Cyber Security Analyst
Role details
Job location
Tech stack
Job description
Flexible working: We support flexible working arrangements, such as part-time and compressed hours, as well as flexible start and finish times. Because of the role's responsibilities, most work is carried out on site. Opportunities for homeworking may be available but will depend on operational requirements and cannot be guaranteed., As a Cyber Security Analyst within GCHQ's Cyber Security Incident Response Team (CSIRT), you focus on protecting critical systems from a wide range of cyber threats, including malware, insider threats, denial-of-service attacks, and phishing activity. Your work plays a key role in safeguarding GCHQ's networks and data in a high-stakes, security-focused environment.
Each day starts with a review of alerts and overnight activity, prioritising incidents based on severity and potential impact. Key findings are shared in the daily CSIRT meeting, where the team aligns on ongoing investigations and sets priorities. Attention then turns to analysing high-priority alerts, working through logs, network traffic, and endpoint data using tools such as Splunk.
Working closely with colleagues across IT and security teams, you'll gather information and mitigate emerging threats. Alongside your core investigative work, responsibilities include monitoring security alarms, creating new detection content, and using threat intelligence to strengthen defences. The role also involves building automations to improve Security Operations Centre (SOC) efficiency, responding to security breaches, and providing specialist support in digital forensics, including assistance with HR casework.
Most work sits within team delivery objectives, with scope to take on individual projects, if you want to explore a particular area further., * Able to demonstrate experience of working as a Cyber Security/Security Operations Centre Analyst
Requirements
Do you have experience in Splunk?, You're a problem-solver with a natural curiosity about how systems work, how they can be protected, and a genuine enthusiasm for developing your skills. You can demonstrate experience in at least one core cyber security discipline, such as malware analysis, intrusion detection, security monitoring, or incident response, ideally gained within a Security Operations Centre (SOC) environment.
A solid understanding of Windows and Linux internals is expected. Broader IT experience is advantageous, including exposure to cloud technologies like AWS or Azure, alongside a motivation to continue developing your technical expertise., When you join GCHQ, you'll receive an organisational induction along with support from a buddy to help you settle in. Development in this role is a mix of on-the-job learning and formal training. Skills are developed through experience, working alongside colleagues on real incidents and supported by a range of internal and external training opportunities., * Able to demonstrate experience working in at least one of the following fields: malware analysis, intrusion detection, monitoring & incident response
Benefits & conditions
Pulled from the full job description
- Annual leave
- Company pension
- On-site gym
- Cycle to work scheme
- Season ticket loan
- Flexible schedule, Salary: £37,892, including a £2,758 concessionary payment. After 6 to 13 months, you may be eligible for a non-pensionable skills payment of £7,247 or £15,757, subject to assessment and reviewed every three years., You'll receive a starting salary of £37,892 plus other benefits including:
- 25 days' annual leave, rising to 30 days after 5 years' service, and an additional 10.5 days of public and privilege holidays
- opportunities to be recognised through our employee performance scheme
- an interest-free season ticket loan
- a cycle to work scheme
- facilities such as a gym, restaurant, and on-site coffee bars; availability varies by location
- paid parental and adoption leave
- an excellent pension scheme, Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:
- An initial online application form including pre-screening questions to ensure you meet our eligibility criteria
- Online Situational Judgement Test (SJT) in which you rate the appropriateness of responses to a series of short scenarios
- Application form, looking at your motivation for the role and the organisation
- Online test, examining your responses to different situations typical to the role
- Assessment Centre, including situational role-plays, tasking exercise and interview
- If successful, you will receive a conditional offer of employment
Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise you to continue any current employment until you have received your final job offer.
Before you apply To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here.
This role requires the highest security clearance, known as Developed Vetting (DV). It's something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here.
Please note we have a strict drugs policy, so once you start your application, you can't take any recreational drugs, and you'll need to declare your previous drug usage at the relevant stage.
Before you apply, we recommend setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid having identifying features in your email address, such as your first or surname or date of birth. This is good practice and will help you to manage your application with us more securely.
The role is based in Cheltenham or Manchester, so you'll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs.
We offer reasonable reimbursement of travel costs for candidates attending in-person appointments during the recruitment and vetting process. Full details will be provided with your interview or assessment invitation.
Reimbursement is discretionary and will only be made in line with the Candidate Expenses Policy, as amended from time to time. Candidates must book their own travel, using the most economical option, and provide original hard copy receipts for reimbursement.