Lead Cyber Security Analyst

Job summary

Across government, cyber security is fundamental to protecting critical services, safeguarding sensitive data and maintaining public trust. As cyber threats continue to evolve in scale and sophistication, organisations must strengthen their ability to detect, analyse and respond to potential incidents in real time. Ofgem plays a vital role in the UK’s energy system, protecting consumers and enabling a more secure, fair and sustainable energy future, and effective cyber security operations are essential to ensuring resilience and continuity of services.

Ofgem is on a significant transformation journey. Within the Digital, Data and Security Services (DDSS) directorate, we are strengthening our cyber security capability to support a modern, digitally enabled organisation. This includes enhancing monitoring, threat intelligence and incident response processes to ensure that risks are identified early and managed effectively.

As a Lead Cyber Security Analyst, you will play a critical role in protecting Ofgem’s systems and services. You will lead the monitoring and analysis of security events, drive improvements to detection capabilities and support the effective investigation and response to incidents. You will work across security operations, threat intelligence and vulnerability management, ensuring that the organisation remains resilient against a dynamic threat landscape.

This is a technically demanding and high-impact role, requiring strong analytical capability, experience in security operations and the ability to lead activity across complex environments. You will act as both a subject matter expert and a leader, supporting the development of capability and driving continuous improvement across cyber security operations.

Job description

You will be responsible for:

• Leading the monitoring and analysis of security events, ensuring threats are identified, investigated and responded to effectively.
• Managing the development and implementation of the monitoring roadmap, enhancing detection capabilities across the organisation.
• Overseeing the triage and investigation of security alerts using SIEM and other monitoring tools, ensuring appropriate escalation and response.
• Leading the development of automated monitoring and detection processes, improving efficiency and accuracy of threat detection.
• Managing vulnerability assessment and remediation activities, ensuring risks are prioritised and addressed using a risk-based approach.
• Leveraging threat intelligence to inform security operations, identify risks and enhance preventative controls.
• Leading incident response activities, including investigation, containment and recovery, and contributing to continuous improvement through lessons learned.
• Providing expert advice to stakeholders on security risks, mitigations and best practice.
• Supporting resilience through preparedness exercises, red teaming and continuous capability development.
• Producing reporting and insight on security posture, risks and trends for senior stakeholders.

We are looking for:

A skilled and experienced cyber security professional who can operate effectively in a complex, fast-moving environment. You will bring strong technical expertise in security operations, along with the ability to lead and influence across teams.

You may come from a security operations, threat intelligence or cyber defence background, but you will demonstrate:

• Experience working within a Security Operations environment
• Strong experience in incident detection, analysis and response across complex systems
• Expertise in intrusion detection, threat intelligence and vulnerability management
• Experience working with security tools, including SIEM and monitoring platforms
• The ability to communicate complex security issues clearly to technical and non-technical stakeholders

Relevant certifications such as SANS, GIAC or CISSP are expected (or willingness to achieve).

Experience working in government or regulated environments, and familiarity with threat landscapes relevant to energy or critical infrastructure, would be beneficial.

This is an opportunity to play a key role in safeguarding Ofgem’s digital environment. You will help ensure that systems and services are secure, resilient and capable of responding effectively to cyber threats, supporting the organisation’s mission at a time when cyber security has never been more critical.

Person specification

Essential Criteria

• Demonstrable experience in analysing incidents across a complex environment. (Lead Criteria)
• Experience in intrusion detection and analysis. (Lead Criteria)
• Experience in a Security Operations environment.
• Previous exposure to IT and network security and networking technologies and with system, security, and network monitoring tools.
• Either holds, or can achieve, SC clearance.
• SANS or GIAC Security Operations Modules or CISSP.

Desirable Criteria

• Sound awareness of the threat environment faced by government, regulatory departments and the energy industry.
• Experience with M365 and Azure-related Security tooling.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Making Effective Decisions
• Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:

• You will also be asked to prepare a presentation. Full details of the presentation will be included in the invitation to interview.

Benefits

Alongside your salary of £49,452, OFGEM contributes £14,326 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).Ofgem can offer you a comprehensive and competitive benefits package which includes; 30 days annual leave after 2 years; Excellent training and development opportunities; The opportunity to join the generous Civil Service pension which also includes a valuable range of benefits; hybrid working (currently 1 day a week in the office but this is kept under review), flexible working hours and family friendly policies. Plus lots of other benefits including clean and bright offices based centrally, engaged networks and teams and an opportunity to contribute to our ambitious and important targets of establishing a Net Zero energy system by 2050. This exciting blend of professional challenge and personal reward identifies career opportunities at Ofgem as something to get excited about.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

When you press the ‘Apply now’ button, you will be asked to complete personal details (not seen by the sift panel), your career history and qualifications.

You will then be asked to provide a 1250 word ‘personal statement’ evidencing how you meet the essential and desirable skills and capabilities listed in the role profile. Please ensure you demonstrate clearly, within your supporting statement, how you meet each of the criteria listed in the role profile. In the event of receiving a large number of applications, an initial sift may take place on just the lead criteria indicated in the essential criteria.

The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].

At Ofgem, we expect our staff to carry out their roles with honesty, fairness and openness. They should follow the Civil Service code and be free from any influence or bias. We are committed to making sure interests are recognised, declared and managed appropriately so that we can fulfil our duties as an energy regulator. Our Conflicts of Interest policy outlines the types of interests Ofgem staff must declare before onboarding, and the rules they must follow throughout employment so that we can clearly demonstrate that our decisions are not influenced by private interests.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

Working for the Civil Service

Please note this Post is NOT regulated by the Civil Service Commission.The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Amber Shankland
• Email : amber.shankland@ofgem.gov.uk

Recruitment team

• Email : recruitment@ofgem.gov.uk

Further information

Appointment to the Civil Service is governed by the Civil Service Commission’s Recruitment Principles. You have the right to complain if you feel there has been a breach of these Recruitment Principles.

In the first instance, you should raise the matter directly via recruitment@ofgem.gov.uk. If you are not satisfied with the response, you may bring your complaint to the Commission. For further information on bringing a complaint to the Civil Service Commission, please visit their website.

Attachments

DDSS Role Profile Lead Cyber Security Analyst (2B) 6-Month FTC Opens in new window (pdf, 142kB)DDSS Candidate Pack, Lead Cyber Security Analyst 6-Month FTC (1) Opens in new window (pdf, 2749kB)Terms and Conditions Opens in new window (pdf, 335kB)