Security Operations Centre Incident Responder / Senior Analyst – Level 3 in Exeter

We’re looking for an exceptional Security Operations Centre Incident Responder / Senior Analyst – Level 3 to help us make a difference to our planet. The job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work. Our opportunity is full time, 37 hours per week. Our people are at the heart of what we do, and we’ll do our best to agree a working pattern that works for everyone.

World changing work: From science to technology, from meteorology to management, and from planning to communication, our expertise helps us stand out as the authority on weather accuracy and climate prediction. We help individuals, industries and government to make better decisions to stay safe and thrive.

Your world of expertise: As our Security Operations Centre Incident Responder / Senior Analyst – Level 3 you won’t just respond to alerts, you’ll lead the defence of the organisation at the highest technical level. You will be the final escalation point for complex cyber threats, trusted to investigate sophisticated attacks, uncover hidden adversary behaviour, and drive rapid, effective response. From identity-based attacks and advanced persistent threats to insider risks, you’ll be working on the incidents that truly matter.

• Act as the final escalation point for complex, high-severity, and major security incidents.
• Lead end-to-end incident response activities including triage, containment, eradication, and recovery.
• Perform advanced threat analysis, including malware analysis and attacker techniques.
• Conduct digital forensics across endpoints, networks, and cloud environments.
• Lead threat hunting activities using intelligence, hypotheses, and behavioural analytics.

We operate an on‑call roster in Technology to provide 24/7/365 support to respond to operational service requirements. This post may be part of an on‑call roster and the postholder would be required to participate in an on‑call roster where in operation.

Essential Criteria, skills and experience:

• An extensive knowledge of Cyber Security Incident response principles and practices within a Security Operations Centre environment.
• Degree in Cyber Security, Information Technology, or equivalent experience.
• Ideally with advanced industry certifications such as: GIAC Certified Incident Handler (GCIH) & or GIAC Certified Forensic Analyst (GCFA).
• Strong understanding of network security, including packet analysis and intrusion detection including NDR tooling, and advanced knowledge of SIEM platforms (e.g., Microsoft Sentinel) along with deep expertise with EDR technologies (e.g., Microsoft Defender for Endpoint).
• Deep knowledge of operating systems (Windows, Linux) and system internals along with cloud security (Azure, AWS,) and hybrid environments.
• Experience with digital forensics and incident response (DFIR) tools and methodologies, and experience with scripting and automation (PowerShell, Python).
• Provide technical leadership and mentoring to Level 1 and Level 2 analysts.

How to apply: If you share our values, we’d love to hear from you! Click apply to begin your application. Please complete your career history and provide evidence against each of the essential criteria in the supporting statement questionnaire. We recommend candidates use the CARL method (Context, Action, Result and Learning) for presenting evidence of experience and skills. Closing date 15/03/2026 at 23:59 with first stage interviews commencing from 23/03/2026.

We understand that great minds don’t always think alike and as an equal opportunities employer we welcome applications from those with all protected characteristics. We recruit on merit, fairness, and open competition in line with the Civil Service Code.

We require Security clearance, for which you need to have resided in the UK for at least 3 of the last 5 years to be eligible, 2 of these years must be immediately preceding the point of your application. You will need to achieve full security clearance within your first 6 months with us.