologies in your role
Always looking for ways to improve our staff and patient experience

We commit to supporting your development and well-being, including:

The Paloma Clinical Academy programme supports all clinicians at all stages of their careers to develop (e.g. to our Senior Assessor role) and cross-skill (e.g. into ADHD when we launch that).
1 protected day per month for assessor team training, Continuing Professional Development (CPD), clinical supervision and reflection.
Quarterly development conversations with clear career progression pathways.
Clear weekly timetables that support a role mix across appointments, administration, development, and team building.

For full details please click below.

Job summary

Employer heading

Cyber Security Operations Technical Team Lead

Civil Service: Grade 7

Job overview

Main duties of the job

Working for our organisation

Detailed job description and main responsibilities

Person specification

Application form & supporting statement

Essential criteria

Behaviours

Essential criteria

Interview

Essential criteria

Working for the Civil Service

Employer certification / accreditation badges

Applicant requirements

Documents to download

Further details / informal visits contact

Find jobs in...