Cyber Security Monitoring and Investigations - Security Alert Analyst

Overview
The Cyber Security Monitoring and Investigations Team is part of the DWP Cyber Resilience Centre, and it plays a vital role in securing the DWP estate; ensuring that service delivery is not affected by potential malicious activity from either internal or external threat actors. The team operates in a dynamic environment at the forefront of the Department''s cyber protection capability. This role is for a first line monitoring analyst who will have responsibility for the initial triage of security alerts generated from across the DWP estate. We have vacancies in two areas. The job roles are the same but they have different working hours arrangements. Please specify in your application which opportunity/opportunities you are applying for.
Opportunities
Opportunity A
- Shift worker (up to 9 posts). Operating as part of a team working continental shifts to provide 24/7/365 monitoring coverage. The shift pattern is a 28-day repeating pattern with a mixture of day shifts (7am - 7pm) and night shifts (7pm - 7am) and including weekends and bank holidays. A shift allowance may be applicable.Opportunity B
- Core Hours (3 posts). Working as part of a core hours team. Working flexible hours, providing coverage between 7am and 7pm Monday to Friday.
Responsibilities
As a Security Alert Analyst you will monitor systems to detect potential indicators of compromise. You will lead the first stage categorisation and investigation of security alerts generated by analytical tools and capabilities operating across DWP systems and networks. You will be responsible for interpreting reports and dashboards and, using your knowledge of security risks and latest cyber intelligence, will ensure an effective response to alerts. Where appropriate you will escalate potential incidents, collating and presenting all necessary information to others, to enable immediate and accurate investigations.You will use malware analysis tools as appropriate to support your decision-making.You will support the development of theoretical rules to test and deploy across large data sets and will continually review and refine those rules to ensure high quality outputs are maintained and supplied to operational stakeholders.Responsibilities also include: effectively using security tooling including Security Information and Event Management (SIEM) platforms and open-source intelligence to identify security compromises within large amounts of complex data; in-depth analysis of reports and dashboards; maintaining knowledge of the latest security threats and indicators of compromise; proactive interrogation of activity captured in system logs and large data sets to determine if systems have been compromised; using intelligence to ensure appropriate response actions; providing input to investigations through technical knowledge and cyber intelligence; and applying malware analysis tools to support analysis and decision making.Work within the confines of relevant legislation as it applies to cyber security and digital forensics activities; provide timely intervention to protect the DWP IT estate through initiating containment processes to isolate and prevent the spread of malware; drive forward the development of monitoring systems and supporting processes and playbooks to review and continually improve capabilities; demonstrate strong knowledge of information security concepts and current IT security, data protection and information risk principles and technologies; ensure that all team activities comply with legal and internal requirements and that all evidence produced from investigations is suitable for use in disciplinary or legal actions; ensure the Department''s data is used safely, proportionately and legally at all times; support remedial activity as a result of identified weaknesses within the estate; manage multiple priorities and respond flexibly to competing demands; line management of apprentices.Disability Confident: A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to ..... full job details .....