Lead Cyber Security Engineer

Posting date:	04 August 2025
Salary:	£59,634 to £79,133 per year
Additional salary information:	(including allowances) London £63,248 to £79,133, National £59,634 to £75,618. Salary is dependent on location and technical skills as assessed at interview.
Hours:	Full time
Closing date:	25 August 2025
Location:	Cardiff
Company:	Government Recruitment Service
Job type:	Permanent
Job reference:	420575/4

Summary

If you'd like to find out more about the role, the Cyber Security Team and what it’s like to work at DBT, we're holding a Hiring Manager Q&A session for this role where you can virtually 'meet the team' on Wednesday 20th August at 12:30pm. Please click here to book your spot.

About us

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission.

As a Lead Cyber Security Engineer at DBT, you will play a vital role in safeguarding the department’s digital estate, supporting the UK’s economic resilience and global competitiveness. You’ll lead the design and implementation of secure-by-design solutions across cloud, hybrid, and on-premises environments, embedding security throughout the digital lifecycle.

Your responsibilities will span both strategic and operational domains. You’ll lead security engineering across DBT’s digital platforms, ensuring robust protection of trade, business, and investment systems. You’ll also be at the forefront of our Security Operations Centre (SOC), overseeing the identification, collection, and analysis of security event data to generate high-fidelity, actionable alerts for cyber analysts.

Working closely with the SOC Manager, you’ll ensure that security tooling and data pipelines are current, effective, and tailored to reduce alert fatigue. You’ll create bespoke analytic rules and collaborate with analysts to refine detection capabilities. You’ll also take an active role in managing security alerts and leading incident response and investigation efforts.

As a senior colleague, you’ll advise on cyber risks, emerging threats, and mitigation strategies aligned with the Government Security Framework and standards. You’ll collaborate across government, industry, and international partners to uphold the UK’s cyber reputation. Additionally, you’ll mentor and develop talent within the cyber team, fostering a culture of innovation, continuous improvement, and shared learning.

Main responsibilities

You will be:

• Leading large, cross-functional technical team in the design, development, and enablement of automated monitoring processes, advising on the latest SIEM (Security Information and Event Management) and network analysis tools, techniques, and procedures to detect malicious activity, while communicating directly with leadership on the progress and status of monitoring.

• Leading wider implementation of a monitoring strategy, ensuring roadmaps are achieved as expected, ensuring requirements, policies, and standards to govern all activities and outputs are met.

• Reviewing high-priority or high-complexity analysis of security event data to manage security incident response, making key decisions on reporting or escalations for monitoring Containing and remediating those incidents, identifying potential process improvements.

• Communicating with a broad range of senior stakeholders and be responsible for defining the vision, principles, and strategy for incident response Deputising for the SOC manager as a when required.

• Reviewing incident documentation ensuring that appropriate lessons learned are captured and implemented.

• Maintaining and integrating Cyber Threat Intelligence services to enhance the Departments capabilities to detect threats.

• Mentor junior engineers and contribute to the development of the security profession.

About you

• Be a good, open communicator through written, verbal and virtual mediums

• Be a good decision-maker 

• Possess strong collaboration skills recognising the role must work with other Cyber team members and with various Service teams and third parties

• Be able to prioritise own workload based on the overall requirements of the SOC and SOC manager

Proud member of the Disability Confident employer scheme

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.