The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.
Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.
Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.
Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.
The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for Best Public Sector Employer at the Women in Tech awards and won the award in 2025!
This role sits within DBTs SOC (Security Operations Centre), reporting to the Lead Cyber Security Engineer. The SOC is responsible for identification and mitigation of threats, both internal and external to the security of the department. This role supports these actions by creating new capabilities, supporting existing capabilities and providing expertise to colleagues when required. You will also be focussing on implementing data pipelines to deliver logging into the SIEM solution and building automated enrichment capabilities. This role will involve the development of security tools, providing cyber security advice to the development community in DBT to ensure best practice is being followed.
As a Senior Cyber Security Engineer, you will take a leading role in shaping and evolving our Microsoft Sentinel capability, moving beyond traditional SIEM usage into a scalable, engineering-led security data platform. You will be responsible for designing and onboarding complex log sources across a multi-platform environment, including AWS (Cloudtrail / Cloudwatch), Datadog, Logstash and 3rd party integrations.
A key part of the role is working closely with internal engineering teams and external partners to ensure high-quality, structured logging is produced at source. You will help and define and implement logging standards, including structured JSON logging and best practices for application frameworks such as Django, ensuring data is meaningful, consistent and aligned to detection and monitoring use cases.
You will also drive the standardisation and normalisation of logs using frameworks such as ASIM, enabling scalable, reusable detection logic and improving overall visibility across the estate. This role goes beyond onboarding logs as you will be expected to challenge existing approaches, improve data quality, and ensure that security monitoring is both effective and efficient.
A major focus of this position is to support the team in the evolution of our data architecture within sentinel. You will provide input into the design for a data lake strategy incorporating hot, cold and archive storage tiers, enabling long-term retention, historical analysis, and log replay capabilities while actively optimising ingestion and storage costs.
Over the coming 12-18 months, DBTs SOC will be looking to make big strides in its maturity journey through the transition to a SecDevOps way of working in Azure and MS Sentinel and through the implementation of an enterprise log management solution, all of which the Senior Engineer will be involved with.
Main responsibilities
You will be:
It is essential that you have:
It is desirable that you have:
We'll assess you against these behaviours during the selection process:
We'll assess you against these technical skills during the selection process:
How to apply
As part of the application process you will be asked to upload a two-page CV and complete a 750-word personal statement outlining how you meet the essential skills and experience listed above. You can use bullet points and subheadings if you prefer.
Sift will be from week commencing 22nd June
Interviews will be from week commencing 29th June
Please note these dates are indicative and may be subject to change.
If there is a high volume of applications, we will sift looking at your CV only. You may then be progressed to full sift or straight to interview.
How we interview
At the interview stage for this role, you will be asked to demonstrate relevant Technical Skills and Behaviours from the Success Profiles framework, which are listed above. These are role specific and in line with the Government Security Profession Career Framework.
How we offer
Offers will be made in merit order based on location preferences. If you pass the bar at interview but are not the highest scoring you will be held on a 12-month reserve list in case a role becomes available. If you are judged a near miss at interview, you may be offered a post at the grade below the one you applied for.
This role requires SC clearance. DBTs requirement for SC clearance is to have been present in the UK for at least 3 of the last 5 years. Failure to meet this requirement will result in your application being rejected and your offer will be withdrawn.
Checks will also be made against:
More about us
This role can only be worked from within the UK, not overseas. If you are based in London, you will receive London weighting. DBT employees work in a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
You can find out more about our office locations, how we calculate salaries, our diversity statement and reasonable adjustments, the Recruitment Principles, the Civil Service code and our complaints procedure in the candidate pack attached to this advert.
Find out more about life at DBT, our benefits and meet the team by watching our video or reading our blog!
This job is broadly open to the following groups:
Sign in to browse authentic reviews, anonymous ratings and salary data before you apply.