Principal Network and Security Specialist - CO - G6

The Cabinet Office is undergoing a significant Digital Transformation.  Over the next three years we aspire to make UK Government digital services the best in the world, meeting or exceeding the benchmark set globally by the best public or private sector standards.

For us to meet this ambition we are aiming to further improve the conditions, processes and expertise we have in place to be set up for success. This means we need to go much further and faster and strengthen the delivery of digital data and technology in government. 

To support these ambitions we have established a new to build on existing strengths and is based on six principles;

• Build trust by stabilising services and getting the basics right;
• Be the gateway for all digital, data and technology services delivered by the Cabinet Office to its civil servants and ministerial bodies;
• Provide impeccable service to our users;
• Drive digital, data and technology thought leadership;
• Transform ways of working;
• Build sustainable capabilities.

Job description

The Principal Network and Security Specialist will have the responsibility to design networking and Cyber Security services, create documentation, change management and root cause analysis as well as acting as an escalation point for the Live Service as well as line management of the Lead Network engineers responsible for day to day network operations.

The role is part of Cabinet Office Digital Enterprise Services, (Technical Operations (TechOps)) which provides, maintains and supports the infrastructure, telephony, network, WiFi, end-user devices, cloud capability and software across the entire Cabinet Office estate.

Our user base includes the Government Digital Service (GDS), Crown Commercial Services (CCS), Estates and Government Property Agency (GPA). 

The role will work closely with the Technical Architects and will be designing and maintaining existing network infrastructure, carrying out upgrades and problem resolutions. 

The Principal Network and Security Specialist will have the responsibility to design networking and Cyber Security services, create documentation, change management and root cause analysis as well as acting as an escalation point for the Live Service as well as line management of the Lead Network engineers responsible for day to day network operations.

Main responsibilities

• Provide leadership to Network Operations and line management to the Lead Network Engineers;
• Change requests for network changes;
• Delivery and Resource Plans;
• Documentation of processes for security processes such as incident processes, vulnerability management, compliance;
• Maintain GovAssured documentation and artifacts set, including development of processes to ensure compliance;
• Work with the Principal Infrastructure Engineer, Principal Technical Architect and Lead Infrastructure Engineers on the day-to-day management of the Cabinet Office wireless, LAN, WAN, including the network devices and security devices that are deployed; 
• Discover shortfalls in protective monitoring and ensure missing data is shipped to the Splunk SIEM systems. Working closely with the Cyber Transformation Team (CTP) to onboard new log sources across the department into the Cyber Security SIEM Platform as required;
• Work with the Operation teams on security and performance monitoring devices (both virtual and physical) across the IT platforms managed by Cabinet Office Digital; 
• Oversee the network operations team, including; technical management, people management, including line management of the Lead Network engineer leading the team;
• Design and implementation of new services as and when required by the Cabinet Office; 
• Provide guidance to second/third line support and problem solving for the Cabinet Office internal network;
• Lead on the strategy for the Cabinet Office Network Operations team on the physical and technical implementation of network and security services using key skills to enhance networking and security elements that will be deployed at Cabinet Office; 
• Develop process and procedures for other engineers to ensure a secure and robust environment for cabinet office users with KPIs in place for security processes and patching and maintain this level;
• Work with cloud technologies on the migration of existing systems and implementing new solutions;
• Be prepared to work out of normal office hours to implement change, when necessary, including weekend and evening work, including being on call;
• Serve as the incident lead for TechOps, managing and overseeing security-related incidents, while coordinating with the Cyber Security team to ensure timely response and resolution. Responsible for developing and escalating security incident reports to the Cyber Security team;
• Interface with third-party security tools and vendors, such as NCSC, and other government departments, to ensure effective integration and utilisation of external security solutions that complement internal security infrastructure and practices;
• Collaborate with the Cyber Security Team (SOC Team, and CTP), Operations leads, and Technical Architects to conduct general threat modelling and threat hunting, dedicating time for security improvements and discovery of threats on the platform;
• Professionally represent the Operations team as a technical (Cyber Security) consultant on projects with an eye to ensure security and protective monitoring.

Mentoring of junior engineers will be expected. 

Person specification

The Government Digital and Data Capability skills required are as set out in the definition for a Principal Network and Security Specialist as set out here.

Essential Skills

It’s essential that you have:

• Proven expert knowledge and experience in WAN networking;
• Proven expert knowledge of networking concepts and technologies and proven experience of network implementation and operation;
• Demonstrable experience in the delivery of secure enterprise networking and the secure configuration of LANs, WLANs and WANs;
• Experience of change and incident management processes;
• Professional skills including excellent customer relationship and stakeholder management skills, with the ability to engage with senior management, technical architects and solution providers;
• Strong understanding of encryption protocols and cipher suites.

Desirable Skills

• Experience of working in an agile environment;
• Use of Cloud-based systems and platforms;
• Substantial configuration and maintenance experience with Palo Alto and Fortigate;
• Experience with performance monitoring applications such as Zabbix, Nagios or SolarWinds; 
• Experience using Sophos Cloud and working with Managed Threat Response;
• Experience using NCSC HBC (Host Based Capability).

Additional information:

A minimum 60% of your working time should be spent at your principal workplace. Although requirements to attend other locations for official business will also count towards this level of attendance.

You must have flexibility to work weekends and evenings as required.

Successful candidates will need to go through SC clearance as a minimum and desirable that the candidate should be willing to go through DV clearance.

Behaviours

We'll assess you against these behaviours during the selection process:

• Changing and Improving
• Seeing the Big Picture
• Making Effective Decisions
• Managing a Quality Service
• Delivering at Pace

Technical skills

We'll assess you against these technical skills during the selection process:

• Strong Understanding of Cyber Security principles especially with respect to operational security. Experience with Incident Response and Threat and vulnerability management processes.
• Subject matter expertise in security tools implementation and projects, and providing Cyber Security Guidance to Operational Technology teams.
• Experience of management and administration of SIEM system, and the creation and management of dashboards and reporting.
• Proven expert knowledge and experience in LAN and Wireless LAN networking design, preferably with equipment from a range of different product vendors.
• Proven experience in leading teams and providing both technical and line management.
• Proven problem solving and analytical skills in a fast paced, multidisciplinary digital/technology environment.
• Experience installing and supporting Cyber Security products and tools such as endpoint detection and response (EDR) and vulnerability scanning.
• Proven strong understanding of network equipment especially with Fortinet.