Search
Header navigation
SEO Lead Cyber Security Monitoring

SEO Lead Cyber Security Monitoring

Driver and Vehicle Standards Agency
remoteHybrid
ExpiresExpires: Expiring in less than 2 weeks
Flexible
£44,241 - £59,997 per year

Job summary

Join DVSA’s mission to make roads safer and more efficient by shaping the future of digital public services. As Lead Cyber Security Monitoring, you’ll play a pivotal role in protecting DVSA’s systems, data, and services used by millions across the country. Keeping its critical digital services secure by leading the frontline of cyber defence.

You will take ownership of responding to complex security events and incidents, working from threat intelligence, monitoring outputs, and established procedures without the need for direct supervision. You’ll lead the containment, investigation, and remediation of cyber incidents, ensuring rapid recovery, minimal business impact, and robust forensic readiness. You will also drive proactive security through threat hunting, vulnerability management, and continuous improvement of SOC processes.

As a senior role within the Security Operations Centre, you will guide, support and mentor SOC analysts and colleagues across DVSA, acting as a subject matter expert in incident response, threat detection, and cyber resilience. You will champion high standards of cyber security practice, ensuring compliance with policy, shaping response processes, and strengthening organisational readiness through exercises, training, and cross-government collaboration.

You will be committed to operational excellence and will promote strong security behaviours across the organisation. You will communicate clearly both with senior stakeholders and end users and ensure DVSA remains prepared for tackling emerging threats and evolving attack vectors.

Joining our department comes with many benefits, including:

  • Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
  • 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays a privilege day for the King’s birthday
  • Flexible working options where we encourage a great work-life balance.

Read more in the Benefits section below!

Find out more about what it's like working at Driver and Vehicle Standards Agency - Department for Transport Careers

Job description

Your responsibilities will include, but aren’t limited to:

  • Leading the rapid detection, investigation, and response to cyber security incidents, ensuring threats are contained, impact is minimised, and incidents are handled in line with DVSA policies, legal requirements, and best‑practice security standards, including performing or arranging digital forensics to support evidence gathering and preservation.
  • Driving proactive cyber defence through threat hunting and vulnerability management, using threat intelligence to identify emerging risks, suspicious activity, and weaknesses in DVSA’s security posture.
  • Manage post-incident review, including root cause analysis, to feedback information and so improve monitoring and evidencing need for policy change as necessary.
  • Managing and improving SOC processes and protective monitoring capabilities, ensuring DVSA and its suppliers meet contractual and policy obligations for incident reporting and security operations.
  • Planning, leading, and evaluating incident response exercises, including red‑team activity, to strengthen organisational readiness and validate response procedures.
  • Providing expert advice to senior leaders and technical teams, helping them understand risks, make informed decisions, and embed strong security practices.
  • Building strong relationships across DVSA and with external partners, including government departments, regulators, and third‑party suppliers.
  • Producing clear, high‑quality reporting and communication, including incident summaries, performance statistics, lessons learned, and recommendations for continuous improvement.
  • Demonstrating leadership by guiding, mentoring, and supporting SOC analysts and colleagues, acting as a role model for professional standards, technical excellence, and Civil Service values.

Great line management is important to us as an organisation, and we will equip and support line managers to develop the skills they need. We aim to empower line managers to create teams where people can flourish and deliver excellent outcomes for the public.

For further information on the role, please read the attached role profile. Please note that the role profile is for information purposes only - whilst all elements are relevant to the role, they may not all be assessed during the recruitment process. This job advert will detail exactly what will be assessed during the recruitment process.

Person specification

Essential qualifications:

  • Degree in IT Security or IT related subjects

You will be required to provide evidence that you hold any essential qualifications at some point during the recruitment process. If you cannot provide evidence, your application will be withdrawn.

OR

Required Experience:

  • Experience of working in an Incident Manager, Threat hunt, Threat Intelligence or Vulnerability Management role

To be successful in this role you will need to have the following experience:

  • Someone with experience acting as incident manager, ensuring incidents are contained, impact minimised, and any recovery necessary is effective and that lessons are learned to inform future prevention.
  • Someone who can communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors.
  • Someone that has a history of being able to negotiate with senior staff
  • Someone who is technically skilled with the ability to explain technical ideas simply to a variety of audiences.
  • A proven leader who can lead and guide a team to support the delivery of objectives.

Additional Information

The role is part of the Government Digital and Data (or Government Security Profession Career Framework) profession and utilises an enhanced Capability–Based Pay Framework which provides access to a Digital and Data allowance.

The base pay is £44,241. In addition to this the role includes a Digital and Data allowance of up to £14,756

The value of allowance awarded will be based on an assessment of your skills and experience as demonstrated through the selection process.

Here are more details on the pay framework.

Working hours, office attendance and travel requirements

Full time roles consist of 37 hours per week.

Whilst we welcome applications from those looking to work with us on a part time basis, there is a business requirement for the successful candidate to be able to work at least 30 hours per week.

Occasional travel to other offices will be required, which may involve overnight stays.

This role is suitable for hybrid working, which is a non-contractual arrangement where a combination of workplace and home-based working can be accommodated subject to business requirements.

The expectation at present is a minimum of 60% of your working time a month will be spent at either your designated workplace (one of the locations cited in the advert) or, when required for business reasons, in another office/work location. There may be occasions where you are required to attend above the minimum expectation.

If you have a question about hybrid working, part time/job share hours, flexible working, travelling for work, or require a reasonable adjustment, please contact the Vacancy Holder during the recruitment process to avoid possible disappointment later in the process should your working arrangements not be compatible with the requirements of the role (see below for contact details).

Visa Sponsorship

Please note that we do not hold a UK Visa & Immigration (UKVI) Skilled Worker Licence sponsor and are unable to sponsor any individuals for Skilled Worker Sponsorship. Candidates must ensure they have the appropriate rights to work in the UK before application.

Behaviours

We'll assess you against these behaviours during the selection process:

  • Delivering at Pace
  • Communicating and Influencing

We only ask for evidence of these behaviours on your application form:

  • Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

  • Intrusion detection and analysis - Skill Level Practitioner
  • Threat intelligence and threat assessment - Skill Level Practitioner
  • Secure operations management - Skill Level Working
  • Threat understanding - Skill Level Practitioner

Benefits

Alongside your salary of £44,241, Driver and Vehicle Standards Agency contributes £12,816 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Being part of our brilliant Civil Service means you will have access to a wide range of fantastic benefits:

  • Employer pension contribution of 28.97% of your salary. Read more about Civil Service Pensions here
  • 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave).
  • 8 Bank Holidays plus an additional Privilege Day to mark the King’s birthday.
  • Access to the staff discount portal.
  • Excellent career development opportunities and the potential to undertake professional qualifications relevant to your role paid for by the department, such as CIPD, Prince2, apprenticeships, etc.
  • Joining a diverse and inclusive workforce with a range of staff communities to support all our colleagues.
  • 24-hour Employee Assistance Programme providing free confidential help and advice for staff.
  • Flexible working options where we encourage a great work-life balance.

Find out more about the benefits of working at DfT and its agencies (opens in a new window).

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

How to apply:

Our selection process ensures a comprehensive assessment of each applicant's qualifications, skills, and potential fit within our organisation.

The selection process for this role will be:

Stage 1: Sift of Personal Statement (750 words) & CV

Stage 2: Interview & Assessment

You must be successful at each stage to progress to the next stage.

As part of the application process, you will be asked to complete a CV, behavioural statement and personal statement. Further details around what this will entail are listed on the application form.

Stage 1: Sift of CV & personal Statement

Please structure your Personal Statement to provide detailed evidence of each of the following:

  • Experience in SIEM implementation and integration.
  • Demonstratable experience working with a SIEM tool (Microsoft Sentinel, Splunk, etc), and vulnerability scanners.
  • Proven experience of managing stakeholders in a complex environment with multiple service providers.
  • Experience in interpreting threat intelligence and building in rulesets into IDS/IPS toolsets to the threat risks.

The sift will take place week commencing 2nd February - 13th February

If successful at this stage, you will then be invited for interview & assessment.

Stage 2: Interview & Assessment

At interview stage, you will be assessed against the following Success Profile elements:

Behaviours

  • Delivering at Pace
  • Communicating and Influencing

Technical

  • Intrusion detection and analysis - Skill Level Practitioner
  • Threat intelligence and threat assessment - Skill Level Practitioner
  • Secure operations management - Skill Level Working
  • Threat understanding - Skill Level Practitioner

Please note that the technical elements of the role will be assessed against Government Digital and Data Profession Capability Framework (Skills) which you will be able to access here.

The interviews will take place week commencing 23rd February

This interview will be conducted online via Microsoft Teams. Further details will be provided to you should you be selected for interview.

You can find out more about our hiring process, how to apply, and application and interview guidance on our careers site (opens in a new window).

Please note that we will try to meet the dates set out in the advert. There may be occasions when these dates will change.

Further information on the selection process

Feedback on your application can only be provided if you attend an interview or assessment.

We will also hold a12 month reserve list for this role, which may lead to potential opportunities beyond the role you applied for. You can read more about our reserve lists here.

Should we receive a large number of applications, we may invite a shortlist of the highest performing candidates to interview. This means that some applications that meet the required standard could be placed ‘on hold’ after the sift and invited to interview if the vacant position(s) remain unfilled. You will be notified if your application is being put ‘on hold’ once the sift has been completed.

Appointments for this position will be made in order of merit. If you are successful in the selection process but there are no further available posts for the advertised role, you may be contacted to discuss an offer for a lower graded role (with similar experience and responsibility requirements).

If you are unsuccessful in the selection process, your application may be considered for a lower graded position if your demonstrated skills and experience meet the requirements of the alternative position. Candidates will be considered in order of merit.

Reasonable Adjustments

As a Disability Confident Leader employer, we are committed to ensuring that the recruitment process is fair, accessible and allows all candidates to perform at their best. If a person with a visible or non-visible disability is substantially disadvantaged, we have a duty to make reasonable changes to our processes.

Complete the “Assistance required” section in the “Additional requirements” page of your application form to tell us what changes or help you might need during the recruitment process. For instance, you may need wheelchair access at an interview, or if you’re deaf, a Language Service Professional.

If you need a reasonable adjustment so that you can complete your application, you should contact Government Recruitment Service via dftrecruitment.grs@cabinetoffice.gov.uk as soon as possible before the closing date to discuss your needs.

Document Accessibility

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

This job advert contains links to the DfT Careers website. Our website provides useful guidance and information that can support you during the application process. If you cannot access the information on our website for any reason, please email DRGComms@dft.gov.uk for assistance.

Further Information

For more information about how we hire, and for useful tips on submitting your application for this role, visit theHow We Hire page of our DfT Careers website. You can find detailed information about the recruitment process and what to expect when applying for a role.

Pre-employment Checking

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicant’s details held on the IFD will be refused employment.

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5-year period following a dismissal for carrying out internal fraud against government.

All External applicants and current employees of accredited non-departmental public bodies (NDPBs) will be required to undergo a Social Media Check. A Social Media Check is a review of your publicly available online activity, typically across platforms like LinkedIn, Facebook, X (formerly Twitter), Instagram, and others. The purpose is to identify any public posts or content that could raise concerns for employers, such as:

Hate speech or discriminatory behaviour

Threats or acts of violence

Illegal activity or substance misuse

Sexually explicit material

Extremist views or affiliations

Importantly, this check does not involve hacking into your accounts or accessing private messages. It only considers content you have chosen to make public.

Employers use this kind of screening to help ensure their workplace remains safe, inclusive, and aligned with company values. It’s not about judging your personality or lifestyle—it’s about checking for potential red flags that might affect the role or company culture.

If you have questions or concerns about the social media check, we would be happy to explain in more detail what’s being looked at and how your data is handled securely and fairly.

Vetting

For further information on National Security Vetting please visit the Demystifying Vetting website.



Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact Government Recruitment Services via email: dftrecruitment.grs@cabinetoffice.gov.uk
If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission: Visit the Civil Service Commission website Here

Attachments

Role Profile (1) Opens in new window (docx, 799kB)

Salary range

  • £44,241 - £59,997 per year