Security Operations Centre (SOC) - Cyber Security Analyst

Job summary

Important Information

Please note that these posts are open to sole UK nationals only. Candidates who hold dual nationality, a student visa or right‑to‑reside status are not eligible to apply. If you are unsure about your eligibility, please contact us prior to submitting an application.

About Us

Cyber & Specialist Operations Command (CSOC) develops and operates specialist capabilities to defend the UK across all domains, keeping the nation secure at home and strong abroad. In response to an increasingly contested cyber environment, CSOC has established the Defence Cyber and Electromagnetic Force (DCEMF).

DCEMF brings together military expertise, Defence cyber professionals and industry partners to strengthen digital defence capabilities, anticipate emerging threats and protect UK military networks from persistent and sophisticated cyber attacks.

We operate at the forefront of data science, automation and cyber security at scale. Our work extends beyond the battlefield, supporting humanitarian operations and driving digital innovation that delivers real‑world impact.

▶ Watch to find out more about what we do.

Passionate about using your skills to make a critical difference? Your next career move could be here.

Job description

Cyber Security Analyst (Security Operations Centre)

The Global Operations and Security Control Centre (GOSCC) delivers a coordinated and coherent approach to cyber defence across Defence. Within GOSCC, the Security Operations Centres (SOCs) provide 24/7/365 defensive monitoring and incident response, underpinning MOD Defensive Cyber Operations and enabling freedom of action in cyberspace.

As a Cyber Security Analyst within the SOC, you will play a critical role in protecting the MOD’s digital enterprise. Working in a fast‑paced operational environment, you will monitor, detect, analyse and respond to cyber security incidents, ensuring the confidentiality, integrity and availability of Defence information systems.

You will use a range of protective monitoring platforms, SIEM tooling and network analysis capabilities to identify malicious activity and emerging threats. Drawing on multiple data sources, you will conduct detailed security log analysis, event correlation and threat intelligence assessment to proactively identify risks to MOD networks and systems.

Your role will involve researching, analysing and correlating data across a wide variety of sources to identify indications and warnings of potential compromise. You will validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools, ensuring alerts are timely, accurate and actionable.

You will support and, where required, lead incident response activity, including containment, investigation, technical analysis and reporting. This includes contributing to major incident response efforts and supporting lessons learned to strengthen Defence cyber resilience.

In addition, you will contribute to the development and enhancement of SOC monitoring capabilities by supporting the design and implementation of automated monitoring and detection processes. You will work with the latest SIEM and network analysis tools, techniques and procedures to continuously improve detection coverage and operational effectiveness.

The role also includes providing operational guidance, advice and support to colleagues within the SOC, including coaching and mentoring team members to maintain high professional standards and effective team performance.

This post offers an opportunity to operate at the heart of Defence cyber operations, directly contributing to the protection of critical systems and information in an increasingly contested cyber domain.

Person specification

Please ensure that your CV and application clearly demonstrate how you meet the essential criteria below.

Essential Criteria

You will be expected to demonstrate:

• Knowledge and understanding of core cyber security principles, methodologies and frameworks (for example, MITRE ATT&CK), and how these apply to current cyber threats.
• Experience of, or a clear understanding of, networking fundamentals and security concepts.
• Familiarity with cyber security technologies and tooling, such as firewalls, endpoint protection, SIEM platforms, and/or other security monitoring tools.

You will also need to demonstrate:

• A strong analytical mindset, with the ability to approach complex problems in a structured and methodical way.
• Excellent communication skills, both written and verbal.
• The ability to prioritise and manage your own workload with minimal supervision.
• The ability to communicate technical information clearly to non‑technical audiences and produce concise, accurate reports for senior stakeholders.

Desirable Attributes

• A strong interest in cyber security, with a commitment to developing skills in security monitoring, incident response and the use of SIEM tooling.
• Willingness to learn and contribute to continuous network and security monitoring in an operational environment.

Training and Development

If not already held, you will have the opportunity to gain the following (or equivalent) certifications while in post:

• GIAC Certified Detection Analyst (GCDA)
• GIAC Continuous Monitoring (GMON)
• GIAC Cloud Threat Detection (GCTD)

If you are not already a member of a relevant professional body, support will be available to assist you in joining one.

Additional Information

You will be a key member of a small (approximately 5‑person) team operating a 24/7/365 shift-based working pattern.

• Shifts include both days and nights and are rostered in blocks of four and five, with equivalent rest periods.
• All shifts have mandatory start and finish times; further details will be provided at interview.
• The role attracts a regular shift allowance and weekend premiums.
• A Digital Skills Allowance (DSA) of up to £9,000 per annum may be payable, dependent on competence, and paid in staged increments.

The normal place of work is MOD Corsham, Wiltshire. Some hybrid working may be possible following successful completion of the probation period. There may be occasional UK travel for meetings, training or operational reasons.

This role requires a high level of security clearance. Applicants must normally have been resident in the UK for at least the last 10 years.

Please note: This vacancy is open to sole UK nationals only. Applicants who hold dual nationality, a student visa or right to reside status are not eligible. If you are unsure about your eligibility, please contact us prior to applying.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Making Effective Decisions

Technical skills

We'll assess you against these technical skills during the selection process:

• Cyber Security Operations
• Intrusion Detection and Analysis
• Threat Understanding

Benefits

Alongside your salary of £30,740, Ministry of Defence contributes £8,905 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Our benefits package includes:

• Learning and development tailored to your role, with a dedicated minimum of 5 days per year
• 25 days paid annual leave, increasing by one day per year to 30 days after five years’ service
• Ability to carry over up to 10 days of annual leave each year (subject to policy)
• Public and privilege leave, including 8 public holidays per year and an additional day for HM The King’s Birthday
• A Civil Service pension with an employer contribution of 28.97%
• Parental and adoption leave provisions
• Access to a wide range of discounts and savings, including the Defence Discount Service, Civil Service Sports and Leisure clubs, and offers on healthcare, insurance, motoring and retail brands
• In-year reward and recognition schemes, including vouchers and gift cards
• A workplace culture that encourages inclusion, diversity and wellbeing.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

MOD Recruitment Satisfaction Survey – We may contact you regarding your experience to help us improve our customer satisfaction. The survey is voluntary and anonymous. You may however be given the opportunity to provide additional information to help us improve our service which includes the collection of some personal data as defined by the United Kingdom General Data Protection Regulation (UK GDPR). The MOD Privacy Policy Notice sets out how we will use your personal data and your rights.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

This vacancy uses the Civil Service Success Profiles framework and will assess candidates against Behaviours and Technical Skills.

To apply, please complete a CV, ensuring it clearly demonstrates how you meet the essential criteria in the person specification.

It is essential that all applicants submit a personal statement (maximum 1,250 words). This will be assessed against your responses to the questions below. Each response will be scored and will contribute to your overall assessment for interview selection.

Please address the following in your personal statement:

1. Describe your experience of monitoring and incident response within a cyber or digital services environment.
2. Describe a time when you gathered technical information from multiple sources to reach a conclusion or make a decision in the workplace.
3. Describe an occasion when you provided advice, guidance or support to colleagues on operational or working processes.

Sifting

Applications will be sifted on all Success Profile elements. In the event of a high number of applications, the initial sift will be based solely on the following essential criterion:

• Experience of monitoring and incident response in a cyber or digital services environment.

Candidates will be required to provide CV details to include job history; qualification details and previous skills and experience.

Interview Assessment

At interview, you will be assessed against the following:

Behaviours

• Changing and Improving
• Making Effective Decisions

Technical Skills

• Cyber Security Operations
• Intrusion Detection and Analysis
• Threat Understanding

Additional Information

The Government Security Profession Career Framework, including the aligned Monitoring Associate role used for this vacancy, can be found here:
Government Security Profession Career Framework (opens in a new window).

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor a visa. It is therefore NOT open to applications from those who will require sponsorship under the points based system.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Ministry of Defence adopts a zero-tolerance approach to unacceptable behaviours, which includes bullying, harassment, sexual harassment, discrimination, and victimisation. You will not be eligible and will not be considered for this post if you have been dismissed from a role for such unacceptable behaviours within the last five years. This will also apply if you resign or otherwise leave a role but, because of an adverse decision, would have been dismissed for gross misconduct had you continued in that employment. Pre-employment checks will be carried out.

Cyber & Specialist Operations Command (CSOC) generates and operates specialist capabilities, ready to fight across all domains to make the UK secure at home and strong abroad.

Always on, we are across every UK operation, delivering the capabilities you don’t usually see - or those you can’t.

From cyber warriors and medics to intelligence analysts, special forces, educators, and Defence attachés, our collective expertise delivers the warfighting edge Defence needs to deter threats and secure the nation today and prepare for tomorrow.

CSOC unites Defence’s cyber and specialist capabilities under a single, military command alongside the Royal Navy, British Army, and the Royal Air Force - acting as the UK’s fourth Military Command. For more information, please see here.’

Cyber and Specialist Operations Command (CSOC) is going through a significant transformation programme which aims to design the way in which the new Military Command conducts its business and delivers for Defence and the nation. As a consequence of this, posts within CSOC are/or may become subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : George Mather
• Email : George.Mather100@mod.gov.uk

Recruitment team

• Email : DBSCivPers-ResourcingTeam3@mod.gov.uk

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: info@csc.gov.uk.

Attachments

CSOC Candidate Pack Opens in new window (pdf, 1777kB)Candidate Information Pack Opens in new window (docx, 32kB)MOD Candidate Pack Opens in new window (pdf, 1562kB)