G4 Senior Cyber Security Operations Centre (SOC) Analyst

10/10/2025, 23:55

173 

45,326 - 54,909

20%

£ 1000

G4
Permanent
Integrated Protective Services (IPS)
Cyber Security
Analytical, Digital, Engineering, Information Technology, Security
Full time
1
Disability Committed
Disability Leader
Civil Service Commission logo

G4 Senior Cyber Security Operations Centre (SOC) Analyst 

Location(s)

Birmingham

About the Role

Information about the Command

The Integrated Protective Security Command (IPS) is responsible for securing the NCA to protect the public. IPS safeguards the NCA from the full range of security threats that target the Agency, our officers and our assets, to enable the organisation to achieve its operational objectives, both domestically and overseas.
IPS officers provide specialist security services to the Agency 24 hours a day, 7 days a week, 365 days a year, to mitigate security risks. People are at the heart of the NCA and IPS play a key role in ensuring the Agency stays at the forefront of combating serious and organised crime.
IPS are responsible for the security of people, processes, technology and standards, operating across the NCA to support operational and non-operational teams, along with the Command team, to ensure the Agency remains resilient and retains public confidence in a volatile and complex threat landscape.

Information about the Business Area

The Cyber Security Team comprises of three areas: Information Assurance, Defend and Respond, and the Security Analysis and Threat Intelligence Team.

The purpose is to protect and maintain the confidentiality, integrity and availability of NCA information, whilst defending the NCA IT platforms, systems and services from existing and emerging threats.

The team also provide the managed response to cyber security incidents and ensure that cyber controls are proportionate, managed and balance risk against operational needs.

This is an exciting opportunity to join the NCA’s Cyber Security team. We are currently looking to recruit a Senior SOC Analyst to work within our Integrated Protective Security command( IPS).

The Cyber Security Team leads the strategic response to cyber risks, cybersecurity function, oversees audit, building internal and external alliances with diverse stakeholders to deliver the NCA’s strategic objectives.

If successful you will support the Lead Analyst to manage and support all SOC services. You will be responsible for monitoring, preventing, detecting and responding to security incidents playing a crucial role in safeguarding the NCA’s digital infrastructure from security threats.

You will report to the Lead SOC Analyst, working from the Agency’s Birmingham office, on a 24/7 shift pattern. This will include working nights, weekends and bank holidays. The team currently work an 8 hour sift pattern, with the proposal of moving over to 12 hour shifts. This would typically be working 4 days, followed by 4 days off.

**Please note due to the nature and requirements of this role, it is not available on a hybrid basis. The role will be based in our Birmingham office only**

Duties & ResponsibilitiesOverview
Monitoring eventsMonitoring for events across multiple security technologies, including intruder detection systems (IDS), Intruder prevention systems (IPS), Firewalls, End Point Security Solutions and vulnerability management solutions.
Responding to security eventsReceiving and acting on calls, emails, alerts, etc. relating to security events and possible security incidents. Including responding to incidents where a detailed understanding of the monitored estate is required and is beyond the capabilities of the SOC Analyst.
Content developmentAssisting in content development and analytics. Taking threat intelligence and tuning the SOC services to best protect the Agency’s vulnerabilities.
Assisting engineersAssisting in engineering tasks in support of the continuous availability of SOC services.
Complete scheduling and reportingComplete SOC scheduled tasks and ensure reported events and incidents are appropriately progressed.
Risk and complianceAssisting as with Security, Risk, Compliance and Service reporting.
Categorising eventsWork alongside colleagues from personnel and physical security to assess events and categorise them appropriately.
AdministrationMaintenance of SOC documentation, processes, and procedures. 
Provide expert advice on IT securityProvide expertise, guidance and advice in IT Security related matters, including maintaining up to date knowledge of network, application and communications security solutions, as well as emerging technologies.
Responding to IncidentsResponding to incidents where a detailed understanding of the monitored
estate is required and is beyond the capabilities of the SOC Analyst.
Identifying threatsLiaise with trusted partners to provide accurate threat identification. Recommend suitable mitigation measures and report the situation to the shift lead.
Reduce risk to data lossCollaboration with other Security Teams (Cyber Defence, IA, Operational, Physical and Personnel) and adjacent commands to support the overall aim of lowing risk to data loss.
Deputising to support deliverySupport of senior management in the delivery of an effective and efficient departmental service, deputising where appropriate. The Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
Building effective working relationships and collaborationDevelop and build internal and external partnerships working collaboratively to foster good relations, including working with other government departments to further the SOC capabilities.
Leading the teamThe Senior Analyst leads the shift team during the absences of the Lead Analyst, reporting into the SOC Manager.
ExperienceDescription
SIEMExperience of using SIEM capabilities.
Responding to incidentsExperience of incident response.
Using scanning softwareExperience with using vulnerability scanning software.
Modelling, analysing and reportingExperience of Threat modelling, Impact analysis and report writing.

Essential Criteria

You must meet the essential criteria and evidence this within your application to be considered for the role.

Recognised higher education in an IT related area with preference for those held within Cyber security relevant to this role

Or

Certifications from a recognised body in Digital Security e.g. GIAC, ISC2, ISACA, BCS, CompTIA

Any applications from candidates not meeting this eligibility criteria will not progress.

Salary

Allowances are reviewed annually and may be increased, decreased or removed.
All salary offers will be made in line with Remuneration Policy. 
  • This position attracts a Recruitment and Retention Allowance (RRA) of £1000 (Per Annum) available as an addition to the advertised salary.
  • The role attracts a shift payment premium of 20% of your base salary

Benefits

All NCA employees are members of the UK Civil Service and eligible for the Civil Service pension scheme, alongside your salary the NCA contributes £13,130. Further information on the benefits of the scheme is available on the Civil Service Pension Website.

New entrants to the NCA receive 26 days annual leave, rising to 31 on completion of 5 years continuous service, plus 8 bank holidays.  

If qualifying criteria is met new joiners from UK Police Forces or the UK Intelligence Community (UKIC) will have service with those employers taken into account for continuous service purposes for annual leave entitlement only, this will be up to a maximum of 31 days leave (including 1 privilege day).

Other benefits include:

  • Flexible working, including flexi-time, compressed hours and job sharing (in line with business requirements) 
  • Family friendly policies, notably above the statutory minimum
  • Learning and Development opportunities
  • Interest free loans and advances, including season tickets, childcare and rental deposits
  • Housing schemes - Key Worker status
  • Discounts and Savings with a wide variety of services including Cycle to Work, Smart Tech schemes, dental insurance, gym discounts and savings on everyday spending, available through the Reward Gateway | Edenred and Blue Light Card schemes.
  • Staff support groups/networks
  • Sports and social activities, including membership to the Civil Service Sports Council (CSSC) 

Further information is available on the NCA Website.

Selection Process Details

This vacancy is using the Success Profiles framework and will assess using the following criteria: Behaviours, Technical Skills 
Artificial Intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action.  Please see our candidate guidance for more information on appropriate and inappropriate use.

How we will assess you

Your application will be assessed against the following:
Technical - this will be assessed by 250 word examples on:
  • Experience of using SIEM capabilities. 
  • Experience of incident response. 
  • Experience with using vulnerability scanning software. 
  • Experience of threat modelling, Impact analysis and report writing. 
A panel will assess how well your application demonstrates the requirements outlined above.

Longlist

In the event of a high number of applications, we may operate a longlist. Applicants will need to meet the minimum pass mark for the lead criteria.

 - Experience of using SIEM capabilities. .

Candidates who do not meet the minimum pass mark for the lead criteria will not progress to having their other criteria assessed. Applications must meet the minimum criteria to be progressed to the assessment stage.

You will receive an acknowledgement once your application is submitted.

We aim to have sift completed and scores released within 10 working days of the closing date of the advert. For high volume campaigns this timeframe may be extended.

Scores will be provided but further feedback will not be available at this stage.

For guidance on the application process, visit: 
NCA Applying and Onboarding 

Assessment 1

The format of this assessment will be Interview which will be tested on the criteria listed in the Success Profiles at Assessment section.

Success Profiles at Assessment

  • Communicating and Influencing 
  • Changing and Improving 
  • Experience of using SIEM capabilities. 
  • Experience of incident response. 
  • Experience with using vulnerability scanning software. 
  • Experience of threat modelling, Impact analysis and report writing. 
Assessment Outcome
Outcomes will be communicated via the NCA recruitment portal. 
If successful but no role is immediately available, you may be placed on a reserve list for 12 months. 

In the event of a tie at the assessment stage, available roles will be offered in merit order using the following order: 

  1. Lead criteria (behaviours/technical/experience)
  2. If still tied, desirable criteria will be assessed (if advertised) 
  3. If still tied, application sift scores will be used
Feedback is provided only to those who attend an assessment.
You will be subject to vetting and pre-employment checks before appointment.
Once the vacancy closes, the advert will no longer be accessible. Please save a copy for your records. 
We encourage all candidates to visit the NCA Careers Page for more information.

Eligibility, Pre-Employment Check and Vetting

Please see the NCA T&Cs and Privacy Policy (pdf) for details on how your data is handled. 
If you are an internal candidate who has passed interview but is undergoing an internal investigation or have a written warning in place preventing a post move you may not be able to be posted until this investigation is concluded or restriction lifted.

Nationality Requirements

This role is broadly open to the following groups:
• UK nationals or dual nationals, where one component is British
Further information on nationality requirements
You will be required to participate in digital right to work and address checks as part of the recruitment process.

Security and Vetting

People working with government assets must complete baseline personnel security standard checks.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is DV Enhanced. All security clearances will be managed by the NCA.
For more information on security vetting please visit: UK Security Vetting guidance for applicants and Demystifying Vetting and see our vetting charter at: The Vetting Charter.

Vetting requirements - DV Enhanced

Prior to commencing the role, you will need to successfully complete DV Enhanced clearance and then achieve DV STRAP clearance within the first 12 months in post. 
The requirement for DV Enhanced clearance is to have been present in the UK for at least 7 of the last 10 years.
To obtain DV STRAP you must be willing to undergo STRAP induction and must hold full UK nationality or dual nationality, where one component is British. Applications will be considered on a case by case basis.
Failure to meet the residency requirements will result in your security clearance application being rejected.
If you fail to obtain the increased clearance within 12 months of starting, your contract of employment is at risk of termination.
For further information on National Security Vetting checks please visit the following page Demystifying Vetting
Individuals will be required to undertake and pass a substance misuse test as part of pre-employment checks.

Occupational Health

Successful candidates will be expected to undertake an occupational health assessment. Depending on the role an in-person medical may be required in either London or Warrington. Unfortunately, travel costs will not be reimbursed.

Things you need to know

Near Miss

If you meet the criteria for a lower grade, you may be offered that role if not appointable at the advertised grade.

Conversely, if found appointable at a higher grade but no posts are available, you may be offered a lower-grade role.

All offers are made based on merit.

Hybrid Working

The NCA supports hybrid working. The extent of remote working will depend on the role and can be discussed at the offer stage.

Reasonable Adjustments

We’re proud to be a Disability Confident Leader and an inclusive, equal opportunities employer. 

We’re committed to creating a workplace where everyone can be their authentic self. If you’re neurodiverse, have a disability, or live with a long-term health condition, we encourage you to let us know about any reasonable adjustments you may need during the recruitment process. 

If you experience accessibility issues with the advert or require reasonable adjustments, please contact our Recruitment Team at Central.Recruitment@nca.gov.uk before the advert closing date.

Please ensure you complete the ‘Equal opportunities’ and 'Reasonable Adjustments' sections in the application form to inform us on what support you may need in the recruitment process.

For more on our Disability Confident commitment, visit Disability Confident Scheme | Civil Service Careers.  

Visit NCA Benefits and Support for more details. 

Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service Diversity and Inclusion Strategy

In order to monitor the effectiveness of the National Crime Agency's Diversity & Inclusion strategy, we require certain personal details about you on submission of your application for statistical and monitoring purposes only. Please note that this will be treated in confidence and will not impact your application.

This vacancy is part of the Great Place to Work for Veterans initiative.

Working for the Civil Service

The Civil Service Code sets out the standards of behaviour expected of civil servants.

We recruit on merit through fair and open competition, in line with the Civil Service Commission's Recruitment Principles.

The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

If you believe your application has not been treated fairly, email: Central.Recruitment@nca.gov.uk (quoting the vacancy reference). 
If unresolved, you may escalate your complaint to the Civil Service Commission. 

Working for the NCA

The National Crime Agency is a 24/7 organisation, and working patterns must support business requirements. Some roles may require you to respond at short notice or outside of core hours.
If preferable, alternative contract types may be available. Please review the green bar of this advert to view all available contract types for this role. Where Loan or Secondment options are available, these would be for existing Civil Servants (Loan) and applicants from accredited Non-Departmental Public Bodies (NDPBs) or any other employer (Secondment). Prior agreement to be released on a loan basis must be obtained before commencing the application process. In the case of Civil Servants, the terms of the loan will be agreed between the home and host department and the Civil Servant. This includes grade on return.
If you have any specific queries about the role that are not covered by the advert, please contact:

Name : Central Recruitment Team
Email : Central.Recruitment@nca.gov.uk

Attachments

This vacancy is closed to applications.