Threat Assessment Lead

**Details**:
**Reference number**:

- 412934

**Salary**:

- £60,300 - £66,330
- New entrants to the Civil Service will start their role on the salary band minimum: £60,300 for National Roles.
You may be eligible for an additional non-pensionable allowance, pending a Capability and Skills assessment, with a value of up to £20,100 (location dependent)
- A Civil Service Pension with an employer contribution of 28.97%

GBP

**Job grade**:

- Grade 7

**Contract type**:

- Permanent

**Business area**:

- HO - Digital Data and Technology - Cyber Security

**Type of role**:

- Digital
Information Technology
Security

**Working pattern**:

- Full-time

**Number of jobs available**:

- 1

**Contents**:

- Location
- About the job
- Benefits
- Things you need to know

**Location**:

- Manchester - Soapworks

**About the job**:
**Job summary**:
Cyber Security at the Home Office is critical to protecting a large government department and safeguarding critical digital infrastructure. The Cyber Security Operations Centre (CSOC) Threat Intelligence team is tasked with understanding and contextualising the Home Office’s cyber threat landscape. The team manages the department’s intelligence requirements, based on assessed threats to Home Office systems, then seeks to obtain and analyse data to identify threats and their potential impact. The specialised team of six works alongside other CSOC areas to provide awareness of threats, allowing for the deployment of targeted defences and the sharing of timely and actionable guidance.

The **Threat Intelligence Lead** plays a critical role in the success of the Cyber Security Operations Centre (CSOC) by overseeing all threat intelligence activities. This includes defining intelligence requirements, managing collection and analysis, and ensuring timely dissemination of insights. The role supports protective monitoring, contributes to incident response, and leads the development of team members through line management and professional development.

**Job description**:
As the Threat Intelligence Lead, your day-today responsibilities will be to:

- Lead the delivery of cyber threat intelligence processes, ensuring outputs align with organisational policies and effectively communicate findings.
- Analyse complex threat intelligence to assess risk, prioritise vulnerabilities, and inform strategic mitigation efforts.
- Define tools and policies to assess the threat landscape and advise on risk reduction strategies.
- Maintain and enhance the Threat Intelligence Platform to support automated intelligence and incident investigations.
- Collaborate with stakeholders to develop tactical threat management plans and oversee their execution.
- Manage the Threat Intelligence team, aligning their work with CSOC operational goals and strategic direction.
- Oversee the use of information systems to prioritise cyber risks and support the vulnerability management team with expert guidance.

**Hybrid Working**

**Person specification**:
**Essential Skills**

You’ll bring a strong interest in threat intelligence and demonstrate experience in:

- Operating within a Security Operations Centre (SOC), including threat and risk analysis.
- Leading technical responses to cyber incidents and collaborating across vulnerability management, threat hunting, and monitoring teams.
- Using platforms such as SIEM, EDR, and threat intelligence tools to support investigations and analysis.
- Tracking global cyber trends, adversary campaigns, and geopolitical developments to produce timely, actionable intelligence.
- Evaluating intelligence from OSINT, commercial feeds, government advisories, and internal sources to assess relevance and reliability.
- Producing clear, audience-appropriate threat reports and managing or coaching diverse cyber teams.

**SFIA capability framework**

Skills for the Information Age (SFIA) is the technical framework that sets the standard capability and development of all IT Operations levels in the Home Office. This is a link to the capability framework: All skills A - Z English (sfia-online.org)

We use set SFIA technical skills to form our interview questions and we will assess you against these technical skills during the selection process.

**SFIA levels of responsibility** - Use the SFIA Levels of responsibility to understand what would be expected for each Technical Skill listed below.

**SFIA Technical skills**

The essential technical skills required for this role are listed below and are reflective of the Home Office Government Digital and Data Profession Career Framework.

**Qualifications**
- Desirable to have certification in one or more of the following: CRTIA, CRTIM, CRISC, CISSP, CEH, CCSP and equivalent.

**Technical skills**:
We'll assess you against these technical skills during the selection process:

- Incident management (USUP) - Level 4
- Problem management (PBMG) - Level 4
- Security operations (SCAD) - Level 3
- Performance management (PEMT) - Level 3
- Resourcing