Location
About the job
Job summary
You will respond to developing fraud threats and security breaches against the Departments IT systems, triaging, and progressing potential cases of malicious activity. Using analytical tools and root-cause analysis techniques, you will operate in a dynamic environment at the forefront of the Department’s cyber protection capability, providing analysis of alerts. The Cybercrime (Internal) Alert Analyst is a critical and emerging role, and you will be joining a team that is rapidly developing new skills and using the latest analytical tools to analyse the Department’s data.
CRC provides support 24 hours a day, 7 days a week and as a result job holders may potentially be expected to work as part of an on-call rota, which may also attract occasional out of hours working. Work may involve travel to different DWP sites and Government agencies and occasional overnight stays.
Successful candidates at interview must be willing to undertake security vetting to Security Check (SC) level and achieve this before taking up duty.
For jobs located in Wales the ability to speak Welsh is desirable.
Job description
You will respond to developing fraud threats and security breaches against the Departments IT systems, triaging, and progressing potential cases of malicious activity. Using analytical tools and root-cause analysis techniques, you will operate in a dynamic environment at the forefront of the Department’s cyber protection capability, providing analysis of alerts. The Cybercrime (Internal) Alert Analyst is a critical and emerging role, and you will be joining a team that is rapidly developing new skills and using the latest analytical tools to analyse the Department’s data.
Responsibilities
As a Cybercrime (Internal) Alert Analyst you will:
- Interpret reports and dashboards and respond timeously to alerts generated by the latest analytical tools and capabilities operating across data within DWP systems.
- Using a range of data and system access to triage and respond to alerts that identify anomalies indicating internal abuse across the DWP estate, by staff with access to system and data.
- Use your knowledge of benefit systems and fraud and security vulnerabilities to ensure an effective response to alerts as they are generated and progress cases of malicious activity or abuse with expert domains.
- Develop close working relationships with CRC analytical colleagues to ensure rules and alerts delivered to operations are regularly reviewed and optimised to achieve high quality outcomes.
- Work closely with the senior Threat Detection analysts to use field-level insight in identifying new and emerging threats.
- Use your knowledge of benefit systems and processes to support the full assessment of emerging threats in terms of their potential impact.
- At all times ensure data is collected and processed and analysed in line with all DWP and legislative requirements.
- Understanding of personal data protection, the Department’s responsibility to protect the citizen data it holds, and ensure data held by CRC is stored and used appropriately and legally.
Person specification
Candidates will be required to undertake SIEM tool training if not already held.
Essential Criteria
The following ESSENTIAL criteria will be used in the sift and successful candidates will be expected to demonstrate these:
- (LEAD CRITERIA) Recent experience of working in a Counter-fraud, security or intelligence environment, with knowledge of means-tested benefits in particular digital services.
- Understanding of how benefit systems can be maliciously exploited internally and externally.
- Aptitude for analytical work including the application of business logic/root cause analysis to emerging threats or will have previous experience of identifying security or fraud compromises within large data sets.
- Experience of performing under pressure and delivering to deadlines, whilst paying close attention to detail.
Behaviours
We’ll assess you against these behaviours during the selection process:
- Making Effective Decisions
- Communicating and Influencing
- Working Together
Technical skills
We’ll assess you against these technical skills during the selection process:
- GSCU1 Strategy, Systems & Culture – Level 2: Understands role as part of a system of teams, departments and organisations that make up government. Understands how their team interacts with other teams and departments and opportunities to collaborate to de
- Secure Operations Management – Awareness: Describes the basic principles of secure operations management. Follows documented principles and guidelines for secure operations management activities. Implements secure operations management processes and proce
- Intrusion Detection & Analysis – Working: Understands and explains the basic principles of monitoring network and system activity to identify potential intrusion or other anomalous behaviour. Uses information provided from various sources to identify, ana
Benefits
- Learning and development tailored to your role
- An environment with flexible working options
- A culture encouraging inclusion and diversity
- A Civil Service pension with an average employer contribution of 27%
- Hybrid working This job role may be suitable for hybrid working, which is where an employee works part of the week in their DWP office and part of the week from home. This is a voluntary, non-contractual arrangement and your office will be your contractual place of work. The number of days that anyone will be able to work at home will be determined primarily by business need, but personal circumstances and other relevant circumstances. If you are successful, any opportunities for hybrid working, including whether a hybrid working arrangement is suitable for you, will be discussed with you prior to you taking up your post.