Digital Forensics Incident Response Lead
| Posting date: | 26 March 2025 |
|---|---|
| Salary: | £55,557 to £71,675 per year |
| Additional salary information: | National £55,557 - £66,058; Inner London £61,089 - £71,675 Our offer to successful candidates will be based on an assessment of your skills and experience as demonstrated at interview. |
| Hours: | Full time |
| Closing date: | 07 April 2025 |
| Location: | Newcastle-upon-Tyne |
| Company: | Government Recruitment Service |
| Job type: | Permanent |
| Job reference: | 394817/1 |
Summary
The Security Monitoring & Investigations Team (SMI) plays a vital role in securing the DWP estate; ensuring that service delivery is not affected by potential malicious activity from either internal or external threat actors. The team operates in a dynamic environment at the forefront of the Department’s cyber protection capability.
This role is for a Digital Forensics Incident Response Lead who will have responsibility for leading and co-ordinating the technical response to security incidents including digital forensics. They will manage people and work across the team, and will provide expert technical advice to incident managers as well as wider stakeholders to ensure robust resolutions.
This role is an exciting position in the Cyber Resilience Centre, part of DWP Security and Data Protection.
The Digital Forensics Incident Response Lead will lead and direct technical investigations including digital forensics, that arise from security incidents. They will be responsible for ensuring that all legal and internal compliance standards are maintained and for producing and reviewing technical reports with appropriate recommendations.
They will provide expert technical advice to all internal stakeholders and will work with teams across DWP to develop and improve cyber response strategies and forensic and investigation capabilities.
They will be actively involved in all stages of incident response, from identification and containment through to eradication and recovery. They will respond quickly and decisively to minimise the impact of any cyber-attack to the organisation and will make appropriate recommendations to prevent an incident from recurring.
They will manage and develop a virtual team of analysts focused on the identification and investigation of cyber security incidents, as well as the proactive detection and investigation of potential indicators of compromise or malicious activity on DWP systems. They will provide co-ordination of the technical response to security incidents, collaborating with stakeholders across the DWP to ensure an effective and proportionate mitigations are applied.
Responsibilities
Successful candidates can expect to be involved in a range of the following:
- Support the DWP Security Incident Response Team (SIRT) by providing expert technical input to on-going investigations in relation to the mitigation, detection and response to potential cyber-attacks.
- Deliver the team strategy, implementing agreed policies, standards and processes as required to support the work of the Digital Forensics Incident Response Team.
- Lead and direct forensic investigations that arise from security incidents ensuring that all legal and internal compliance standards are maintained and that all outputs and reports are fit for purpose.
- Provide expert technical advice to internal DWP stakeholders as well as DWP partners and work across the Department to develop and improve cyber response strategies and forensic and investigation capabilities.
- Receive, analyse and interpret reports of technical, threat and vulnerability information from all sources of intelligence. This includes outputs from DWP systems as well as intelligence from OGD partners; knowledge exploitation, and open-source information. Use the information for the identification of threats across the DWP estate.
- Produce and review technical reports following security incident investigations, including recommendations for resolving or mitigating control failures and actively contribute to lessons learned exercises.
- Lead, direct and manage a virtual team of security analysts focused on the technical investigation of security incidents, ensuring resources are assigned to the key threat areas and workloads organised appropriately to deal with competing demands.
- Direct and co-ordinate technical incident response activities across the wider DFIR function, providing effective communications and coordinating activities across the team, involving expert domains and stakeholders timeously, as appropriate, to ensure an effective and cohesive response.
- Perform complex analysis in a high-pressure environment encouraging analysts to demonstrate adaptability and creativity, always demonstrating professionalism, and upholding the team’s credibility across DWP.
- Provide timely intervention to protect the DWP IT Estate through operating and directing containment processes to isolate and prevent the spread of attacks.
- Develop influential relationships with key stakeholders across the Department to support improvement activities to mitigate the risks from malicious activity.
- Adhere to Association of Chief Police Officers (ACPO) guidelines for investigations, maintaining chain of custody records for evidential or intelligence items.
- Present evidence as appropriate, acting as an expert witness if necessary.
The Security Monitoring and Investigations team operates 24 hours a day, 7 days a week and as a result, post holders may be required to work as part of an on-call rota and to work outside of usual office hours as investigations dictate. Travel to different DWP sites and Government agencies with occasional overnight stays will also be required.
Proud member of the Disability Confident employer scheme