Security Analyst (Incident Response Lead)

Dyddiad hysbysebu:	05 Chwefror 2026
Cyflog:	£57,204 i £74,822 bob blwyddyn
Gwybodaeth ychwanegol am y cyflog:	National: £57,204 - £66,122 London: £62,988 - £74,822 Offers above the band minimum are subject to our assessment of your skills and experience as demonstrated at interview. Salaries over the band minimum will be paid as a non-pensionable allowance.
Oriau:	Llawn Amser
Dyddiad cau:	02 Mawrth 2026
Lleoliad:	London
Cwmni:	Government Recruitment Service
Math o swydd:	Parhaol
Cyfeirnod swydd:	443727/2

Crynodeb

The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas.

The Cyber Defence team delivers cyber threat intelligence, threat detection and incident response capabilities for the Cabinet Office, and is responsible for defending both internal IT infrastructure and citizen-facing services. As an Incident Response Lead, you’ll take a primary role in building and delivering these core capabilities, focusing on managing and responding to incidents.

IMPORTANT: SECURITY VETTING

This role requires SC (Security Check) which will be conducted by the NSV (National Security vetting). You need to have been resident in the UK within the past five years in order to apply. Here is a short video why this is necessary.

https://www.youtube.com/embed/lRit8RA7Zpo?si=CTOlUU2qHk9vbAvX

As an Incident Response Lead, you will:

• Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents
• Lead the forensic analysis of systems, files, network traffic and cloud environments
• Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions
• Support the wider coordination of cyber incidents
• Review previous incidents to identify lessons and actions
• Identify and deliver opportunities for continual improvement of the incident response capability
• Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
• Develop and update internal plans, playbooks and knowledge base articles
• Act as an escalation point for, and provide coaching and mentoring to, security analysts
• Be responsible for leadership and line management of security analysts

Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.

Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd

Gwybodaeth am Hyderus o ran Anabledd

Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.