Job summary
- Main area
- Cyber Secruity
- Grade
- Civil Service: Senior Executive Officer (SEO)
- Contract
- Permanent
- Hours
- Full time
- Part time
- Job share
- Flexible working
- Home or remote working
- Job ref
- 919-GB-62190984-EXT
- Employer
- UK Health Security Agency
- Employer type
- Public (Non NHS)
- Site
- Homeworking
- Town
- Homeworking
- Salary
- £40,661 - £50,472 Per annum, Pro Rata. (Market Pay Supplement min - Up to £3,350, max -Up to £10,000)
- Salary period
- Yearly
- Closing
- 30/07/2025 23:59
Employer heading

Cyber Security Operations Technical Team Member
Civil Service: Senior Executive Officer (SEO)
Job overview
Do you have a passion for Cyber Security?
Do you have experience as a cyber security professional, working as part of a Security Operations team?
Are you interested in working for an organisation that truly champions a healthy work/life balance?
If so, continue reading to find out more about this fantastic opportunity to join UKHSA Cyber Security.
Now is a great time to join us as we establish a team of outstanding people in the field of Cyber Security Operations. This is a chance to work on services that matter and affect the lives of millions of citizens.
UKHSA’s Cyber Security Operations team is responsible for the operational cyber security of UKHSA.
We are looking for an enthusiastic Cyber Security Operations Team Member, with great technical and collaborative skills. In this role you will participate in areas such as security engineering, protective monitoring, vulnerability management and incident response.
Main duties of the job
Reporting to a Cyber Security Operations Team Lead you will be a part of the UKHSA Security Operations team, to ensure effective delivery of security operations projects and BAU delivery into the business. You will also support in complex incident management, including response activities, working with technical staff and suppliers to detect, contain and remediate security events and risks. The role can be fast paced and reactionary when dealing with a live incident.
You will manage networks of internal and external stakeholders. You will have a technical background in cyber security operations, with some knowledge of key security technologies, frameworks and best practices.
Working for our organisation
We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce. UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all. Please visit our careers site for more information https://gov.uk/ukhsa/careers
Detailed job description and main responsibilities
Detailed job description and main responsibilities
The successful individual will be expected to carry out all functions in all of the “Operations” Role Family outlined in Government Security Profession Career Framework, including:
Monitoring
- Monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate
- Design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity and ensure continuous improvement through dashboard monitoring or retrospective assessment
Response
- Carry out UKHSA’s response policies and processes to meet the needs in line with appropriate standards
- Provide standardised advice on mitigation, escalating to a team leader where appropriate
Vulnerability Management
- Triage and prioritise vulnerabilities, implement mitigating measures, and support in the life cycle of vulnerability management, providing standardised advice on ways to improve control mechanisms and mitigate risk
- Communicate common mitigation strategies such as patching and basic configuration change (system hardening)
Digital Forensics
- Support the application of forensic readiness policy and work with other teams to ensure its implementation
- Analyse evidence to identify breaches of policy, regulation or law
In addition to the above core skills the successful individual will be expected to:
- Contribute to strong operational relationships with internal cyber security, technology, and privacy teams to maintain efficient communication and collaboration on security issues.
- Any other responsibilities appropriate for this grade. Cyber Security Operations can be fast paced and will require a degree of flexibility.
Essential role criteria
- An interest in cyber security
- A proactive approach to investigating data in a work or educational environment
- Demonstrable ability to analyse and interpret data
- Effective verbal and written communication skills
- Knowledge of Common Security Vulnerabilities (CVEs) and remediation techniques
- Solid operational knowledge of working with Threat Intelligence Platforms, SIEM appliances, or intelligence feeds that have been acquired in large organisations
- Experience with large LANs and cloud environments, preferably AWS/Azure
Selection Process Details:
This vacancy is using Success Profiles and will assess your Behaviours, Experience and Technical skills.
Stage 1: Application & Sift
You will be required to complete an application form. You will be assessed on the listed (7) essential criteria, and this will be in the form of a:
- Application form (‘Employer/ Activity history’ section on the application)
- 750 word supporting statement
This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.
The Application form and supporting statement will be marked together.
Longlisting:
In the event of a large number of applications we will longlist into 3 piles of:
- Meets all essential criteria
- Meets some essential criteria
- Meets no essential criteria
The following will be taken through to the next stage:
- Meets all essential criteria
- Meets some essential criteria
Shortlisting:
In the event of a large number of applications we will shortlist on the following:
- Solid operational knowledge of working with Threat Intelligence Platforms, SIEM appliances, or intelligence feeds that have been acquired in large organisations
- Demonstrable ability to analyse and interpret data
If you are successful at this stage, you will progress to interview & assessment
Please do not exceed 750 words. We will not consider any words over and above this number.
Feedback will not be provided at this stage.
Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible. Please do not email us your CV
Stage 2: Interview (success profiles)
You will be invited to a (single) remote interview.
Behaviours, technical, and experience will be tested at interview.
The Behaviours tested during the interview stage will be
- Making Effective Decisions
- Managing a Quality Service – Lead behaviour
- Delivering at Pace
- Working Together
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Eligibility Criteria - External
Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).
Location
Remote working (anywhere in the UK).
Security Clearance Level Requirement
Successful candidates must pass a disclosure and barring security check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Clearance.
For meaningful National Security Vetting checks to be carried out individuals need to have lived in the UK for a sufficient period of time. You should normally have been resident in the United Kingdom for the last 5 years as the role requires Security Check (SC) clearance. UK residency less than the outlined periods may not necessarily bar you from gaining national security vetting and applicants should contact the Vacancy Holder / Recruiting Manager listed in the advert for further advice.
Person specification
Application form & supporting statement
Essential criteria
- Application form & supporting statement
Behaviours
Essential criteria
- Making Effective Decisions
- Managing a Quality Service – Lead behaviour Delivering at Pace
- Delivering at Pace
- Working Together
Applicant requirements
The postholder will have regular contact with vulnerable people and as such this post is subject to the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (Amendment) (England and Wales) Order 2020 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service to check for any previous criminal convictions.
Documents to download
Further details / informal visits contact
- Name
- Gurkamal Bhambra
- Job title
- Resourcing
- Email address
- [email protected]
List jobs with UK Health Security Agency in Administrative Services or all sectors