Apply for job
Vacancy reference: 922
Salary: London: £47657 - £56050 (which may include an allowance of up to £8393). National: £41463 - £51675 (which may include an allowance of up to £10212).
Closing date: 11/08/2025
Department: Technology Services
Location: National
Employment type: Permanent

Job Description

Senior Cyber Threat Intelligence Analyst
Location: National*
Closing Date: 11th August
Interviews: W/C 25th August (subject to change)
Grade: SEO
(MoJ candidates who are on a specialist grade, will be able to retain this grade on lateral transfer)
Salary: London: £47657 - £56050 (which may include an allowance of up to £8393). National: £41463 - £51675 (which may include an allowance of up to £10212).
Working pattern: Full time, part time, flexible working, job share.
Contract Type: Permanent.
*We offer a hybrid working model, allowing for a balance between remote work and time spent in your local office. Office locations can be found ON THIS MAP

The Role

We’re recruiting for a Senior Cyber Threat Intelligence Analyst here at Justice Digital, to be part of our warm and collaborative Digital Infrastructure and Security Operations (DISO) team.

This role aligns against Vulnerability Management Lead from the Government Security Profession Framework.

Justice Digital is looking for a Senior Cyber Threat Intelligence Analyst to join our CTI Team, a maturing capability within the Security Operations team. This is an exciting opportunity to contribute to the protection of the Ministry of Justice’s (MOJ) technology, systems and services, and the vital information they contain and process.

As a Senior Threat Intelligence Analyst at the MoJ, you will lead the analysis, collection, and dissemination of actionable threat intelligence. Your deep understanding of adversary tactics, techniques, and procedures (TTPs) will help to inform and improve MOJ cybersecurity defences—helping to predict and mitigate against emerging threats.

You will work closely with security engineers, incident response teams, and external partners, translating raw intelligence into strategic insights that drive operational security decisions. Responsibilities include tracking threat actors, researching tactics and techniques, and producing high quality intelligence reports for key stakeholders, as well as playing a part in the mitigation and remediation of MOJ cyber security incidents.

To help picture your life at MoJ Justice Digital please take a look at our blog and our Digital and Technology strategy 2025

Key Responsibilities:

  • Monitor and analyse the cyber threat landscape to identify advanced persistent threats, malware trends, and emerging cyber adversaries.
  • Analyse cyber threat actors’ infrastructure, TTPs, and motivations, building detailed adversary profiles that fuel proactive defence measures. Track adversary movements and historical trends to better predict their future actions.
  • Proactive attack surface management- continuously discovering, monitoring, and reducing the points of exposure across the MOJ’s digital environment, before they are exploited by adversaries.
  • Utilise frameworks such as MITRE ATT&CK, the Diamond Model, and OSINT methodologies to correlate threat data.
  • Produce clear and actionable intelligence reports—ranging from technical briefings to strategic analyses—that support decision making across the organisation. This will include delivery of verbal presentations and threat briefs, in-person and virtually, to internal and external stakeholders at all seniority levels.
  • Leading collaboration activities with internal teams across the organisation in order to provide further internal understanding of potential adversaries and attack vectors. This will include development of relationships with the wider information security teams across the organisation, e.g. SOC Detect and Respond, Incident Response, and engineering teams to assess and enhance current threat defences.
  • Leading the CTI response for the SOC for mitigation and remediation of MOJ cyber security incidents.
  • Relationship management within the wider Information Security community. Representation of the MOJ in a wide range of fora, to ensure impactful collaboration across Government Security communities including direct engagement with NCSC and the NCA.
  • Ownership of CTI Vendor relationships - driving effective integration and usage of vendor platforms, in order to drive best value and effect for the MOJ.
  • Senior intelligence practitioner for the team - able to share best practice and oversight of intelligence outputs to ensure the highest quality.
  • Contribute to development and maintenance of threat intelligence processes and procedures to ensure efficient and effective threat analysis.
  • Line Management/People Management responsibilities - Managing, supporting and mentoring junior members of the wider SOC team, as well as deputising for the CTI Team Lead, where appropriate.

If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!

Benefits

  • 37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.
  • A £1k per person learning budget is in place to support all our people, with access to best in class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms
  • Staff have 10% time to dedicate to develop & grow
  • Generous civil service pension based on defined benefit scheme, with employer contributions of 28.97% from April 1st 2024 (Contribution Rates)
  • 25 days leave (plus bank holidays) and 1 privilege day usually taken around the Kings’ birthday. 5 additional days of leave once you have reached 5 years of service.
  • Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
  • Wellbeing support including access to the Calm app.
  • Nurturing professional and interpersonal networks including those for Carers & Childcare, Gender Equality, PROUD and SPIRIT
  • Bike loans up to £2500 and secure bike parking (subject to availability and location)
  • Season ticket loans, childcare vouchers and eye-care vouchers.
  • 5 days volunteering paid leave.
  • Some offices may have a subsidised onsite Gym.

Person Specification

Essential

  • Prior experience working as an Intelligence Analyst.
  • Holds current relevant professional qualifications in Intelligence and/or Information Security (e.g. CREST CRTIA)– or willing to work towards.
  • Strong knowledge of cybersecurity principles, threat landscapes, and attack vectors. Knowledge and understanding of current security threats, threat models, frameworks and common mitigations.
  • Knowledge of intelligence tooling.
  • Excellent analytical and problem-solving skills.
  • Excellent oral and written communication skills.
  • Proactive approach to team management and supporting cross department initiatives.
  • Demonstrable experience of proactive, operational delivery in a fast-paced security environment.
  • Demonstrable management skills, with an ability to communicate effectively and develop staff.
  • Intelligence reporting SME able to deliver high quality products and maintain standards and quality across the team.

Willingness to be assessed against the requirements for SC vetting.

We welcome the unique contribution diverse applicants bring and do not discriminate based on culture, ethnicity, race, nationality or national origin, age, sex, gender identity or expression, religion or belief, disability status, sexual orientation, educational or social background or any other factor.

Our values are Purpose, Humanity Openness and Together. Find out more here about how we celebrate diversity and an inclusive culture in our workplace.

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see the Civil Service People Plan and the Civil Service D&I Strategy.

How to Apply

Candidates must submit a CV and statement of suitability (of no more than 750 words), which describes how you meet the requirements set out in the Person Specification above. Applicants who do not submit both a CV and a separate statement of suitability will be rejected.

In Justice Digital, we recruit using a combination of the Government Digital and Data Profession / Government Security Profession and Success Profiles Frameworks. We will assess your Experience, Technical Skills and the following Behaviours during the assessment process:

  • Seeing the big picture
  • Making effective decisions
  • Delivering at pace

A diverse panel will review your application against the Person Specification above.

Successful candidates who meet the required standard will then be invited to a 1-hour panel interview held via video conference.

Should we receive a high volume of applications, a pre-sift based on the following essential criteria will be conducted before the sift -

  • Prior experience working as an Intelligence Analyst
  • Strong knowledge of cybersecurity principles, threat landscapes, and attack vectors. Knowledge and understanding of current security threats, threat models, frameworks and common mitigations.

Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.

An alternate HEO threat analysis opportunity may be offered to those who are placed onto the reserve or near miss lists following the interview stage.

A reserve list may be held for up to 12 months, from which further appointments may be made.


Use of Artificial Intelligence


Artificial Intelligence can be a useful tool to support your application. However, all examples and statements provided must be truthful, factually accurate, and based on your own experience. Where plagiarism is identified—such as presenting the ideas and experiences of others, or AI-generated content, as your own—applications may be withdrawn. Internal candidates may also be subject to disciplinary action. Please see our candidate guidance for more information on appropriate and inappropriate use.

Terms & Conditions

Please review our Terms and Conditions which set out how we recruit and provide further information related to the role and salary arrangements.

If you have any questions, please feel free to contact digitalanddatarecruitment@justice.gov.uk


Take a look around the company https://www.jobtrain.co.uk/justicedigital
LinkedInClick here to contact us on YouTube
Apply for job favorite_border Save this job