Above analytics are generated algorithmically based on job titles and may not always be the same as the company's job classification. You can also check detailed occupation eligibility, and salary criteria on our UK Visa Eligible Occupations & Salary Thresholds page.
Disclaimer:Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Office for National Statistics. For the most up-to-date job details, please visit the official website by clicking "Apply Now."
Description
ONS operates a flexible hybrid working model across the UK, with colleagues linked to one of our contractual locations in Newport or Titchfield (Fareham) and working between office and remote throughout the week.
This role is aligned to ONS hybrid working principles, which are based on attending the office with purpose. The postholder will be expected to contribute to the organisation’s overall 40% office attendance, in line with business and role requirements.
The organisation will honour existing agreed attendance flexibilities for internal candidates (including homeworking contracts, workplace adjustments, and greater flexibilities), in line with ONS hybrid working principles and subject to role requirements and business need.
External candidates will be expected to contribute to the 40% office attendance as needed to perform their duties. Occasional travel to other ONS sites is also likely
The induction process for the role will be conducted in person.
Job Summary
The Office for National Statistics (ONS) is the UK’s largest producer of official statistics, covering a range of key economic, social and demographic topics. These include measuring changes in the value of the UK economy, estimating the size, geographic distribution, and characteristics of the population, and providing indicators of price inflation, employment, earnings, crime, and migration.
The last few years has seen an extensive overhaul of security and information management to meet the challenges of corporate and statistics transformation in technology, methods and practice, the Digital Economy Act and organisational risk appetite. The capability is evolving and expanding to address changes in threat and business direction.
This role sits in the Security and Information Management (SaIM) Directorate, which operates six key services across ONS: Security Risk Advice and Management; Knowledge and Information Management (KIM); Physical Security and Business Continuity; Security Compliance and Audit (SCA); Cyber Security; and Partnering Services.
Within the Cyber Security service this role sits within the Cyber Security Monitoring Team.
Job Description
This role is part of the Cyber Security function and will deliver cyber security monitoring services at tactical and operational levels for colleagues within the Security and Information Management directorate and across the business.
This will involve monitoring cyber security platforms and systems as part of a triage function, and support of incident investigation activity when required.
This role is responsible for utilising monitoring techniques and procedures for Cyber Security tools such as Security Information and Event Management systems (SIEM), User Entity and Behaviour Analytics (UEBA) systems, Security Orchestration, Automation and Response (SOAR) systems, and other selected security technologies.
The purpose of the role is to monitor for and identify potential problems, ensuring that appropriate response actions are carried out for triage and incident response towards an end goal of preventing malicious activity, damage to ONS/UKSA and data loss from internal and external threats.
Responsibilities
Manage and maintain triage and incident investigation guidance.
Escalate alerts that have met the criteria for colleagues to conduct a detailed security investigation.
Review and manage the Service Desk queue and mailbox for cyber security.
Participate in delivery of strategic milestones for the cyber security monitoring services alongside Lead Analysts and the service Principal.
This role is part of the Cyber Security function and will deliver cyber security monitoring services at tactical and operational levels for colleagues within the Security and Information Management directorate and across the business.
This will involve monitoring cyber security platforms and systems as part of a triage function, and support of incident investigation activity when required.
This role is responsible for utilising monitoring techniques and procedures for Cyber Security tools such as Security Information and Event Management systems (SIEM), User Entity and Behaviour Analytics (UEBA) systems, Security Orchestration, Automation and Response (SOAR) systems, and other selected security technologies.
The purpose of the role is to monitor for and identify potential problems, ensuring that appropriate response actions are carried out for triage and incident response towards an end goal of preventing malicious activity, damage to ONS/UKSA and data loss from internal and external threats.
Responsibilities
Manage and maintain triage and incident investigation guidance.
Escalate alerts that have met the criteria for colleagues to conduct a detailed security investigation.
Review and manage the Service Desk queue and mailbox for cyber security.
Participate in delivery of strategic milestones for the cyber security monitoring services alongside Lead Analysts and the service Principal.
Person specification
Essential Criteria:
Awareness of security related technologies such as SIEM, SOAR, UEBA.
Knowledge of application, infrastructure and networking security controls and systems, particularly in relation to data management.
Experience of assisting with security advice and technical security solutions.
Experience of using a variety of sources of information to identify, analyse and report on incidents and events.
Ability to work as part of a team in a multi-disciplinary environment.
Knowledge of specific technologies
Essential:
Knowledge and application of SIEM capabilities.
Knowledge and application of cyber security incident response processes.
Awareness of the cyber security threat landscape.
Experience of writing reports or technical documentation tailored to the audience.
Experience of working within a team to effectively meet the SOC objectives/capability.
Desirable:
Working knowledge of query languages such as KQL or simular.
We expect that you will have experience of using these technologies, accepting that experience of some might be more limited but you must be keen to learn all the
technical stack above. Please ensure that your CV fully reflects those that you have used before. Your desire to learn and develop in a collaborative software environment will also be what we are looking for.
Behaviours
We'll assess you against these behaviours during the selection process:
Working Together
Making Effective Decisions
Technical skills
We'll assess you against these technical skills during the selection process:
Cyber Security Operations
Intrusion Detection and Analysis
Protective Security
Secure Operations Management
Alongside your salary of £34,587, Office for National Statistics contributes £10,019 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides (opens in a new window).
The Office for National Statistics is part of the Civil Service, and as such we share a number of key benefits with other departments, whilst also having our own unique offerings to support our valued colleagues across the organisation.
Whether you are hearing about us for the first time or already know a bit about our organisation, we hope that our careers site will give you a great insight into the benefits and facilities available to our colleagues, and our fantastic working culture.
This Role Is Part Of The Cross-government Government Digital And Data (formerly DDaT) Profession Framework. As a Role Within Government Digital And Data (formerly DDaT) At The ONS, We Also Offer Benefits Such As:
Protected Learning Time to spend on your personal development and side-projects.
A supportive and active Community of Practice which you will be expected to contribute to, helping ensure you and your colleagues get the training, development and opportunities you need to progress your careers.
We are committed to supporting our people’s wellbeing by offering flexible ways of working that support a healthy work life balance. We are happy to explore opportunities with you about working flexibly in line with our hybrid working policies.
Inclusion & Accessibility
At ONS we are always looking to attract the very best people from the widest possible talent pool, and we are proud to be an inclusive, equal opportunities employer. As a Disability Confident Leader we’re committed to ensuring that all candidates are treated fairly throughout the recruitment process.
As part of our application process, you will be prompted to provide details of any reasonable adjustments to our recruitment process that you need. If you would like to discuss any reasonable adjustments before applying, please contact the recruitment team in the first instance.
If you would like an accessible version of any of the attachments or recruitment documents below or linked to in this advert, please contact the recruitment team who will be happy to assist.
Artificial intelligence
Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.
Selection process details
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Security Clearance
For ONS the requirement for SC clearance is to have been present in the UK for 3 consecutive years immediately prior to applying and the department will consider eligibility by exception on a case-by-case basis. You will be asked to provide information regarding your UK residency during your application, and failure to provide this will result in your application being rejected.
If you are unsure that you meet the eligibility above, please read the information available on Gov.uk on this link, or contact the recruitment email on the advert before applying to discuss, as failure to meet the residency requirements will result in your security clearance application being rejected and any offer of employment being withdrawn.
At the point of SC application, you will need to provide or give access to the following evidence:
Departmental or company records (personnel files, staff reports, sick leave reports and security records)
UK criminal records covering both spent and unspent criminal records
Your credit and financial history with a credit reference agency
Security Services records
ONS are unable to offer visa sponsorship for this role. Applicants are expected to hold a valid right to work in the UK when employment commences. If you are applying on a time-limited visa, this will need to be valid for at least 18 months at point of application.
To work at the ONS, candidates must meet both UK right to work and security clearance requirements (where applicable).
If you are unsure whether you meet the appropriate right to work or security clearance eligibility criteria, please refer to the guidance on Gov.uk or contact the recruitment email provided in the advert before applying. Failure to meet these requirements will result in your application being rejected and employment offers being withdrawn.
For full guidance in relation to the use of AI through the recruitment process, please read A candidate’s guide to artificial intelligence (AI) in recruitment
Please note that all campaigns may be subject to withdrawal at any stage if the internal resource position changes.
Application Process
Number of Stages: 2 stage process
Stage 1: Application
Stage 2: Interview
Stage 1 – Application
The assessment process at the application stage will be based on your work history, skills, experience, CV, and personal statement. It is important that your application is tailored to highlight the skills, knowledge, and experience relevant to the role.
A personal statement is required at application stage, the maximum wordcount allowed is 1250, which should not be exceeded. You should provide evidence for each essential skill criterion listed in the person specification. As these criteria are scored, it is advisable to give clear examples for each one, including the impact of your actions, ideally utilising the STAR technique (Situation, Task, Action, Result).
Please note that Success Profiles Behaviour examples are not required at this stage of the application process.
When a high volume of applications are received, the sift pass mark may be adjusted. Candidates will be invited to interview based on their merit order, with those achieving the highest scores being prioritised. Applicants who score below the adjusted pass mark but still pass will be placed on hold and may be invited to interview at a later date.
Stage 2 – Interview
If invited to interview, you will be assessed using techniques aligned with the Civil Service Success Profiles framework, covering all behaviours listed in the job advert and any required technical skills.
Please review the framework ahead of interview here: https://www.security.gov.uk/government-security-profession-career-framework/cyber-roles/monitoring/
Interviews may be in person or via Microsoft Teams.
A reserve list may be held for a period up to 12 months from which further appointments may be made.
The Sift will be conducted from 20/07/2026
Interviews will be conducted from 29/07/2026
For the full terms and conditions of the post, please see attachment.
Near Misses
We often have similar roles available at different grades. If a candidate is suitable for a similar role or a lower grade than they have applied for, we may offer the candidate that role without the need to go through a further selection process providing the role has the same behaviours and essential skills.
Feedback will only be provided if you attend an interview or assessment.
This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.
Security
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Successful candidates must undergo a criminal record check.
Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check (opens in a new window).See our vetting charter (opens in a new window).
People working with government assets must complete baseline personnel security standard (opens in new window) checks.
Nationality requirements
This Job Is Broadly Open To The Following Groups:
UK nationals
nationals of the Republic of Ireland
nationals of Commonwealth countries who have the right to work in the UK
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service
Further information on nationality requirements (opens in a new window)
Working for the Civil Service
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.
We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).
The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.
The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.
Diversity and Inclusion
The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).
This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.
Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.
Contact point for applicants
Job Contact :
Name : Government-Digital-and-Data-Recruitment@ons.gov.uk
If you feel your application has not been treated in accordance with the Recruitment Principles and you wish to make a complaint, in the first instance, you should contact recruitment.complaints@ons.gov.uk. If you are not satisfied with the response you receive from the Department, you can contact the Civil Service Commission
Cyber Security Monitoring Analyst | Office for National Statistics | Hunt UK Visa Sponsors