Rodeo
ResourcesPartnersSign in

GCHQ

Cyber Security Analyst Ref. 3780

Cheltenham
£37.9k/yr
Posted 8 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Role details

Jobs

Cyber Security Analyst

Ref. 3780

Cheltenham, Manchester

Closing Date - 23:00 on Tuesday 21st July 2026

IT

Salary: £37,892, including a £2,758 concessionary payment. After 6 to 13 months, you may be eligible for a non-pensionable skills payment of £7,247 or £15,757, subject to assessment and reviewed every three years.

Apply

Description

Flexible working: We support flexible working arrangements, such as part-time and compressed hours, as well as flexible start and finish times. Because of the role’s responsibilities, most work is carried out on site. Opportunities for homeworking may be available but will depend on operational requirements and cannot be guaranteed.

About Us

At GCHQ, we unlock the complex world of data and communications to keep the UK and its citizens safe, both in the real world and online. Working closely with our British Intelligence partners, MI5 and MI6, we protect the UK from threats including serious organised crime, terrorism, and cyber-attacks. A role in GCHQ offers varied and fascinating work in a supportive and encouraging environment that puts the emphasis on teamwork.

The role

As a Cyber Security Analyst within GCHQ’s Cyber Security Incident Response Team (CSIRT), you focus on protecting critical systems from a wide range of cyber threats, including malware, insider threats, denial-of-service attacks, and phishing activity. Your work plays a key role in safeguarding GCHQ’s networks and data in a high-stakes, security-focused environment.

Each day starts with a review of alerts and overnight activity, prioritising incidents based on severity and potential impact. Key findings are shared in the daily CSIRT meeting, where the team aligns on ongoing investigations and sets priorities. Attention then turns to analysing high-priority alerts, working through logs, network traffic, and endpoint data using tools such as Splunk.

Working closely with colleagues across IT and security teams, you’ll gather information and mitigate emerging threats. Alongside your core investigative work, responsibilities include monitoring security alarms, creating new detection content, and using threat intelligence to strengthen defences. The role also involves building automations to improve Security Operations Centre (SOC) efficiency, responding to security breaches, and providing specialist support in digital forensics, including assistance with HR casework.

Most work sits within team delivery objectives, with scope to take on individual projects, if you want to explore a particular area further.

About You

You're a problem-solver with a natural curiosity about how systems work, how they can be protected, and a genuine enthusiasm for developing your skills. You can demonstrate experience in at least one core cyber security discipline, such as malware analysis, intrusion detection, security monitoring, or incident response, ideally gained within a Security Operations Centre (SOC) environment.

A solid understanding of Windows and Linux internals is expected. Broader IT experience is advantageous, including exposure to cloud technologies like AWS or Azure, alongside a motivation to continue developing your technical expertise.

Training and development

When you join GCHQ, you’ll receive an organisational induction along with support from a buddy to help you settle in. Development in this role is a mix of on-the-job learning and formal training. Skills are developed through experience, working alongside colleagues on real incidents and supported by a range of internal and external training opportunities.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

As a Cyber Security Analyst, there is access to a mix of internal and external training opportunities, including the chance to work towards security certifications such as Certified Information Systems Security Professional (CISSP) and the Offensive Security Certified Professional (OSCP).

There are no overseas travel requirements for this role; however, there may be occasional opportunities to attend conferences both within the UK and internationally.

Rewards And Benefits

You’ll receive a starting salary of £37,892 plus other benefits including:

  • 25 days’ annual leave, rising to 30 days after 5 years' service, and an additional 10.5 days of public and privilege holidays
  • opportunities to be recognised through our employee performance scheme
  • an interest-free season ticket loan
  • a cycle to work scheme
  • facilities such as a gym, restaurant, and on-site coffee bars; availability varies by location
  • paid parental and adoption leave
  • an excellent pension scheme

Equal opportunities

At GCHQ, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: those with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking and those with disabilities or neurodivergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are under-represented in our workforce such as women, those from an ethnic minority background, people with disabilities and those from low socio-economic backgrounds.

Find out more about our culture, working environment and diversity on our website.

We’re Disability Confident

GCHQ is proud to have achieved Leader status within the Department for Work and Pensions’ Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain and develop disabled people. As a Disability Confident Leader, we aim to ensure that a fair and proportionate number of disabled applicants who best meet the essential minimum criteria for this position, will be offered an interview, if it is practical for us to do so. This is known as the Offer of an Interview.

Role

To secure an interview for this role, candidates must meet the minimum criteria, which will be assessed at the CV sift stage:

  • You’ll be required to reach the minimum pass mark for the online Situational Judgement Test (SJT), which assesses criteria important for all roles in our organisation
  • Able to demonstrate experience of working as a Cyber Security/Security Operations Centre Analyst
  • Able to demonstrate experience working in at least one of the following fields: malware analysis, intrusion detection, monitoring & incident response

There is a wide range of extra support available throughout the recruitment process to enable you to do your best. Please see our website for information on reasonable adjustments we can offer.

What To Expect

Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order:

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job
  • An initial online application form including pre-screening questions to ensure you meet our eligibility criteria
  • Online Situational Judgement Test (SJT) in which you rate the appropriateness of responses to a series of short scenarios
  • Application form, looking at your motivation for the role and the organisation
  • Online test, examining your responses to different situations typical to the role
  • Assessment Centre, including situational role-plays, tasking exercise and interview
  • If successful, you will receive a conditional offer of employment

Please note, you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise you to continue any current employment until you have received your final job offer.

Before you apply

To work at GCHQ, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here.

This role requires the highest security clearance, known as Developed Vetting (DV). It’s something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here.

Please note we have a strict drugs policy, so once you start your application, you can’t take any recreational drugs, and you’ll need to declare your previous drug usage at the relevant stage.

Before you apply, we recommend setting up a separate email address for your contact with us, to ensure your personal and application correspondence remain separate. Try to avoid having identifying features in your email address, such as your first or surname or date of birth. This is good practice and will help you to manage your application with us more securely.

The role is based in Cheltenham or Manchester, so you’ll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application, as we do not offer relocation costs.

We offer reasonable reimbursement of travel costs for candidates attending in-person appointments during the recruitment and vetting process. Full details will be provided with your interview or assessment invitation.

Reimbursement is discretionary and will only be made in line with the Candidate Expenses Policy, as amended from time to time. Candidates must book their own travel, using the most economical option, and provide original hard copy receipts for reimbursement.

Please note, you should only launch your application from within the UK. If you are based overseas, you should wait until you visit the UK to launch an application. Applying from outside the UK will impact on our ability to progress your application. You should not discuss your application, other than with your partner or a close family member.

Right To Withdraw Statement

Please be aware that we reserve the right to bring forward the closing date for this role from the original closing date once a certain number of applications have been received. Please be mindful of this and submit your application at your earliest convenience to avoid disappointment.

Apply


Locations

  • Cheltenham

    • View location
  • Manchester

    • View location
  • Cheltenham

    • View location
  • Manchester

    • View location
Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Cyber Security
Malware Analysis
Intrusion Detection
Security Monitoring
Incident Response
Windows Internals
Linux Internals
Cloud Technologies
Splunk
Digital Forensics
Threat Intelligence
Automation
Security Operations Centre

Location

Cheltenham, England, United Kingdom

Sign up to applySee more jobs like this