Search
Header navigation
Associate Cyber Detect and Respond Analyst (Ref: 14963)

Associate Cyber Detect and Respond Analyst (Ref: 14963)

Ministry of Justice
remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
Flexible
£35,335 - £42,859 per year

Job summary

Please refer to Job Description

Job description

Associate Cyber Detect and Respond Analyst

Location: National*

Closing Date: 3rd March

Interviews: W/C 23rd March (subject to change)

Grade: HEO

(MoJ candidates who are on a specialist grade, will be able to retain this grade on lateral transfer)

Salary: National: £35335 - £37847 (which may include an allowance of up to £1203). London: £40,014 – £42,859 (which may include an allowance of up to £474).

Working pattern: Full-time, part-time, flexible working, job share.

Contract Type: Permanent.

*We offer a hybrid working model, allowing for a balance between remote work and time spent in your local office. Office locations can be found ON THIS MAP

The Role

We’re recruiting for Associate Cyber Detect and Respond Analysts

here at Justice Digital, to be part of our warm and collaborative SOC team

This role aligns against Monitoring Associate from the Government Security Profession framework.

The purpose of this role is to proactively monitor, analyse, and respond to security logs, alerts, and incidents to detect and mitigate potential threats to the Ministry of Justice (MoJ). This role involves conducting thorough triage, initiating appropriate response actions within defined procedures, and escalating complex or high-risk security incidents to senior analysts. The analyst contributes to incident resolution efforts, supports continuous improvement of detection and response capabilities, and helps maintain the organisation’s security posture

Operating with a degree of autonomy, this role bridges the gap between the junior detect analyst's duties and senior detect and response SOC analysts.

Key Responsibilities:

● Independently investigates cases involving cyber security incidents, suspected data breaches, intellectual property theft, insider threat investigations, fraud and abuse, asset misuse, and violations of MoJ / Civil Service Security Policy.

● Analyses device and application logs from a variety of sources (Endpoints, Cloud, Networks, etc.) to identify anomalies or evidence of compromise.

● Responsible for preserving electronically stored information (ESI) data from a variety of platforms and sources during, and after an investigation; including laptops, servers, and cloud services in a manner that follows industry best practices and maintains integrity.

● Contributes to the development and refinement of detailed procedures and plays an active role in analysing and responding to an escalating cyber security incident.

● Supports excellent working relationships with stakeholders, management, and infrastructure support teams across the MoJ.

● Line Management/People Management responsibilities.

● Understanding and interpreting the output from security monitoring systems.

● Remaining calm under pressure ensuring consistent and reliable performance during security incidents whilst providing support to Senior SOC analysts.

● Building strong working relationships through collaborating with other specialists, in a variety of roles across the MOJ and with external stake holders.

● Working methodically, helping to develop and follow defined processes, even when they are complex or detailed in nature.

● Maintain accurate and detailed records of actions taken, ensuring traceability and accountability in all activities.

If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!Benefits

● 37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.

● A £1k per person learning budget is in place to support all our people, with access to best in class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms

● Staff have 10% time to dedicate to develop & grow

● Generous civil service pension based on defined benefit scheme, with employer contributions of 28.97% from April 1st 2024 (Contribution Rates)

● 25 days leave (plus bank holidays) and 1 privilege day usually taken around the King’s birthday. 5 additional days of leave once you have reached 5 years of service.

● Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!

● Wellbeing support including access to the Calm app.

● Nurturing professional and interpersonal networks including those for Carers & Childcare, Gender Equality, PROUD and SPIRIT

● Bike loans up to £2500 and secure bike parking (subject to availability and location)

● Season ticket loans, childcare vouchers and eye-care vouchers.

● 5 days volunteering paid leave.

● Some offices may have a subsidised onsite Gym.

Person Specification

Essential criteria -

● Experience working in, or demonstrable understanding of, a cyber monitoring and incident response environment.

● Holds or is actively working towards relevant professional qualifications in Security Operations, Information Security (e.g., CompTIA CySA+, Security+, GSEC, SSCP) or equivalent learning.

● Strong understanding of cybersecurity principles, threat detection methodologies, digital forensics, and common attack vectors.

● Demonstrable experience in analysing security logs and alerts from diverse sources (e.g., endpoints, cloud, network infrastructure).

● Proven ability to conduct initial triage and incident response actions independently, escalating when appropriate.

● Excellent analytical and problem-solving skills, with a methodical and detail-oriented approach.

● Strong written and verbal communication skills, including the ability to document incidents clearly and concisely.

● Experience working under pressure during live incidents, maintaining composure and accuracy.

● Ability to collaborate effectively with internal teams and external stakeholders to support incident resolution and continuous improvement.

Willingness to be assessed against the requirements for SC clearance.

We welcome the unique contribution diverse applicants bring and do not discriminate based on culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.

Our values are Purpose, Humanity Openness and Together. Find out more here about how we celebrate diversity and an inclusive culture in our workplace

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy

How to Apply

Candidates must submit a CV and a separate statement of suitability (of no more than 750 words), which describes how you meet the requirements set out in the Person Specification above. Candidates who do not submit both a CV and a separate statement of suitability will not be invited to attend an interview.

Application Guidance

Please access the following link for guidance on how to apply and how to complete a Personal Statement

Application Guidance

In Justice Digital, we recruit using a combination of the Government Digital and Data Profession Capability,Success Profiles and Government Security Profession Frameworks. We will assess your Experience.

A diverse panel will review your application against the Person Specification above.

Successful candidates who meet the required standard will then be invited to a 1-hour panel interview held via video conference.

Should we receive a high volume of applications, a pre-sift based on the following criteria will be conducted before the sift -

- Experience working in, or demonstrable understanding of, a cyber monitoring and incident response environment.

- Holds or is actively working towards relevant professional qualifications in Security Operations, Information Security (e.g., CompTIA CySA+, Security+, GSEC, SSCP) or equivalent learning.

- Strong understanding of cybersecurity principles, threat detection methodologies, digital forensics, and common attack vectors.

At the sift stage, candidates will be assessed on the following criteria -

- Experience working in, or demonstrable understanding of, a cyber monitoring and incident response environment.

- Holds or is actively working towards relevant professional qualifications in Security Operations, Information Security (e.g., CompTIA CySA+, Security+, GSEC, SSCP) or equivalent learning.

- Strong understanding of cybersecurity principles, threat detection methodologies, digital forensics, and common attack vectors.

- Experience working under pressure during live incidents, maintaining composure and accuracy

At the interview stage, candidates will be assessed on all essential criteria.

We are currently recruiting for several positions within our Digital Infrastructure and Security Operations (DISO) team.
At the end of the campaign, applicants who meet the interview pass mark but are not offered one of the advertised roles may be considered for alternative, similar positions through our reserve list, should any become available.
Further details will be shared with candidates who meet the minimum requirements following the interview stage.

Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.

A reserve list may be held for up to 12 months, from which further appointments may be made.

Use of Artificial Intelligence

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Terms & Conditions

Please review our Terms and Conditions which set out how we recruit and provide further information related to the role and salary arrangements.

If you have any questions, please feel free to contact digitalanddatarecruitment@justice.gov.uk

Person specification

Please refer to attached Job Description

Benefits

Alongside your salary of £35,335, Ministry of Justice contributes £10,236 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Access to learning and development
  • A working environment that supports a range of flexible working options to enhance your work life balance
  • A working culture which encourages inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%
  • Annual Leave
  • Public Holidays
  • Season Ticket Advance



For more information about the recruitment process, benefits and allowances and answers to general queries, please click the below link which will direct you to our Candidate Information Page.

Link: https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

Candidates must submit a CV and a separate statement of suitability (of no more than 750 words), which describes how you meet the requirements set out in the Person Specification above. Candidates who do not submit both a CV and a separate statement of suitability will not be invited to attend an interview.

Application Guidance

Please access the following link for guidance on how to apply and how to complete a Personal Statement

Application Guidance

In Justice Digital, we recruit using a combination of the Government Digital and Data Profession Capability,Success Profiles and Government Security Profession Frameworks. We will assess your Experience.

A diverse panel will review your application against the Person Specification above.

Successful candidates who meet the required standard will then be invited to a 1-hour panel interview held via video conference.

Should we receive a high volume of applications, a pre-sift based on the following criteria will be conducted before the sift -

  • Experience working in, or demonstrable understanding of, a cyber monitoring and incident response environment.
  • Holds or is actively working towards relevant professional qualifications in Security Operations, Information Security (e.g., CompTIA CySA+, Security+, GSEC, SSCP) or equivalent learning.
  • Strong understanding of cybersecurity principles, threat detection methodologies, digital forensics, and common attack vectors.

At the sift stage, candidates will be assessed on the following criteria -

  • Experience working in, or demonstrable understanding of, a cyber monitoring and incident response environment.
  • Holds or is actively working towards relevant professional qualifications in Security Operations, Information Security (e.g., CompTIA CySA+, Security+, GSEC, SSCP) or equivalent learning.
  • Strong understanding of cybersecurity principles, threat detection methodologies, digital forensics, and common attack vectors.
  • Experience working under pressure during live incidents, maintaining composure and accuracy.

At the interview stage, candidates will be assessed on all essential criteria.

We are currently recruiting for several positions within our Digital Infrastructure and Security Operations (DISO) team.
At the end of the campaign, applicants who meet the interview pass mark but are not offered one of the advertised roles may be considered for alternative, similar positions through our reserve list, should any become available.
Further details will be shared with candidates who meet the minimum requirements following the interview stage.

Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.

A reserve list may be held for up to 12 months, from which further appointments may be made.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. If you feel a department has breached the requirement of the Recruitment Principles and would like to raise this, please contact SSCL (Moj-recruitment-vetting-enquiries@gov.sscl.com) in the first instance. If the role has been advertised externally (outside of the Civil Service) and you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: http://civilservicecommission.independent.gov.uk/civil-service-recruitm…

https://www.jobtrain.co.uk/justicedigital/Job/JobDetail?JobId=986

Attachments

JD - Associate Cyber Detect and Respond Analyst (5) Opens in new window (docx, 46kB)

Salary range

  • £35,335 - £42,859 per year