Security Operations Centre Incident Responder / Senior Analyst - Level 3

We are looking for an exceptional Security Operations Centre Incident Responder / Senior Analyst - Level 3 to help us make a difference to our planet. The job may be suitable for hybrid working, which is where an employee works part of the week in the office and part of the week from home. This is a voluntary, non-contractual arrangement and the location advertised will be your contractual place of work. Our opportunity is full time, 37 hours per week. Our people are at the heart of what we do, and we will do our best to agree a working pattern that works for everyone.

Your world of expertise:

• Act as the final escalation point for complex, high-severity, and major security incidents.
• Lead end-to-end incident response activities including triage, containment, eradication, and recovery.
• Perform advanced threat analysis, including malware analysis and attacker techniques.
• Conduct digital forensics across endpoints, networks, and cloud environments.
• Lead threat hunting activities using intelligence, hypotheses, and behavioural analytics.

We operate an on-call roster in Technology to provide 24/7/365 support to respond to operational service requirements. This post may be part of an on-call roster and the postholder would be required to participate in an on-call roster where in operation.

Essential Criteria, skills and experience:

• An extensive knowledge of Cyber Security Incident response principles and practices within a Security Operations Centre environment.
• Degree in Cyber Security, Information Technology, or equivalent experience.
• Ideally with advanced industry certifications such as: GIAC Certified Incident Handler (GCIH) & or GIAC Certified Forensic Analyst (GCFA).
• Strong understanding of network security, including packet analysis and intrusion detection including NDR tooling, and advanced knowledge of SIEM platforms (e.g., Microsoft Sentinel) along with deep expertise with EDR technologies (e.g., Microsoft Defender for Endpoint).
• Act as the technical lead during major incidents, liaising with senior stakeholders and maintain strict confidentiality and integrity of sensitive information.
• Deep knowledge of operating systems (Windows, Linux) and system internals along with cloud security (Azure, AWS,) and hybrid environments.
• Experience with digital forensics and incident response (DFIR) tools and methodologies, and experience with scripting and automation (PowerShell, Python).
• Provide technical leadership and mentoring to Level 1 and Level 2 analysts.
• Review and validate incident investigations and response actions and lead knowledge sharing sessions and training initiatives.

How to apply:

If you share our values, we would love to hear from you! Click apply to begin your application. Please complete your career history and provide evidence against each of the essential criteria in the supporting statement questionnaire. We recommend candidates use the CARL method (Context, Action, Result and Learning) for presenting evidence of experience and skills.

Closing date 15/03/2026 at 23:59 with first stage interviews commencing from 23/03/2026. You will hear from us once the closing date has passed.

Using AI in your application:

We welcome applications that use AI tools for support in drafting or refining, as long as they accurately reflect your own skills and experience. All hiring decisions at the Met Office are made by people, not AI.

For more details, visit our approach to recruitment.

How we can help:

If you have any questions or would like to discuss this opportunity further, please contact us. If you are considering applying and need support to do so, please get in touch. You can request adjustments either within your application or by contacting us.

Should you be offered an interview, please be aware there may be a selection exercise which could include a presentation, written test or a scenario-based activity. You can select in your application to be considered under the Disability Confident Scheme. To be invited to interview/assessment under this scheme, your application must meet the essential criteria for the role.

We understand that great minds don’t always think alike and as an equal opportunities employer we welcome applications from those with all protected characteristics. We recruit on merit, fairness, and open competition in line with the Civil Service Code.

We can only accept applications from those eligible to live and work in the UK - please refer to GOV.UK for information. We require Security clearance, for which you need to have resided in the UK for at least 3 of the last 5 years to be eligible, 2 of these years must be immediately preceding the point of your application. You will need to achieve full security clearance within your first 6 months with us.