Search
Header navigation
Incident Response Principal Analyst (Ref: 17499)

Incident Response Principal Analyst (Ref: 17499)

Ministry of Justice
remoteHybrid
ExpiresExpires: Expiring in less than 3 weeks
Flexible
£58,511 - £70,725 per year

Job summary

This position is based Nationally

Job description

Incident Response Principal Analyst

Location: National*

Closing Date: 28 May2026

Interviews: w/c 15 June

Grade: Grade 7 (MoJ candidates who are on a specialist grade, will be able to retain this grade on lateral transfer)

Salary**: National: £58,511 - £73,450 which may include an allowance up to £14,939: London: £63,343 - £78,225 which may include an allowance up to (£14,882)

Working pattern: Full-time, Part-time, Flexible working

Contract Type: Permanent

Number of vacancies: 2

Vacancy number: 17499

*We offer a hybrid working model, allowing for a balance between remote work and time spent in your local office. Office locations can be found ON THIS MAP

Please note that unless you are an existing member of staff at Justice Digital, Data and Science, the only London location being recruited to is 10 South Colonnade, E14 4PU. We are no longer recruiting to 102 Petty France, SW1H 9AJ.

The Role

Please note this role requires you to pass Security Check clearance. Please click on the link for details.

We’re recruiting for two Principal Analysts – Detect and Respond here at Justice Digital, Data and Science to be part of our warm and collaborative Security Operation Centre (SOC) area.

This role aligns against Monitoring Principal / Response Principal from the Government Security Profession Framework

The Security Operations Centre (SOC) at the Ministry of Justice (MOJ) is seeking highly motivated and experienced Principal Analysts - Response to provide leadership and direction to our incident response.

The MOJ SOC is consolidating significant development to its people, processes and technology and is now responsible for protecting a significantly increased number of MOJ and HMCTS IT services. These roles will be a key part of the leadership team with a specific focus on cyber incident management.

You will play a critical role in safeguarding the MoJ’s IT infrastructure, assets, and data by leading the SOC’s response to cyber incidents. In addition to ensuring that the team responds to incidents effectively you will lead the ongoing continuous improvement, building on lessons learned and best practice. You will help to improve and develop SOC processes to maximise efficiency and effectiveness and aligned with best practices.

You’ll receive a range of excellent benefits when you join our department, including:

  • A generous employer pension contribution of 28.97% through the Civil Service Pension Scheme.
  • 25 days of annual leave, (increasing to 30 days once you have reached 5 years of service),plus 8 bank holidays and a privilege day for the King’s birthday.
  • Flexible working arrangements including hybrid working, working part time or compressed hours. Designed to support a positive work–life balance.
  • Employees are allocated 10% of their working time for personal and professional development.
  • A £1k per person learning budget is in place to support all our people, with access to best-in-class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms.
  • Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!

You can find more details of the Benefits we offer here. To help picture your life at MoJ Justice Digital, Data and Science please take a look at our blog.

Key Responsibilities:

  • Lead SOC incident response.
  • Lead and mentor Security Analysts to support effective incident management.
  • Oversee the investigation and escalation of security incidents according to established procedures.
  • Represent the SOC on Major Incident Bridge Calls, directing SOC effort as required.
  • Identify and drive implementation of necessary adjustments to MOJ cyber incident response strategies and processes.
  • Drive development and maintenance of SOC playbooks and procedures for efficient incident response.
  • Identify and use metrics to analyse trends and generate security reports. Identify risks and areas for improvement.
  • Support fostering a collaborative and high-performing team environment, providing coaching and development opportunities for more junior team members.
  • Develop goals and performance metrics for incident response in line with business needs.

If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!

Person Specification

Essential

  • Proven experience leading and mentoring a security analyst team
  • Proven experience managing cyber security incidents
  • Substantial experience in a Security Operations Centre (SOC) environment
  • Strong understanding of security best practices, frameworks (MITRE ATT&CK, etc.), and incident response methodologies
  • Excellent analytical, problem-solving, and decision-making skills.
  • Effective communication and collaboration skills.
  • Ability to work effectively under pressure and manage multiple tasks simultaneously.
  • Strong understanding of security risk and how it is applied to incident management.

Willingness to be assessed against the requirements for SC clearance

We welcome the unique contribution diverse applicants bring and do not discriminate based on culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.

Our values are Purpose, Humanity Openness and Together. Find out more here about how we celebrate diversity and an inclusive culture in our workplace.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

Salary Information**

Base salary for this role is from National: £58,511 - £65,329 , London: £63,343 - £70,725

  • New entrants to the Civil Service joining the MoJ are expected to start at the minimum of the pay band.
  • Existing Civil Servants moving on a level transfer will retain their current base salary or move to the minimum of the pay band for the role, whichever is higher.
  • Existing Civil Servants who are promoted will either move to the bottom of the new grade’s pay band or receive a 10% uplift, whichever provides the greater increase.
  • Candidates may also be eligible for a non‑pensionable Government Digital & Data Allowance of up to £14,882per year (London) or£14,939(National). This is a temporary allowance, reviewed annually and may be retained, amended, or withdrawn.

The final offer will reflect the skills and experience you demonstrate during the assessment process.

How to Apply

In Justice Digital, Data and Science, we recruit using a combination of the Government Security Profession Framework andSuccess Profiles Frameworks. We shall assess a combination of your Experience, Technical skills and Behaviours during the assessment process.

Stage 1 - Application and sift:

To apply for this position, you must submit the following as part of your application

  • A CV detailing your career history (including any relevant qualifications). Your CV will be assessed against the essential criteria outlined within the Person Specification of this advert.
  • A Personal Statement (no more than 750 words) which should outline your experience and skills, giving clear examples of work undertaken. It should specifically address the following 8 criteria listed below, using a separate paragraph for each.
  • Proven experience leading and mentoring a security analyst team.
  • Proven experience managing cyber security incidents.
  • Substantial experience in a Security Operations Centre (SOC) environment
  • Strong understanding of security best practices, frameworks (MITRE ATT&CK, etc.), and incident response methodologies.
  • Excellent analytical, problem-solving, and decision-making skills
  • Effective communication and collaboration skills.
  • Ability to work effectively under pressure and manage multiple tasks simultaneously.
  • Strong understanding or security risk and how it is applied to incident management.

A diverse sift panel will review the information in your CV and Personal Statement to assess the sift criteria specified above. We operate an anonymous shortlisting process. Please ensure your CV and Personal Statement do not include your name or any other identifying details.

Should we receive a high volume of applications, a pre-sift based on Proven experience in a Security Operations Centre (SOC) environment will be conducted before the sift.

Please access the following link for guidance on how to apply - Application Guidance

Stage 2 - Interviews:

Successful candidates who meet the required standard will then be invited to a panel interview held via Microsoft Teams. At interview stage, you will be assessed against the following Success Profile elements - Experience, Technical and the following Behaviours:

  • Leadership
  • Making effective decisions
  • Delivering at pace

  • Appointments are made strictly in merit order. In the event that two or more candidates receive identical interview scores Proven experience managing cyber security incidents will be applied as the primary lead criterion to determine the final merit order.

Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.

A reserve list may be held for up to 12 months, from which further appointments may be made.

Use of Artificial Intelligence

Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Terms & Conditions

Please review our Terms and Conditions which set out how we recruit and provide further information related to the role and salary arrangements.

If you have any questions, please feel free to contact digitalanddatarecruitment@justice.gov.uk

Person specification

Please refer to attached Job Description

Benefits

Alongside your salary of £58,511, Ministry of Justice contributes £16,950 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.
  • Access to learning and development
  • A working environment that supports a range of flexible working options to enhance your work life balance
  • A working culture which encourages inclusion and diversity
  • A Civil Service pension with an employer contribution of 28.97%
  • Annual Leave
  • Public Holidays
  • Season Ticket Advance


For more information about the recruitment process, benefits and allowances and answers to general queries, please click the below link which will direct you to our Candidate Information Page.

Link: https://justicejobs.tal.net/vx/candidate/cms/About%20the%20MOJ

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

In Justice Digital, Data and Science, we recruit using a combination of the Government Security Profession Framework andSuccess Profiles Frameworks. We shall assess a combination of your Experience, Technical skills and Behaviours during the assessment process.

Stage 1 - Application and sift:

To apply for this position, you must submit the following as part of your application

  • A CV detailing your career history (including any relevant qualifications). Your CV will be assessed against the essential criteria outlined within the Person Specification of this advert.
  • A Personal Statement (no more than 750 words) which should outline your experience and skills, giving clear examples of work undertaken. It should specifically address the following 8 criteria listed below, using a separate paragraph for each.
  • Proven experience leading and mentoring a security analyst team.
  • Proven experience managing cyber security incidents.
  • Substantial experience in a Security Operations Centre (SOC) environment
  • Strong understanding of security best practices, frameworks (MITRE ATT&CK, etc.), and incident response methodologies.
  • Excellent analytical, problem-solving, and decision-making skills
  • Effective communication and collaboration skills.
  • Ability to work effectively under pressure and manage multiple tasks simultaneously.
  • Strong understanding or security risk and how it is applied to incident management.

A diverse sift panel will review the information in your CV and Personal Statement to assess the sift criteria specified above. We operate an anonymous shortlisting process. Please ensure your CV and Personal Statement do not include your name or any other identifying details.

Should we receive a high volume of applications, a pre-sift based on Proven experience in a Security Operations Centre (SOC) environment will be conducted before the sift.

Please access the following link for guidance on how to apply - Application Guidance



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. If you feel a department has breached the requirement of the Recruitment Principles and would like to raise this, please contact SSCL (Moj-recruitment-vetting-enquiries@gov.sscl.com) in the first instance. If the role has been advertised externally (outside of the Civil Service) and you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: http://civilservicecommission.independent.gov.uk/civil-service-recruitm…

https://www.jobtrain.co.uk/justicedigital/Job/JobDetail?JobId=1043

Attachments

Incident Response Principal Analysts G7 - Advert (1) Opens in new window (docx, 41kB)

Salary range

  • £58,511 - £70,725 per year