Change text size:

Choose Style:

Lead Security Analyst

  • 23/05/2024
  • £40,950.00 - £49,795.00 /yearly
  • Part Time & Permanent
Job expired!

Job Overview

Job Type

Part Time & Permanent


£40,950 - £49,795 yearly

Date Posted:


Expiration date:


Additional Detail

Job ID


Job Description

Birmingham, Cardiff, Darlington, Edinburgh, London, Salford

Job summary

The Integrated Corporate Services (ICS) is a new shared corporate service, launched in July 2023. It will provide corporate services (HR, Finance, Digital, Commercial, Security and Estates) across the Department for Energy Security & Net Zero (DESNZ) and the Department for Science, Innovation & Technology (DSIT).  

Our team of just over 300 professionals will be leading the way in how these functions will be delivered in the future. Our ambition is to be the leading provider of integrated corporate services for government and set the standard for quality, efficiency, and innovation in our field. 

Our Inclusive Environment 

We are building an inclusive culture to make the Department a brilliant place to work where our people feel valued, have a voice and can be their authentic selves. We value difference and diversity, not only because we believe it is the right thing to do, but because it will help us be more innovative and make better decisions.  

We offer first-class flexible working benefits, excellent employee well-being support and a great pension. We are fortunate to have a range of excellent staff networks and are proud to be a Disability Confident Leader employer. We will support talented people from all backgrounds to build a career and thrive. 

We actively welcome applications from anyone who shares our commitment to inclusion. We will fully support candidates with a disability or long-term condition who require adjustments in our recruitment process. 

Find Out More 

We regularly run events where you can find out more about the department and tips for the application process. You can sign up for upcoming events here: 

You can also follow our LinkedIn Careers Page:  

Job description

As a Lead Security Analyst, you will be at the forefront of safeguarding our digital assets and data. With a deep understanding of the complexities of cyber security, you will be a key part of our cyber team and inspirational line manage, guiding your team through the ever-evolving threat landscape. 

The role is critical in monitoring, detecting, analysing, and responding to security incidents and threats with precision. Your expertise in security technologies and incident response procedures will be pivotal in protecting our critical systems and data.

Leveraging Azure cyber security tools, especially Azure Sentinel, you will ensure vigilant incident and event monitoring. Managing a dedicated team of two cyber analysts, you will collaborate closely with our Security Engineer and Threat Intelligence Team to maintain and enhance our security posture.

Person specification

Key responsibilities

● Incident Response and Management - lead and participate in complex incident investigations, utilising advanced techniques to identify the root cause, scope, and impact of security incidents.

● Analyse and interpret security data from multiple sources, including logs, network traffic, and endpoint data, to identify emerging threats and attack patterns.

● Threat Hunting and Analysis - proactively hunt for advanced threats and vulnerabilities within the environment using various threat intelligence sources and security tools.

● Azure Sentinel Expertise: You will configure, manage, and fine-tune Microsoft Azure Sentinel. Additionally, youll design and implement custom log queries and alerts within Azure Sentinel to enhance threat detection and incident response capabilities.

● Collaboration and Communication - communicate effectively with external vendors, technical and non-technical stakeholders, translating complex technical concepts into understandable terms.

● Participate in the development and enhancement of SOC processes, workflows, and procedures to improve incident response efficiency and effectiveness.

Skills and experience

Essential criteria

● Leadership experience within a SOC Team and a track record of coaching/mentoring and developing junior members of staff.

● Effective verbal and written communication skills, including the ability to lead on meetings with external vendors, technical and non-technical stakeholders, translating complex technical concepts into understandable terms.

● Experience using a Security Incident Event Management (SIEM) and security tooling in a Security Operations Centre (SOC) demonstrating improvements in processes, workflows, and incident response leading to greater efficiency and effectiveness. 

● Experience working in an enterprise technology setting, with a focus on Cyber Security.

● Demonstrable experience using a query language to work with large sets of data, preferably Kusto Query Language

Desirable Criteria

● Experience working with Cloud platforms (AWS, Azure)

● Relevant security-based certifications

● Documentation of incident, investigation, findings adhering to incident response procedures.

It is unusual that all candidates will meet all the desirable criteria. If your skills and experience look slightly different from what we have identified and you think you can bring value to the role and the team, we strongly encourage you to apply. We'd love to hear from you!   

The link to the technical/professional competency framework that candidates will be assessed against, is:


We'll assess you against these behaviours during the selection process:

  • Leadership
  • Developing Self and Others

Technical skills

We'll assess you against these technical skills during the selection process:

  • Analysis and Synthesis (data analyst)
Alongside your salary of £40,950, Department for Energy Security & Net Zero contributes £11,056 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

The Department for Energy Security and Net Zero offers a competitive mix of benefits including:

  • A culture of flexible working, such as job sharing, homeworking and compressed hours.
  • Automatic enrolment into the Civil Service Pension Scheme, with an average employer contribution of 27%.
  • A minimum of 25 days of paid annual leave, increasing by 1 day per year up to a maximum of 30.
  • An extensive range of learning & professional development opportunities, which all staff are actively encouraged to pursue.
  • Access to a range of retail, travel and lifestyle employee discounts.
  • A hybrid office/home based working model where staff will spend a norm of 40-60% of their time in the office (minimum of 40%) over a month with flex dependent on balancing business and individual need.

Office attendance

The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home-based location for 40-60% of the time over the accounting period.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

As part of the application process you will be asked to complete a CV and personal statement.

Further details around what this will entail are listed on the application form.

Please use your personal statement (in no more than 750 words) to outline how your experience aligns with the Essential criteria mentioned in the job advertisement, and what you can bring to the role.

Applications will be sifted on CV and personal statement

In the event of a large number of applicants, applications will be sifted on the personal statement.

Candidates who pass the initial sift may be progressed to a full sift, or progressed straight to assessment/interview.

The interview will consist of behaviour and technical questions.

Interviewees will be asked to deliver a presentation; further details will be provided nearer the time. 

Sift and interview dates

Expected Timeline subject to change

Sift dates: w/c 10/06/2024

Interview dates: w/c 17/06/2024

Interview Location: MS Teams.

Candidates are asked to note the above timetable, exercising flexibility through the recruitment and selection process.

Further Information

This vacancy is being offered on the DDaT Pay Framework and can include an allowance of up to £10,000 depending on skills, qualifications, and experience.

Further details on the framework can be found on

For further information on National Security Vetting please visit the following page

Reasonable Adjustment

We are proud to be a disability confident leader and we welcome applications from disabled candidates and candidates with long-term conditions.

We fully support adjustments throughout our recruitment process and we encourage candidates to discuss their adjustment needs by emailing the job contact which can be found under the contact point for applicants section.

We do not have an exhaustive list of adjustments that we support but just some examples include additional time to complete your application form, behaviour questions up to 72 hours prior to interview and having extra time at interview. 

If you are experiencing accessibility problems with any attachments on this advert, please contact the email address in the 'Contact point for applicants' section.

If successful and transferring from another Government Department a criminal record check may be carried out.

New entrants are expected to join on the minimum of the pay band.

A location-based reserve list of successful candidates will be kept for 12 months. Should another role become available within that period you may be offered this position.

Please note terms and conditions are attached. Please take time to read the document to determine how these may affect you.

Any move to the Department for Energy, Security and Net Zero  from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility

DESNZ does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home). 

DESNZ cannot offer Visa sponsorship to candidates through this campaign.

DESNZ holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.

In order to process applications without delay, we will be sending a Criminal Record Check to Disclosure and Barring Service /Disclosure Scotland on your behalf.

However, we recognise in exceptional circumstances some candidates will want to send their completed forms direct. If you will be doing this, please advise Government Recruitment Service of your intention by emailing [email protected] stating the job reference number in the subject heading. 

For further information on the Disclosure Scotland confidential checking service telephone: the Disclosure Scotland Helpline on 0870 609 6006 and ask to speak to the operations manager in confidence, or email [email protected] 

Applicants who are successful at interview will be, as part of pre-employment screening, subject to a check on the Internal Fraud Database (IFD). This check will provide information about employees who have been dismissed for fraud or dishonesty offences. This check also applies to employees who resign or otherwise leave before being dismissed for fraud or dishonesty had their employment continued. Any applicants details held on the IFD will be refused employment. 

A candidate is not eligible to apply for a role within the Civil Service if the application is made within a 5-year period following a dismissal for carrying out internal fraud against government.


Feedback will only be provided if you attend an interview or assessment.


Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).

See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

This job is broadly open to the following groups:

  • UK nationals
  • nationals of the Republic of Ireland
  • nationals of Commonwealth countries who have the right to work in the UK
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
  • nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
  • individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
  • Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
The Civil Service welcomes applications from people who have recently left prison or have an unspent conviction. Read more about prison leaver recruitment (opens in new window).
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

Recruitment team

Further information

Appointment to the Civil Service is governed by the Civil Service Commissions Recruitment Principles. If you feel that your application has not been treated in accordance with the recruitment principles, and wish to make a complaint, then you should contact in the first instance [email protected]. If you are not satisfied with the response that you receive, then you can contact the Civil Service Commission. For further information on bringing a complaint to the Civil Service Commission please visit their web pages: Click here to visit Civil Service Commission/Complaints


DESNZ TCs v1.2 Opens in new window (doc, 174kB)

Our use of cookies

We use necessary cookies to help our site function. We’d also like to use analytics cookies that help us make improvements by measuring how you use our website.

For more detailed information about the cookies we use, see our Cookies page.

Necessary cookies

Necessary cookies enable core website functionality such as network management, security and accessibility. You may disable these by changing your browser settings, but this may impact how the website functions.

Analytics cookies


We’d like to collect website analytics cookies information using Google Analytics to help us improve our website. We collect this data by running Google Analytics JavaScript on your device, which collects data about how you interact with our site. The data is collected in a way that does not directly identify anyone. For more information please see our Cookies page.