NCSC Host Based Capability (HBC) Senior Analyst Ref. 2840

Mind Achieving Impact AwardSocial Mobility Foundation AwardThe Times Top 100Disability confident leaderThe Prince's Responsible Business

£36,836 plus an annual National Security Payment of £2,330 subject to mandatory training

At GCHQ, we unlock the complex world of data and communications to keep the UK and its citizens safe, both in the real world and online. Working closely with our British Intelligence partners in MI5 and MI6, we protect the UK from threats including serious organised crime, terrorism, and cyber-attacks. A role in GCHQ means you’ll have varied and fascinating work in a supportive and encouraging environment that puts the emphasis on teamwork.

The National Cyber Security Centre (NCSC), part of GCHQ, is the UK Government’s lead authority on cyber security. The organisation is at the heart of the Government’s cyber security strategy and has the aim of making the UK the safest place to live and work online.   

The NCSC’s Host Based Capability (HBC) is a primary way of detecting cyber-attacks and threats to Central UK Government and Critical National Infrastructure, in the Active Cyber Defence mission. 

Deployed to ~400k endpoints across ~35 departments, HBC is recruiting for a Senior Analyst, working with the team to conduct investigations into the key cyber threats that impact the security of the UK.

You’ll be getting hands-on with some of our more complex end point analysis, and will be directly supporting others with their investigations, using world-leading capabilities such as our Host Analysis Cluster, and all other NCSC capabilities.

Your work will change as the threat landscape does, and you will get to work across some of the most interesting and wide-ranging topics. As such we are looking for someone with technical expertise, who can develop, adapt, and apply their knowledge across a wider range of investigative problems to deliver impact and protect the UK.

Job Description

What will the successful candidate be doing?

The successful candidate would:

•    Nurture a diverse and inclusive environment, and be an advocate for positive, innovative ideas within their team.
•    Work with the Team Lead and Technical Director to provide technical direction within their team, applying and sharing their expertise to overcome obstacles and progress our investigations.
•    Champion the use of a wide range of data sources and tools to contribute to the knowledge of the cyber security community, improving our ability to protect against the threat.
•    Identify and develop the opportunities and tradecraft needed to tackle difficult threats impacting UK cyber security, including identifying and supporting counter opportunities and operations.
•    Support positive relationships with the broader cyber security community, including industry, government and international partners.
•    Be willing to continually grow the necessary skills in themselves and others, across their team and the wider community.

Key Responsibilities

•    Responsible for investigating threat to networks of national significance to the UK.
•    Maintains visibility of the work of analysts within their team, providing technical direction and advice when needed.
•    Be a technical expert in the field of Host Based Intrusion Detection and Analysis and drive others to develop their expertise.
•    Collaborate with Team Leads and the Intrusion Detection and Analysis (ID&A) skill mentoring community to develop the ID&A skill of others within their team to highlight opportunities that would enable aligning work packages with analyst continuous skills development.
•    Collaborates with and drives the wider GCHQ, industry, and allied analysis communities (both internationally and domestic).
•    Responsible for developing and maintaining complex analytic tradecraft, including signatures and workflows to understand our adversaries and mentoring others in their development of tradecraft.
•    Responsible for providing cyber threat intelligence.
•    Responsible for generating ideas and leading others in their analysis to mitigate and reduce the threat, identify and support counter operations.
•    Responsible for leading the technical ideation for developing counter operations and mitigating the threat.
•    Ensure that your work and that of the team is properly recorded in corporate tooling to enable clarity, resilience and collaboration.
•    Be a leader in automating analysis and supporting others in automating analysis, where possible and appropriate.
•    Contribute to the wider NCSC Senior Analyst community.

Person Specification

The successful applicant will need to:

•    Hold a valid DV clearance to apply.
•    Be a technical expert in the field of Host Based Intrusion Detection and Analysis or similar field.
•    Have experience using programming languages such as SQL and Python for data analysis and automation and familiarity of Apache Spark as an analytic engine.
•    Have good teamwork & leadership skills.
•    Have strong communication and customer facing skills.
•    Have a good understanding of the cyber threat landscape.

GCHQ Competency Requirements

•    Communication and Knowledge sharing - Intermediate
•    Corporate Vision and Efficiency - Intermediate
•    Change and Innovation - Intermediate
•    Analysis and Decision Making - Higher
•    Contribution to Delivery - Intermediate
•    Managing the Customer Relationship - Intermediate
•    Working with and Leading Others - Higher

You can familiarise yourself with the general competencies we use to assess the aptitude of candidates here - Recruitment Process

Benefits we offer

At NCSC and GCHQ, we are proud of our inclusive and supportive working environment that’s designed to encourage open minds and attitudes.  As an organisation that values and nurtures talent, we are committed to helping you fulfil your potential.  With comprehensive training and development opportunities, tailored to your needs and the requirements of your work, we will enable you to flourish in your role and perform to the very best of your abilities.

You’ll receive a starting salary of £36,836 plus an annual National Security Payment of £2,330 subject to mandatory training.

Other benefits:

•    25 Days Annual Leave automatically rising to 30 days after 5 years' service, and an additional 10.5 days public and privilege holidays
•    An environment with flexible working options
•    Opportunities to be recognised through our employee performance scheme.
•    Interest-free season ticket loan
•    Cycle to work scheme
•    Facilities such as a gym, restaurant and on-site coffee bars (at some locations)
•    Paid parental and adoption leave.
•    A Civil Service pension with an average employer contribution of 27%

Selection Process

Before You Apply

To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here

This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes.You can find out more about the vetting process here. You will need to already hold a valid DV clearance to apply.

Please note we have a strict drugs policy, so once you start your application, you can’t take any recreational drugs and you’ll need to declare your previous drug usage at the relevant stage.

The role is based in Cheltenham so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs.

Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member.

What to Expect

Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:

You will be asked to provide evidence that you meet the following competencies:

  • Meeting the Working with and Leading Others competency at higher
  • Meeting the Analysis and Decision-Making competency at higher.

•    Application sift
•    Interview
•    If successful, you will receive a conditional offer of employment subject to vetting checks.

Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 - 9 months to process including vetting, so we advise you to continue any current employment until you have received your final job offer.

We’re Disability Confident

GCHQ are proud to have achieved Leader status within the DWP’s Disability Confident scheme.  This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people.  Being Disability Confident, we aim to offer a person-to-person interview to any candidate who self-identifies as disabled and meets the essential criteria for the role.  This is our ‘Offer of Interview’ (OOI). To secure an interview for this vacancy, the essential criteria (in order of application process) are:

•    Meeting the Working with and Leading Others competency at higher 
•    Meeting the Analysis and Decision-Making competency at higher

Equal Opportunities

At GCHQ diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds.

Find out more about our culture, working environment and diversity on our website:

Our Vetting

To work in this role, you will need the highest security clearance, known as Developed Vetting (DV). All applicants for DV are treated impartially and consistently, irrespective of gender, race, disability, religion, age, sexual orientation, and other protected characteristics.

The closing date for this role is: 11:55pm Monday 10th April 2023.

Right to Withdraw Statement: 

Please be aware that we withhold the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment.

This Program / Vacancy is closed to applications.