Cyber Threat Intelligence Analyst Ref. 3768

Job Description

Flexible working: We support a range of flexible working patterns, including part-time, compressed hours, and some flexibility around start and finish times. This is an office-based role, so homeworking isn’t available. Please visit our work-life balance page to find out more about flexible working.

About us
MI5 keeps the country safe from serious threats like terrorism and attempts by states to harm the UK, its people, and way of life. We carry out investigations by obtaining, analysing, and assessing intelligence, and then work with a range of partners including MI6 and GCHQ, to disrupt these threats. Through our protective security arm, we provide advice and guidance to government, businesses, and other organisations on how to keep themselves safe. A role in MI5 means you'll do unique and challenging work in a supportive and encouraging environment, making a real difference to UK national security.

The role
The UK faces growing threats to its cyber security. Staying ahead of rapidly evolving technological challenges and increasing demand from our partners is critical. That’s why our cyber team works at pace to analyse data and detect malicious activity that could harm national security. As a Cyber Threat Intelligence Analyst, you’ll support MI5’s cyber threat work and partner strategy. Drawing on your significant experience, you’ll identify, investigate, and analyse cyber threats, carrying out meaningful work that keeps the UK safe.

Work spans a range of technical areas, offering real scope. Day-to-day activities may include carrying out network analysis, applying an understanding of internet protocols to review network indicators, events, and topologies. Alternatively, disk and memory forensics knowledge may be applied to operating system artefacts, files and malware. Responsibilities may involve producing accurate reports or developing analytical or workflow capabilities, creating a diverse mix of investigative cyber work.

This role goes beyond supporting MI5’s operations, involving close collaboration with partners across government, finance, and the wider public sector to help meet growing demand. Activities range from performing intricate cyber analysis tasks and briefing internal and external stakeholders to using a variety of cyber tools. The role offers a good level of autonomy, while also encouraging you to support others by listening, guiding, and advising.

About you
You don’t need a specific degree to apply, but you’ll need significant experience working in cyber security, networking protocols, and data analysis, as well as either network- or host-based forensics. You’ll come from an applied cyber background, where you’ve gained experience in threat analysis, SOC analysis, threat intelligence, or similar. This may include experience in other government departments, law enforcement, or financial, regulatory, or legal institutions.

Our cyber team uses a wide range of tools and technologies, so expertise in any one is not essential. You might have had exposure to forensic tools such as X-Ways, FTK, and EnCase, or network and security analysis programmes including Elasticsearch, Splunk, and Wireshark. This will be supported by an awareness of coding and programming, allowing you to read and understand inputs.

Working as part of a busy yet collaborative team, you’ll be confident engaging with colleagues as well as external partners. With a well-developed analytical mindset, an organised approach, and a natural technical curiosity, you’ll think creatively to solve problems and seek to understand how and why incidents occur. There is an opportunity to turn findings into clear, well-structured reports, so good written communication skills and the ability to confidently explain complex technical subjects to non-technical audiences are essential. You’ll be keen to continue developing your technical capability, making the most of learning opportunities to stay ahead in a rapidly evolving cyber landscape.

Training and development
When you join, you’ll complete an organisation-wide Induction Roadmap and meet with key partners, customers, and stakeholders to build an understanding of how the team operates within MI5. Alongside this, you’ll take part in a departmental induction and team rotations, giving you the chance to learn by shadowing more experienced colleagues.

There are plenty of opportunities to support your training and development throughout your career with us. You’ll receive a yearly learning budget and personal learning days, as well as access to internal and external training courses, mentoring, and tailored support to help strengthen any gaps in your knowledge.

You’ll be encouraged to join the Cyber Technical Framework (CTF). This is how we assess the knowledge, skills, and attributes of our cyber technical specialists, while also providing support to help you to progress your career in ways that suit your ambitions. Membership of the CTF is based on an application process, supported by skills-based assessments.

Rewards and benefits
You’ll receive a starting salary of £53,267 plus other benefits, including:

• 25 days’ annual leave, rising automatically to 30 days after 5 years' service, plus an additional 10.5 days of public and privilege holidays
• opportunities to be recognised through our employee performance scheme
• an interest-free season ticket loan
• an excellent pension scheme
• a cycle to work scheme
• facilities such as a gym, restaurant, and on-site coffee bars (at some locations)
• paid parental and adoption leave

Equal opportunities
At MI5, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: people with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking, and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are underrepresented in our workforce, such as women, people from ethnic minority backgrounds, people with disabilities, and those from low socio-economic backgrounds.

Find out more about our culture, working environment and diversity on our website.

We’re Disability Confident
MI5 is proud to have achieved Leader status within the DWP’s Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain, and develop disabled people. Being Disability Confident, we aim to offer a fair and proportionate number of person-to-person interviews to any candidate who self-identifies as disabled and meets the essential criteria for the role. This is our ‘Offer of Interview’ (OOI). To secure an interview for this vacancy, the essential criteria (in order of application process) are:

1. You'll be required to reach the minimum pass mark for the online Situational Judgement Test (SJT), which assesses criteria important for all roles in our organisation.
2. You will be able to demonstrate good technical understanding of cyber security and networking protocols. – To be assessed at sift.
3. You will have experience of data analysis. – To be assessed at sift.

There is a wide range of extra support available throughout the recruitment process to enable you to perform at your best. Please visit our application page for information on the reasonable adjustments we can offer.

What to expect
Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:

1. Online Situational Judgement Test (SJT) in which you rate the appropriateness of responses to a series of short scenarios.
2. Application sift looking at your skills and motivation for the role and organisation.
3. An online HR and Competency Interview.
4. An in-person interview looking at your technical skills.
5. If successful, you’ll receive a conditional offer of employment.

Please note that you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise you to continue any current employment until you receive your final job offer.

Before you apply
To work at MI5, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here.

This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here.

Please note we have a strict drugs policy. Once you start your application, you must not take any recreational drugs, and you’ll need to declare your previous drug usage at the relevant stage.

Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remains separate. Try to avoid including identifying features in your email address, such as your first and/or surname and date of birth. This is good practice and will help you manage your application with us more securely.

The role is based in Central London, so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application. A loan is available to support people relocating to London.

We offer reasonable reimbursement of travel costs for candidates attending in‑person interviews or assessments during the recruitment and vetting process. Full details will be provided with your interview or assessment invitation.

Reimbursement is discretionary and will only be made in line with the Candidate Expenses Policy, as amended from time to time. Candidates must book their own travel using the most economical option and provide original hard copy receipts for reimbursement.

Please note that applications must be submitted from within the UK. If you are based overseas, wait until you return before applying, as applications made from outside the UK may impact our ability to progress your application. You should not discuss your application with anyone other than your partner or close family member.

Right to withdraw statement:
Please be aware that we reserve the right to bring forward the closing date for this role once a certain number of applications have been received. To avoid disappointment, please submit your application at your earliest convenience.