Social Security Scotland
Principal Cyber Security Analyst

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
At Social Security Scotland, security is fundamental to delivering trusted public services. We're looking for an exceptional Principal Cyber Security Analyst to lead our Security Operations capability, helping us defend critical systems, protect sensitive data, and respond to an evolving cyber threat landscape. This is an opportunity to combine strategic leadership with hands-on technical expertise while making a genuine difference to the lives of people across Scotland.
As a senior technical leader within the Security Operations function, you will lead a team of Cyber Security Engineers and Analysts, providing both strategic direction and hands-on technical oversight. You will take ownership of the organisation’s core security tooling estate, driving continuous evolution and optimisation to ensure our capabilities remain effective against an evolving threat landscape.
You Will Be Accountable For The Design, Implementation, And Operation Of Key Security Technologies And Services Across a Cloud-first Environment, Including:
- Security Information and Event Management (SIEM)
- Security Orchestration, Automation and Response (SOAR)
- Endpoint Detection and Response (EDR/XDR)
- Network Detection and Response (NDR)
- Vulnerability and Exposure Management
- Security Incident Management and Response
- Cyber Threat Intelligence (CTI)
This role requires deep technical expertise across modern security operations tooling and architectures, with a strong understanding of how to operate and optimise these capabilities within a complex, cloud-native environment. You will be expected to articulate and influence security strategy, manage technical risk, and ensure the effective implementation of controls to mitigate cyber threats.
If you are passionate about security operations and eager to make a real difference in public services, we invite you to join our talented team and take the next step in your career.
Responsibilities
- Lead and develop the Security Operations team, establishing governance, standards and performance measures that drive effective threat detection, incident response and continuous improvement, aligned to organisational risk appetite and a cloud-first strategy.
- Own and optimise the organisation's security tooling and detection platforms, ensuring they are effectively integrated, maintained and continuously enhanced to deliver scalable, automated security operations.
- Build and influence relationships with senior stakeholders, acting as a trusted adviser and key point of contact on all aspects of cyber security.
- Provide expert cyber security leadership and authoritative guidance on the implementation and operation of security controls across the organisation and wider government community.
- Understand user and business needs, identifying emerging technology trends and usage patterns to help shape effective, risk-based security policies and controls.
- Deliver strategic cyber security initiatives that support the Cyber Security Strategy and strengthen the management of business risk, information security and data protection.
- Lead and continuously improve incident management, investigation and response processes, ensuring effective preparation for and response to cyber security incidents.
- Manage the assessment and response to cyber threats, maintaining the confidentiality, integrity, availability and compliance of organisational systems and information.
- Lead security testing activities, overseeing the design, delivery and assessment of exercises and reviews while ensuring compliance with relevant policies, procedures and standards.
- Develop and maintain cyber security policies, standards and guidance that meet business, technology and legal requirements, and reflect industry best practice.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Success Profiles
We use an assessment framework called ‘Success Profiles’ which lists the elements we test and provides detailed descriptions of each. Find out more about the framework here.
For this post, the following Success Profile elements will be assessed:
Experience
- Experience of leading and developing cyber security teams, with the ability to design, implement and continuously improve Security Operations capabilities, including threat detection, automation, orchestration and the development of security processes and procedures to meet evolving business and threat requirements.
- Experience of advising on organisational and technical responses to cyber security incidents, with responsibility for developing and driving incident investigation, response policies, processes and procedures.
- Expert knowledge of system architectures, with the ability to assess and articulate the impact of vulnerabilities on existing and future systems, services and designs.
Behaviours
Communicating and Influencing (Level 4)
You can find out more about Success Profiles Behaviours here
Technical / Professional Skills
This role is aligned to Principal Cyber Security Analyst within the Government Digital and Data Profession.
Please review the following to understand the skill expectations: Cyber Security: Operations - gov.scot
These skills will be tested during the Technical Assessment if you are successful at sift stage. They will not be assessed at application stage.
How To Apply
Apply online, providing a CV and Supporting Statement (of no more than 750 words) which provides evidence of how you meet the Experience and Behaviours listed in the Success Profiles above.
Artificial Intelligence (AI) tools can be used to support your application, but all statements and examples provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, and presented as your own) applications will be withdrawn and internal candidates may be subject to disciplinary action.
Please see our candidate guidance for more information on acceptable and unacceptable uses of AI in recruitment
An initial sift may be completed using the CV and Supporting Statement against the first experience criteria. Candidates who pass the initial sift will have their applications fully assessed.
Successful candidates will be invited to an Interview which will assess the experience and behaviours, and a Technical Assessment comprising a 10 minute presentation which will assess the Technical Skills.
Full details of the interview and assessment process will be shared with shortlisted candidates once the sift has been completed.
Please note: there may also be a telephone interview prior to the final interview stage.
We aim to provide feedback on request. However, where a large number of applications are received, it may not be possible to give feedback to candidates who are not invited to interview or assessment. Feedback will be available on request to all candidates who attend an interview or assessment.
Expected Timeline (subject to change)
Sift - week commencing 27th July
Interview – week commencing 10th August
Location - In Person in either Dundee or Glasgow
Reserve List
In the event that there are more successful candidates than posts available, a reserve list will be kept for up to 12 months.
About Us
Social Security Scotland is an Executive Agency of the Scottish Government. Our benefits help people from all walks of life in Scotland. We offer rewarding careers and employ people across Scotland in a wide range of professions and roles. We are committed to recruiting a diverse workforce that is representative of the clients we serve. Find more about us here.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
We offer a supportive and inclusive working environment along with a wide range of employee benefits. Find out more about what we offer.
As part of the UK Civil Service, we uphold the Civil Service Nationality Rules.
GDD Pay Supplement
This post is part of the Government Digital and Data (GDD) profession and currently attracts a £4,000 annual GDD pay supplement, which is paid monthly. Pay supplements are reviewed regularly.
Working Pattern
Our standard hours are 35 hours per week and we offer a range of flexible working options, depending on the needs of the role. We embrace a hybrid working style where all colleagues will spend time in either our Glasgow or Dundee offices. There is an expectation of a minimum 2 days per week in your assigned location, which will be either Glasgow or Dundee. If you have specific questions about the role you are applying for, please contact us.
Security Checks
This post requires the successful candidate to clear additional National Security Vetting clearance (Security Check) as well as a Baseline Personnel Security Standard (BPSS) before a start date can be offered. BPSS is comprised of four main pre-employment checks – Identity, Right to work, Employment History and a Criminal Record check (unspent convictions).
Further information regarding National Security Vetting clearance levels can be found here - National Security Vetting: Clearance Levels - GOV.UK
Equality Statement
Social Security Scotland are committed to equality and inclusion, and we aim to recruit a diverse workforce that reflects the population of our nation.
Social Security Scotland are a Disability Confident Employer. We will consider and implement any reasonable adjustments you may require throughout the recruitment process and during the course of your employment, should you be successful in securing a post. If you feel you may require assistance with any part of our recruitment process, please contact us at Recruitment@socialsecurity.gov.scot.
Find out more about our commitment to diversity and how we offer and support recruitment adjustments for anyone who needs them.
Right to Work in the UK
Social Security Scotland is an approved sponsor under the UK Visa and Immigration (UKVI) Skilled Worker route. Please note that UK immigration guidance, including skill and salary thresholds and eligible occupations, is reviewed regularly and subject to change. If you require visa sponsorship, you should check the latest criteria to confirm whether this role meets current requirements before applying. You can find further advice on Gov.UK - Skilled Worker visa: Overview - GOV.UK
Further Information
Social Security Scotland’s recruitment processes are underpinned by the recruitment principles of the Civil Service Commissioner, which outline that selection for appointment be made on merit on the basis of fair and open competition - Recruitment - Civil Service Commission
If you feel at any time your application has not been treated in accordance with the values in the Civil Service Code and/or if you feel the recruitment has been conducted in such a way that conflicts with the Civil Service Commissioner’s Recruitment Principles, you can make a complaint, by contacting Social Security Scotland at recruitment@socialsecurity.gov.scot in the first instance. If
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills