Threat and Vulnerability Management Senior Support Analyst – 47764
£30,989 - £47,591
We encourage applications from people from all backgrounds and aim to have a workforce that represents the wider society that we serve. We pride ourselves on being an employer of choice. We champion diversity, inclusion and wellbeing and aim to create a workplace where everyone feels valued and a sense of belonging. To find out more about how we do this visit: https://www.gov.uk/government/organisations/ministry-of-justice/about/equality-and-diversity.
Threat and Vulnerability Management Senior Support Analyst
Closing Date: Friday 24th September
Location: Birmingham, Sheffield, Nottingham, London & Glasgow
Salary Range:London £36,798 National £30,989
Interviews: Monday 11th October 2021
We’re recruiting for a Threat and Vulnerability Management Senior Support Analyst here at MoJ Digital & Technology, to be part of our warm and collaborative Security, Privacy and Live Services team.
These are exciting times atMOJ Digital and Technology. We have a clear vision – to develop a digitally-enabled justice system that works more simply for users – and we’re looking for talented people to help us achieve it.
We’re making things better by building adaptable, effective services and making systems that are simple to use for staff and citizens. It can be challenging but it’s also important and rewarding.
As well as doing great work, we’re creating a place that’s great to do work in. We offer tip-top kit, brilliant training opportunities and support from expert colleagues. On top of that, you’ll find flexible working, an inclusive culture and a place where your opinion is valued.
As a TVM Senior Analyst, within our Operational Security Team (OST), you will be responsible for maintaining and continually improving the security of some of the Ministry of Justice’s key digital platforms, used by millions of people every year.
You’ll be acting as support for the lead for the TVM team and will own identifying, quantifying and managing cyber vulnerabilities across the MOJ, in conjunction with other parts of the supportive Cyber Security family.
This role will be responsible for the implementation and management of threat and vulnerability capabilities, interfacing with appropriate teams across the businesses and associated 3rd parties to ensure appropriate remediation plans are defined and implemented.
The Threat & Vulnerability area will consist of the following remit;
- Vulnerability Assessments & Management
- Threat Intelligence
- Ensure effective vulnerability scanning of infrastructure, code, and applications within both corporate and 3rd party environments
- Define minimum standards in relation to vulnerability management, monitoring compliance across the department
- Research and investigate new and emerging vulnerabilities, to include Zero Day events, and participate in external security communities, sharing findings across the security functions.
- Define minimum standards in relation to threat management, monitoring compliance across the businesses
- Ensure threat management encompasses external and internal threat sources, helping to identify current and future threats to the security functions.
- Perform, at least monthly, a Threat Assessment across our businesses, feeding into crisis management, risk management and business planning activities.
- Ensure the accurate and timely release of vulnerability metrics.
- Report on areas of non-compliance against Policy and/or Group Standards
If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!
This is a Band B role with a salary of London £36,798, National £30,989 plus great benefits:
- 37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.
- We are committed to nurturing our staff and provide lots of training and development opportunities with learning platforms such as: Linux Academy, O’Reilly, Pluralsight, Microsoft Learning, Civil Service Learning, GDS Academy, etc.
- 10% dedicated time to learning and development with a budget of £1000 a year per person
- Generous civil service pension based on defined benefit scheme, with employer contributions of 26-30% depending on salary.
- 25 days leave (plus bank holidays) and 1 privilege day usually taken around the Queens’ birthday. 5 additional days of leave once you have reached 5 years of service.
- Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
- Wellbeing support including access to the Calm app.
- Nurturing professional and interpersonal networks including those for Careers & Childcare, Gender Equality, PROUD and SPIRIT
- Bike loans up to £2500 and secure bike parking (subject to availability and location)
- Season ticket loans, childcare vouchers and eye-care vouchers.
- 5 days volunteering paid leave.
- Free membership to BCS, the Chartered Institute for IT.
- Some offices may have a subsidised onsite Gym.
- Technical requirements (Deep knowledge of at least three of the following) Tenable.io/Rapid 7, Microsoft Cloud Security Technologies, Palo Alto Prisma Cloud Security, Microsoft SCCM, Microsoft Office 365 E5
- Minimum 2 years’ experience in a similar managerial role
- Excellent stakeholder management skills, informed by political and business awareness.
- Successful management of complex matrix and multi-supplier environments.
- Excellent influencing, relationship and conflict resolution skills.
- Establishing official and operative goals for the organisation/units and to establish a system of measuring effectiveness of goal attainment.
- Establishing and monitoring procedures to control and regulate employee tasks and activities as well as one’s own tasks and responsibilities.
- Security clearance SC or eligibility to be security cleared required
- Preferable ITIL qualification
- A broad background in information security with experience in security operations, vulnerabilities and exploitation, network security, and cloud security
- Related cybersecurity architecture, engineering, and/or SOC work experience (monitoring, detection, incident response, forensics)
We welcome the unique contribution diverse applicants bring and do not discriminate on the basis of culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.
Our values are Purpose, Humanity, Openness and Together. Find out more here about how we celebrate diversity and an inclusive culture in our workplace.
How to Apply
Candidates must submit a CV and statement of suitability (500 words) which describes how you meet the requirements set out in the Person Specification above.
In D&T, we recruit using a combination of the Digital, Data and Technology CapabilityandSuccess Profiles Frameworks. We will assess your Experience, Technical Skills and the following Behaviours during the assessment process:
- Making effective decisions
- Changing and improving
- Delivering at pace
- Seeing the bigger picture
Your application will be reviewed and sifted against the Person Specification above by a diverse panel.
Successful candidates who meet the required standard will then be invited to a 1-hour panel interview held via video conference.
Should we receive a high volume of applications, a pre-sift based on your number of Essential Technical Requirements will be conducted prior to the sift.
Please review the following Terms & Conditions which set out the way we recruit and provide further information related to the role.
If you have any questions please feel free to contact firstname.lastname@example.org