Overview

NRS are looking for dynamic individuals to join the Cyber Security Operations Team as a Senior Cyber Security Analyst.

National Records of Scotland (NRS) is the Scottish nation's record keeper and official source of demographic statistics – information about population, households, migration, vital events, life expectancy and electoral statistics and maintains the nation’s records archive as one of Scotland’s five National Collections.

You will be responsible for protecting the confidentiality, integrity, and availability of information and information systems used by the Scottish Government and our partners across government.

You will bring demonstrable experience in SOC management including (but not limited to): vulnerability management, security monitoring and security administration.

DDaT (Digital, Data and Technology) Pay Supplement

This post attracts a £5000 Digital, Data and Technology (DDaT) pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments designed to address recruitment and retention issues caused by market pressures and are subject to regular review.

This post is part of the Scottish Government DDaT profession.

As a member of the profession, you will join the professional development system, currently BCS RoleModelplus.

Responsibilities

• Information Security: Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls. Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems. Investigates suspected attacks and manages security incidents. Uses forensics where appropriate.

• Security Administration: Maintains security administration processes and checks that all requests for support are dealt with according to agreed procedures. Provides guidance in defining access rights and privileges. Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.

• Vulnerability Management: Maintains current knowledge of malware attacks, and other cyber security threats. Assesses and prioritises vulnerabilities using in-depth technical analysis of risks and typical vulnerabilities. Raises requests through incident management system, detailing the vulnerability, assets impacted and required remediation activity. Works with remediation team to understand the priority and required actions, tracking each vulnerability through to remediation. Reports upon success of vulnerability management through the appropriate risk boards. Recommend service improvements to reduce resource overhead, facilitate quicker remediation of vulnerabilities or reduce risk to the organisation.

• Security Monitoring: Monitors the Security Information and Event Management tool for alerts, investigating and resolving or escalating as appropriate. Support in the on-boarding of new systems into the SIEM solution, identify the use case for the logs, appropriate alerts and the playbooks that will be followed to resolve the alert. Recommend service improvements to reduce resource overhead, facilitate quicker remediation of vulnerabilities or reduce risk to the organisation.

• Technical Specialism: Maintains knowledge of specific specialisms, provides detailed advice regarding their application and executes specialised tasks. The specialism can be any area of information or communication technology, technique, method, product or application area.

Competencies : 

Analysis and Use of EvidenceCommunications and EngagementSelf - AwarenessImproving Performance

Essential Criteria & Qualifications

No specific qualifications required for this post.

Essential Criteria : 

1. High level knowledge and understanding of the internal and external cyber security risks to IT systems, services and data storage.

2. Demonstrable experience of working with cyber security technologies such as security monitoring, vulnerability detection, privilege access management, penetration testing, sandboxing etc.

3. Knowledge and understanding of Government and International Security standards, e.g. HMG Security Policy Framework, and ISO 27001 (Information Security Standard). 

4. The ability to analyse, interpret and apply complex technical information.

Additional Information

Provisional Dates :

The sift will be completed 1 week following the closing date with dates for interviews offered approximately 2 weeks after the application closing date.

Minimum Time in Post :

You will be expected to remain in post for a minimum of three years unless successful at gaining promotion to a higher Band or Grade. 

In the event that further posts are required, a reserve list of successful candidates will be kept for up to 12 months. 

Location :

General Register House, 2 Princes Street, Edinburgh EH1 3YY. The post is offered on a hybrid working basis, working between home and our central Edinburgh office.

How to Apply :

For further information on this vacancy please download and review the “Person Specification” which you will find below.

Person Specification Band B

DDaT Recruitment - Further Information

How to apply - digital jobs

To apply, you must fully complete and submit an online application via this website before the closing date as well as a CV (no longer than two pages) setting out your career history, with key responsibilities and achievements. 

In addition to your CV, you should fill in a personal statement (no longer than 750 words) explaining why you consider your personal skills, qualities and experience suitable for this role, with particular reference to the criteria in the person specification.

When considering how your experience relates to the role, please tailor your CV and personal statement to reflect the role and the essential skills/criteria as described in the job description/person specification.

For more information on this post please contact Cameron Webster by email at Cameron.webster@nrscotland.gov.uk

The Scottish Government is a diverse and inclusive workplace and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via ScottishGovernmentrecruitment@gov.scot

As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.

Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.