Cyber Analyst in Cyber Defence Centre in Leeds

Work for an organisation steeped in history with a front row seat for the digitalisation of the financial sector, and the rise of Fintech and Regtech. A core organisational strength, with our people at our centre, Technology enables the Bank of England to deliver its mission by providing a hugely diverse set of technical solutions and platforms. From supporting critical systems which underpin the UK economy, to evolving data analytics, reinventing our online presence, and introducing a fully digital workplace. Be part of a team that’s constantly evolving, just like our industry. We take pride in our people, with backgrounds and experiences as diverse as the solutions they provide. You’ll enjoy flexible working opportunities, a sense of community and well-being, and a collective mission to promote the good of the people of the UK. All of which add up to make the Bank a hugely rewarding place to work.

Department overview: Within Cyber Security you will be working with people who are passionate about protecting the security and stability of our Technology estate. Whether it is identifying threats, uncovering vulnerabilities or ensuring robust and resilient infrastructure, you’ll be working at the cutting edge in a security-centric organisation. You’ll focus on ensuring security by design, and ensuring we have safe, stable and resilient systems. Collaborating closely with colleagues across Technology and throughout the organisation you will help the division safeguard critical systems and information. Our award-winning specialist teams are committed to developing their expertise in a constantly evolving environment. Aligned to industry best-practice, staff are encouraged to develop their skills both internally and externally, through mentoring, training and formal qualifications.

The Cyber Defence Centre (CDC) is responsible for detecting and responding to cyber-attacks against the Bank of England. The CDC is made up of four key domains: Capability, Threat, Detection Engineering and Defence Operations. Reporting to the Cyber Defence Operations Lead in the Cyber Defence Operations (CDO) function, the successful candidate will take part in the operations rota ensuring security alerts are thoroughly investigated, escalated appropriately and take part in subsequent Cyber Security incident response activities as part of the wider Cyber Security incident response team where required. When not responding to security alerts or incidents, as part of the CDO function, the role holder will be expected to proactively seek opportunities to improve the team’s operational capability for both detection and response processes through a greater use of automation. The role will require close collaboration across all of the CDC’s core functions and has varied and challenging day-to-day responsibilities, as well as exposure to a range of cutting-edge technology in cyber security, data analytics and cyber threat intelligence.

Key Experience / Skills:

• Good understanding of best practice security incident response concepts and approaches
• Practical experience in technical cyber security incident response methodologies
• Excellent written and verbal communication skills
• Ability to convey complex information in a clear and concise manner
• Ability and willingness to learn new technical cyber security skills
• Knowledge of computer network fundamentals, including network protocols and infrastructure (packet capture analysis, firewalls, web proxies, DNS etc.)
• Logical mind-set
• Experience working in Security Operations Centre
• Experience developing and documenting incident response processes and designing IR playbooks
• GCIH or similar qualification in Security Incident response
• The ability to acquire DV clearance (To be eligible to apply you must be a British citizen (either born here or naturalised) and one of your parents must be a British citizen or have substantial ties to the UK)
• Understanding of common cyber threats and attacker tactics, techniques and procedures and an ability to identify appropriate mitigation strategies
• Experience using automation or SOAR platforms
• Knowledge of incident response principles
• Experience using MITRE ATT&CK
• Experience using Splunk
• Experience using an intelligence platform
• Software development, scripting or programming skills

The Bank values diversity and inclusion, and we want to reflect the society we serve better, we want the best people to work for us and we want our workplace to be inclusive. We value all forms of diversity, including but not limited to age, disability, ethnicity, gender, gender identity, race, religion and sexual orientation. One way we support diversity and inclusion is through our staff-run networks. We are fully committed to having a diverse and inclusive working environment, and are open to considering how the role might be carried out with flexible working. This role is therefore open to job shares, flexible and part-time working patterns. As part of our commitment to expand our presence across the UK, this role can be based in either our London or Leeds office. Should you wish to work from one of our hubs (Cardiff/Newcastle/Gibraltar/Belfast) you will need to confirm that this is possible with the hiring manager before applying. Where a role can be carried out from home, we are working towards colleagues spending at least half of their time in the office, so that we can all benefit from working together in person, while maintaining the flexibility offered by home working. We expect colleagues to spend a minimum of 40% of their working time in the office per month. Subject to that minimum requirement, individuals and managers should work together to find what works best for them and their team. We are also committed to making adjustments for candidates and employees where possible and have partnered with external expert organisations to support us in this. We are a member of the Disability Confident Scheme.

For further information or an informal discussion on the role, please contact Nicolette Usher or Jane Laughton. This role closes on 27th January at 11.59pm.