Overview:
The Cyber Security Unit
Our mission is to protect the confidentiality, integrity and availability of Scottish Government information and information systems from unauthorised harm or misuse – whether intentional or accidental. These include internal systems used by Ministers and Scottish Government employees as well as public facing services potentially used by millions of people daily.
Working here you’ll be able to make a real difference – helping ensure government services are secure, easier to use, and trusted by users. Our cloud first approach means you can apply and build your expertise in using the latest tools and technologies.
How we work together
Collaboration, sharing knowledge and learning from others is key to our success and something we all value. The wellbeing of our team is paramount, by promoting a healthy work-life balance we are more resilient and able to deliver the service goals we set.
We’re proud of our impact – within Scottish Government, Scotland’s Public Sector and beyond. At Cyber Scotland Week we enjoyed running and contributing to sessions which helped businesses, organisations and people across Scotland become more cyber aware and resilient. We even ran a Cyber Escape room with great feedback from participants who enjoyed learning in an informal, fun way which promoted collaboration.
The Role
As a new role and area of investment this role provides lots of scope for greenfield development of new features, services, and approaches to Cyber Security.
A core focus will be developing automated security solutions ensuring the safety and resilience of cloud and on-premise services for example through efficient, accurate real-time monitoring.- Our tech agnostic approach means you will have the opportunity to develop existing skills and explore new areas.
Collaborating with users to understand their security needs you’ll develop solutions which support a wide range of use cases. In addition, you will play a key role in mentoring and upskilling colleagues on Cyber Security and developing the playbooks which ensure we respond effectively to security events.
Looking back after a successful first we would anticipate you could be proud of migrating a large part of our tool set from on-prem to the cloud, seeing increased use of automation saving colleagues time and improving the resilience, quality, and speed of response to events.
Responsibilities:
How will I spend my time ?
You will be responsible for maintaining and innovating on existing security tools and infrastructure that allow us to detect and mitigate cyber-attacks. This is an excellent opportunity to build on your cyber security experience in a rapidly expanding enterprise environment as it transitions into the cloud.
Main duties include:
Developing existing automation capability and building new integrations-
Security monitoring use case design, implementation, and tuning
-
Building integration between native cloud security tooling and our CSOC security stack
-
Develop and support data pipelines that capture and ship log files and events to the Security Information and Event Management tool
-
Creating and maintaining CSOC incident response playbooks
-
Developing and upskilling existing members of the CSOC team
Competencies
Analysis and Use of Evidence
Communications and Engagement
Self-Awareness
Improving Performance
If invited to any interview or assessment the panel will be looking for evidence of how you meet the above competencies. More details on these are available in the Person Specification – Person Specification
Essential Criteria & Qualifications:
No formal qualifications are required. We’d love you to apply if you meet the following essential criteria. If you’d like to chat before applying please get in touch
1. Demonstrable knowledge of cloud environments and native cloud security tooling in AWS and/or Azure
2. Good scripting experience.
3. A firm understanding of security principles and techniques and a broad knowledge and understanding of cybersecurity
4. The ability to work autonomously and prioritise your workload
This job will require you to hold a National Security Vetting of Security Check (SC). You will be expected to undertake the vetting process once in post. This is a mandatory requirement for this job.
WHAT WE CAN OFFER YOU
A rewarding role where you grow professionally, have a positive impact (potentially on millions) while enjoying a healthy work-life balance.
Remote Working
We operate a flexible location policy, with a named base in Scotland.
Currently the team is working on a remote basis typically spending 1 day a week in the office at Saughton House in Edinburgh. Should you wish to spend more time in the office we will be very happy to support this.
Staff are assigned to the base office, however there may be a need for travel to other Scottish Government offices/other locations depending on assigned work.
Benefits
We provide an attractive package with extensive benefits including: -
-
Salary between £41,642 and £49,860
-
£5000 Digital (DDaT) Pay Supplement after a 3-month qualifying period ***
-
Generous Pension Scheme with employer contributions ranging from 26.6% to 30.3%
-
Flexible working arrangements including compressed hours and flexi time, with potential to accrue up to 4 extra days off a month
-
25 Days Annual Leave (increasing in line with service) plus 11.5 days Public & Privilege holidays
-
Access to a wide range of courses offered by the Scottish Digital Academy, plus opportunities to gain professional memberships and academic qualifications
- Automatic Membership of the Scottish Government DDaT profession and professional development system
Hear from colleagues discussing Digital Careers at Scottish Government.
Click here to learn more about the full range of benefits you could enjoy.
*** Digital (DDaT) Pay Supplement:
This post attracts a £5000 DDAT pay supplement after a 3 months DDaT competency qualifying period. Pay supplements are temporary payments and are subject to regular review.
HOW TO APPLY
The Closing Date for applications is 1st May 2023.
To apply please submit the following using our online application process: -
A CV (no longer than two A4 pages) setting out your career history, with key responsibilities and achievements, with particular reference to the essential criteria-
A Personal Statement (no longer than 750 words) explaining why you consider your personal skills, qualities, and experience suitable for this role, with particular reference to the essential criteria
We are unable to progress applications which fail to provide clear evidence of meeting the essential criteria in their CV and Personal Statement.
DDaT Recruitment - Further Information
DDaT Recruitment Candidate Guide
Diversity and Inclusion
Delivering a successful national service for Scotland is impossible without ensuring we consider the diverse needs, perspectives, and backgrounds of everyone in Scotland in our work.
We welcome applications from candidates of all backgrounds, and work to ensure a positive recruitment experience where everyone is treated fairly, and with respect regardless of the outcome.
It’s not essential to be in a similar role right now. You may be working in another field or returning from a career break - the experiences you have gained through this can bring fresh perspectives to our teams and work.
The Scottish Government is a diverse and inclusive workplace, and we want to help you demonstrate your full potential whatever type of assessment is used. If you require any adjustments to our recruitment process, please let us know via ScottishGovernmentrecruitment@gov.scot
As part of any recruitment process, Scottish Government and associated public bodies collects and processes personal data relating to job applicants and applicants for public appointments.
Personal information you provide in the recruitment process will be made available to Scottish Government and our additional data processors.