Search
Header navigation
Cyber Security Monitoring Lead

Cyber Security Monitoring Lead

Crown Prosecution Service
locationSouth Yorkshire, UK
remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
IT
Full time
£43,800 - £51,470 per year

Job summary

The Senior Cyber Security Monitoring Lead plays a critical role in detecting, analysing, and responding to potential security threats that impact the organisation’s digital environment. This role aligns with the Government Security Profession’s Monitoring capability, ensuring effective log ingestion, alert identification, and early detection of malicious or anomalous activity. You will support the day‑to‑day operation of the Security Operations Centre (SOC) and contribute to improving security monitoring processes, tooling, and assurance activities.

Job description

Your roles and responsibilities:

Security Monitoring & Threat Detection

  • Monitor SIEM, SOAR, and associated security tools for alerts, anomalies, and behavioural indicators.
  • Conduct initial triage and escalate incidents based on severity and impact.
  • Support continuous review and tuning of logging rules and alert logic.
  • Maintain situational awareness of the current threat landscape.

Incident Response Support

  • Perform first‑level incident analysis and support containment actions.
  • Document investigative findings clearly for escalation and audit purposes.
  • Assist in evidence gathering and incident documentation during coordinated responses.

Log Management & Assurance

  • Monitor log ingestion health, identify gaps, and support remediation.
  • Assist with verifying log integrity, configuration, access permissions, and change control.
  • Support periodic audit activities, including producing documented evidence.

Tooling & Technical Operations

  • Use SIEM dashboards, correlation rules, threat intelligence feeds, and automation playbooks.
  • Support integration of new applications and data sources into central logging.
  • Contribute to improving automation and workflow efficiency.

Collaboration & Communication

  • Work with colleagues across Cyber Security, Operational Security, Infrastructure, and Cloud teams.
  • Share updates and insights during SOC service reviews, team meetings, and knowledge sessions.
  • Provide clear communication on incident impacts, emerging threats, and operational issues.

A copy of the full job description is attached.

Person specification

To be eligible to apply, you need to:

  • Awareness of cyber threats, attack techniques, and detection methods.
  • Understanding of SIEM, SOAR, or equivalent monitoring technologies.
  • Ability to interpret logs, alerts, and basic network or system events.
  • Strong analytical skills and problem‑solving mindset.
  • Clear written communication for incident notes and audit evidence.

It is desirable that you have the below experience but this is not required to apply:

  • Familiarity with MITRE ATT&CK and threat intelligence sources.
  • Basic scripting/automation (KQL, PowerShell, Python).
  • Experience with cloud monitoring tools.
  • Exposure to vulnerability management or endpoint detection tooling.
  • Foundation-level cyber security certifications.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Working Together
  • Changing and Improving
  • Managing a Quality Service
  • Developing Self and Others
  • Communicating and Influencing

We only ask for evidence of these behaviours on your application form:

  • Working Together
  • Changing and Improving

Benefits

Alongside your salary of £43,800, Crown Prosecution Service contributes £12,688 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Join the Crown Prosecution Service and find your purpose.

Why we work for the Crown Prosecution Service

The Crown Prosecution Service is passionate about ensuring that we're a top performing organisation and a great place to work. We're a committed equal opportunities employer, creating a culture where you can bring your whole self to work, and individuality is truly appreciated.

This culture of inclusion is underpinned by our staff networks covering disability, faith and belief, LGBTQI+, race, social mobility alongside our mental health first aiders programme and wellbeing sessions.

The Crown Prosecution Service commits to offer its employees the following experience.

  • You can do impactful, purposeful work that’s making a difference to your local communities.
  • You are able to learn and grow, with access to the right opportunities and resources.
  • We care about your wellbeing.
  • We want you to feel valued, trusted and included.

We also offer the following range of benefits:

  • Civil Service contributory pension of up to 28.9%
  • 25 days’ leave, increasing to 30 days after 5 years
  • £350 each year to spend on personal development
  • lawyer training programme for all new prosecutors
  • an extra privilege day to mark the King's birthday
  • competitive maternity, paternity and parental leave
  • flexible working including flexitime, and a family friendly approach to work
  • Cycle2Work scheme, employee savings.

Diversity at the Crown Prosecution Service is about inclusion, embracing differences and ensuring our workforce truly reflects the communities we serve. We want you to feel that you belong and can thrive, whatever your background, identity or culture. As a Disability Confident employer, we're happy to support requests for reasonable adjustments and improve your recruitment experience. If you'd like any reasonable adjustments made to our recruitment process, let us know within your application or contact Ellie.Dixon@cps.gov.uk

We want to ensure our employees can thrive at work and home and offer a range of support to achieve a balance. This includes flexibility of working hours, flexibility to support caring responsibilities and a flexible approach to deployment. We offer a hybrid working policy. You must spend at least 40% of your contracted hours over a four-week period at court, in an office or another official workplace depending on business need and the kind of work you're doing.

The Crown Prosecution Service also has a range of development programmes to support all aspiring, new and experienced managers with developing the skills, behaviours and knowledge to build their confidence and capability. Our Manager Induction Programme is mandatory for all newly appointed managers. This is a fantastic opportunity to support all our new Crown Prosecution Service managers with the tools required to perform effectively in their roles.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Strengths and Experience.

Recruitment process

Interview

The recruitment process consists of an online application, interview and assessment. These are expected to take place on Wednesday 27 May 2026 at York and Wednesday 3 June 2026 at London.

A member of our recruitment team will be in touch with guidance. If you have any queries about this, contact the Ellie.Dixon@cps.gov.uk

You should keep this date free or notify us if you're not available. We'll make every effort to accommodate your date preferences but we can't guarantee it.

Assessment

We ask you to complete an assessment as part of the recruitment process for this role. We will provide details immediately before your interview.

Personal statement

We ask you to complete a personal statement of no more than 750 words. You need to demonstrate the following experience required for this role:

  • Awareness of cyber threats, attack techniques, and detection methods.
  • Understanding of SIEM, SOAR, or equivalent monitoring technologies.
  • Ability to interpret logs, alerts, and basic network or system events.
  • Strong analytical skills and problem‑solving mindset.
  • Clear written communication for incident notes and audit evidence

It is desirable that you have the below experience but this is not required to apply:

  • Familiarity with MITRE ATT&CK and threat intelligence sources.
  • Basic scripting/automation (KQL, PowerShell, Python).
  • Experience with cloud monitoring tools.
  • Exposure to vulnerability management or endpoint detection tooling.
  • Foundation-level cyber security certifications.

In addition, you need to demonstrate the Crown Prosecution Service or Civil Service values.

Behaviours

You are also asked to complete a statement of no more than 250 words for each behaviour setting out how you consider your personal skills, qualities and experience match the specified behaviours and requirements.

  1. Working Together - LEAD BEHAVIOUR
  2. Changing and Improving

You also need to demonstrate the Crown Prosecution Service or Civil Service values.

The panel has the right to assess the lead behaviour ‘WORKING TOGETHER’ first. If the standard on this behaviour isn’t met, the other behaviours won’t be considered and your application won’t progress. The panel also has the right to raise the minimum standard pass mark. The panel may also refer to the lead behaviour at the interview stage to determine merit order.

Interview/Assessment


We use behaviours to help us understand your experience, to see if you're a good fit for the role. You are assessed against SEO in the Civil Service success profiles behaviours framework. We are assessing three behaviours at interview / assessment stage

  1. Managing a Quality Service – interview
  2. Changing & Improving – interview
  3. Developing Self & Others – interview

CV

You’re not required to upload your CV. However, when submitting your application there is a ‘CV section’. You are required to provide information about your employment and/or academic history for the past three years. The CV section will assessed.

It’s your responsibility to provide the specified information in the requested format to ensure that you're considered for the post.

If you're unable to cover three years through employment or academic history, you must provide a character reference for clearance purposes.

Strengths

Strengths are tested at interview stage - the strengths tested are not shared before the interview.

Other

This is a full-time post. We do consider requests for flexible, part-time working and job share, always considering the operational needs of the department.

Please note that the CPS is unable to offer visa sponsorship. Therefore, if you require visa sponsorship to work in the UK, you will not meet the eligibility criteria for this role.

Clearance

If successful, you are required to secure a Disclosure and Barring Service check and Security Check clearance, for which you must have a current valid UK address.

If successfully appointed, we ask you to complete a character enquiry form, nationality and immigration questionnaire and national security vetting form.

If you're a Crown Prosecution Service member of staff, you won’t need to do a Disclosure and Barring Service check as you already hold this clearance.

The job you’re applying for is covered by Article 3(a) of the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975, consequently Section 4(2) of that Act doesn’t apply.You’re required to disclose all previous convictions and cautions including spent convictions. Failing to make a full declaration will result in withdrawing your offer of employment if our checks reveal convictions that haven’t been disclosed.

To be cleared to Security Check clearanceclearance level, you have to be able to meet the residency requirement in the Cabinet Office guidance. For the Crown Prosecution Service they are:

  • Security Clearance – three years within the last five years

Reserve list

If you're recommended by the selection panel but not appointed to the current vacancy, you’re put on a reserve list for 12 months. You may be offered another Cyber Security Monitoring Lead post in Digital Information Directorate if a vacancy comes up during this period. We may also approach candidates on the waiting list to fill other roles that require similar knowledge and experience.

Feedback

We only provide feedback if you attend an interview or assessment.

Fraud check

The Crown Prosecution Service provides a Fair Processing Notice to all new applicants after they’ve been successful at interview. These candidates are informed that, as one aspect of pre-employment screening, their personal details – name, National Insurance number and date of birth – are checked against the Internal Fraud Database. We won't employ anyone included on the database unless they can demonstrate exceptional circumstances.

The Strategic Resourcing team in the Crown Prosecution Service will, on behalf of the vacancy holder, inform applicants when they are refused employment because of their inclusion in the Internal Fraud Database.

Civil Service Commission

If you’re dissatisfied with the recruitment process and wish to make a complaint, please contact Strategic.Resourcing@cps.gov.uk with your concerns.

If you remain dissatisfied and wish to make a further complaint, please click on the following link to the Civil Service Commission complaints page Recruitment Complaints - Civil Service Commission

Civil Service Commission Recruitment Principles can be found at

https://civilservicecommission.independent.gov.uk/recruitment/

Details of the Civil Service Nationality Rules are located at:

https://www.gov.uk/government/publications/nationality-rules

Candidates are subject to UK immigration requirements. For the most up-to-date information on the requirements of working in the UK, please go to the UK Visas and Immigration website at https://www.gov.uk/browse/visas-immigration/work-visas



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Attachments

NEW CPS Personal Statement Guidance 2023 Opens in new window (docx, 269kB)CPS Terms and Conditions Opens in new window (docx, 255kB)

Salary range

  • £43,800 - £51,470 per year