Vacancy -- Senior Cyber Security Analyst

Recruitment Principles

The Welsh Government's recruitment processes are underpinned by the principle of selection for appointment on merit on the basis of fair and open competition as outlined in the Civil Service Commission’s Recruitment Principles.

Vacancy Details

Permanent Secretary's Group
DDaT - IT Services
SEO - £40,100 - £47,470
Up to £43,760
Full time (applications are welcome from people who work part time, as part of a job share or who work full time)
Pan Wales
'Pan Wales' means that the location in which the vacancy can be based is flexible, subject to the needs of the business. Please note it may not always be possible to accommodate a preference for a specific office location, but requests will be taken into consideration.
w/c 25th October

Purpose of Post:

The Welsh Government has made significant improvements to its IT technology over the last few years and is considered to be one of the leading UK public sector organisations in terms of Digital and IT capability.  WG has recently completed a number of ICT projects such as the move to Exchange 365, the transition away from the Government Secure Intranet (GSI) email, the rollout of new laptops to all WG staff (enabling flexible working) and the completion of a major application migration to Microsoft Azure.  This has been captured in a GDS case study on best practice examples of Cloud migration (see

Cyber Security is an exciting, evolving profession within IT and is growing four times faster than any other sector.  Cyber Security professionals are vital to help develop new ways to combat cyber threats and are the main line of defense against spamming, phishing, malware, viruses and other information security threats.  As cyber-attacks have increased, so has the demand for professionals who are trained to stop such attacks.

The IT Services Division is therefore delighted to be growing the Cyber Security presence within Welsh Government and as such is looking for a Senior Cyber Security Analyst to take overall leadership of the expanding team.  This is an exciting opportunity for a highly organised, motivated individual to take overall responsibility for the protection, detection and response and recovery of Welsh Government IT systems against cyber security threats and attacks.

Key tasks:

As the Senior Cyber Security Analyst, you will:

·         Have overall responsibility for the delivery of operational security services including technical protective monitoring, security change control, vulnerability scanning and similar functions.

·         Own the risk management strategy for cyber security, from technical controls to policy.

·         Ensure security tools and technology are maintained and developed as required to deal with the latest cyber security threats.

·         Continuously monitor internal and external cyber security policy compliance.

·         Maintain an effective approach for the reporting and management of security incidents.

·         Lead in the horizon scanning to ensure that policy, direction, and advice keeps abreast of new technology, opportunities and new and evolving security threats.

·         Implement new technology as required including the evaluation and implementation of any controls that might mitigate the risk of its operation.

·         Conduct continuous assessments of cyber security policies, practices and systems ensuring they are fit for purpose and identifying areas for improvement.

·         Ensure cyber security stays on the organisational radar by making the benefits clearly visibly and championing all efforts moving forward.

·         Lead the creation and implementation of the cyber security incident response plan for WG.


Development opportunities:

The Senior Cyber Security Analyst role is part of the Digital Data and Technology (DDaT) Profession in Welsh Government (WG).  This is a growing profession within Welsh Government and you will have the opportunity to be part of the community and to develop the role of that community within WG. 

The post offers significant opportunities to work with stakeholders and security experts within and outside of WG.  The global cyber threat continues to evolve at a rapid pace so continuous learning and development will be key to ensuring that the cyber team continue to protect and defend WG IT systems effectively.

Closing Date:

01/10/2021, 23:55

Equality and Diversity

We are committed to supporting the principle that everybody should have the same opportunities for employment, development and progression. This should be based on their ability, competence and suitability for the role. This means that no applicant should receive less favourable treatment on grounds of their ethnicity, gender, sexual orientation, age, marital status, disability, religion, transgender status, family or domestic responsibilities, or working patterns. Also nobody should be disadvantaged by any specific conditions or requirements, unless it can be justified that these could affect their ability to undertake the role.

We are committed to recruiting Black, Asian and Minority Ethnic people and disabled people who are currently under-represented in the Welsh Government.

Disability Confident

Welsh Government accepts the social definition of disability, in which it is recognised that barriers in society act to disable people who have impairments or health conditions or who use British Sign Language. We are committed to removing barriers so that all (or potential new staff) can perform at their best. The Equality Act 2010 uses the medical definition of disability (“a physical or mental impairment which has a substantial and long-term impact on a person’s ability to carry out normal day to day activities”).

We guarantee to interview anyone who is disabled whose application meets the minimum criteria for the post. By ‘minimum criteria’ we mean that you must provide us with evidence in your application which demonstrates that you generally meet the level of competence for the role and any qualifications, skills or experience defined as essential. We are committed to the employment and career development of disabled people.

If you have an impairment or health condition, or use British Sign Language and need to discuss reasonable adjustments for any part of this recruitment process, or wish to discuss how we will support you if you were to be successful, please email as soon as possible and a member of the team will contact you to discuss your requirements and any questions you may have.

A Great Place to Work for Veterans

This vacancy is part of the Great Place to Work for Veterans initiative.

Welsh Language Requirements

The Welsh Government is a bilingual organisation and Welsh language skills are considered an asset to the organisation. We encourage and support staff to learn, develop and use their Welsh language skills in the workplace. 

The following list of language requirements represents an objective assessment by the line manager on behalf of the Welsh Government of the Welsh language skills required to undertake the duties of this particular post.

Not necessary to undertake the duties of this post

Social Partnership

In Welsh Government, the relationship between the employer and trade unions is based on social partnership. We believe our goals can best be achieved by management and trade unions working together.

Our 3 recognised trade unions are:
•         PCS
•         Prospect
•         FDA

This relationship is underpinned by a partnership agreement. This sets out how our unions work with Welsh Government on issues such as:
•         pay
•         terms and conditions
•         policies and procedures
•         organisational change.

Our Welsh Government trade union colleagues work together to give their members a real say in the workplace. They make sure that the interests of their members are promoted and protected. They also help reduce inequalities and improve terms and conditions.

The Welsh Government has an excellent track record of working in partnership with its trade unions. We encourage staff to get involved. We support you to join a recognised trade union, to ensure your voice is heard in the workplace. and to learn more about trade unions and partnership working.

Competencies / Job Specific Criteria

The following job specifics skills are also ESSENTIAL for this role.  Please ensure you attach a CV which demonstrates your ability in relation to these skills.

  • In order for applicants to be considered for this role, they must hold an industry recognised Cyber specific certification such as SSCP (Systems Security Certified Practitioner) and be degree qualified in a relevant area of technology such as Computer Science, Software Engineering or have equivalent experience. Please ensure your CV evidences your certification and degree/equivalent experience.
  • Experience of managing security mechanisms and/or a background in system administration.
  • Knowledge and understanding of security concepts and controls, standards and best practice.
  • Knowledge and understanding of Microsoft operating systems and hardening approaches and good working knowledge of Microsoft office tools and applications.

    Assessment Process

    Throughout the entire assessment process, candidates will be assessed against Behaviours from the Civil Service Success Profile and the Digital Data and Technology (DDaT) capability framework. Please ignore any references you might see relating to competencies within our application system. You can find out more about Success Profiles and the DDaT Capability Framework here: Success Profiles, DDaT Capability Framework.

    Leadership, Seeing the Big Picture, Communicating & Influencing, Developing Self and Others, Analysis and Specific Security Technology & Understanding.

    Your application will be assessed in three stages:

    1) Sift Stage

    As part of your application you will be asked to upload a copy of your CV. This should be no more than 2 sides of A4. Anything above 2 sides of A4 will be discounted and will not be considered as part of the sift. Please remove from your CV your name and address to support us in undertaking a “name free” sift.

    • An initial sift will be carried out against your CV and the first essential job specific skill – evidence of Cyber certification and degree/equivalent experience in a relevant area of technology.
    • The remaining three job specific skills will be evaluated against CVs that have passed the initial sift.

     2) Technical Exercise Stage

    Candidates who have passed the sift stage will be invited to participate in a Technical Exercise (remote video session with Technical Panel).

    3) Interview Stage

    Candidates who have passed the Technical Exercise will be invited to participate in an Interview (remote video session with Interview Panel).

    Further information about stages 2 and 3 will be provided following the sift stage.

    Other Information

    Philip Anderton - 03000 625643

    How to apply

    All applications for this vacancy should be made online via the Welsh Government's online application system.  If you have an impairment which would prevent you from applying on-line, please e-mail to request an application pack in an alternative format, or to request a reasonable adjustment related to an impairment in order to submit your application.

    To apply, you'll need to have an account on our online application system.  Click the 'Apply' button below, and you'll be asked to 'Log in' if you already have an account, or 'Register' if you don't yet have an account.  Registration takes just a few minutes to complete.  You'll need an e-mail address to be able to register.  Once you've registered for an account and logged in, you'll be taken to the online application form, which you'll need to fully complete and submit before the deadline on the closing date.  

    If you’d like to apply for this vacancy in Welsh, please use the ‘Newid Iaith / Change Language’ link at the top of this page, to take you to the Welsh version of this advert, from which you can apply in Welsh.

    For further information regarding the Welsh Government recruitment process, please see the Recruitment Guidance for External Candidates (link).

    When evidencing your suitability for the post, it is recommended that you refer to the Civil Service Competency Framework (link)

    This vacancy is closed to applications.