Cyber Security Monitoring and Investigations Alert Analyst

The team operates in a dynamic environment at the forefront of the Department’s cyber protection capability.

This role is for a first line monitoring analyst who will have responsibility for the initial triage of security alerts generated from across the DWP estate.

Working as a Security Alert Analyst you will monitor systems to detect potential indicators of compromise. You will lead the first stage categorisation and investigation of security alerts generated by analytical tools and capabilities operating across DWP systems and networks.

You will use malware analysis tools as appropriate to support your decision-making.

You will support the development of theoretical rules to test and deploy across large data sets and will continually review and refine those rules to ensure high quality outputs are maintained and supplied to operational stakeholders.

Responsibilities:

• Effectively use security tooling including Security Information and Event Management (SIEM) platforms and open-source intelligence, to identify security compromises within large amounts of complex data.
• Provide in-depth analysis of reports and dashboards and respond to alerts generated by the latest analytical tools and capabilities operating across machine data within DWP systems.
• Demonstrate knowledge of the latest security threats and indicators of compromise, to ensure an effective response to alerts as well as to new threats and attack vectors.
• Undertake proactive interrogation of activity captured in system logs and across large data sets to quickly determine if systems have been compromised.
• Use intelligence effectively to ensure appropriate response actions to security threats.
• Provide cyber security specific input to investigations through the application of technical knowledge and exploitation of cyber intelligence.
• Use malware analysis tools (commercial and/or open source) to support analysis and decision making.
• Work within the confines of relevant legislation as it applies to cyber security and digital forensics activities.
• Provide timely intervention to protect the DWP IT estate through initiating containment processes to isolate and prevent the spread of malware.
• Drive forward the development of monitoring systems and supporting processes and playbooks, ensuring systems are in place to review and continually improve existing capabilities.
• Demonstrate strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
• Ensure that all team activities comply with legal and internal requirements and that all evidence produced from investigations is suitable for use in disciplinary or legal actions.
• Ensure the Department’s data is used safely, proportionately, and legally at all times.
• Support remedial activity as a result of identified weaknesses within the estate.
• Manage multiple priorities and respond flexibly to competing demands.