Cyber Security Risk Analyst Apprentice

Talion

Wakefield, WF1 2UN

Closes in 19 days (Thursday 5 December)

Posted on 11 November 2024

Print

Contents

Summary

You will have the opportunity to gain valuable skills, knowledge and experience as you complete a Cyber Security- Level 3 Apprenticeship. Duties will include organising and delivering contracted outputs of the services such as curated reporting, the set up and scheduling of scanning.

Annual wage
£20,000 a year

Minimum wage rates (opens in new tab)

£20,000 to £22,000 per annum

Training course
Cyber security technologist (2021) (level 4)
Hours
All details will be confirmed upon interview.

40 hours a week

Possible start date

Monday 16 December

Duration

2 years

Positions available

1

Work

As an apprentice, you’ll work at a company and get hands-on experience. You’ll gain new skills and work alongside experienced staff.

What you’ll do at work

  • Organise and deliver contracted outputs of the services such as curated reporting, the set up and scheduling of scanning, responding to services requests and providing advice regarding prioritisation of vulnerability remediation in a manner which meets expected service quality levels
  • Manage patching platforms and the output of scans
  • Have good written and verbal communication skills to be able to translate information into effective, structed and straightforward remediation for the client
  • Be able to collaborate and work closely with broader security operation teams to oversee remediation efforts
  • To assist the wider work of Talion’s Threat Intelligence team you will be supported towards developing your skillset in
  • Identifying real-time, actionable information regarding Cyber Threat Actors and the malware techniques they employ
  • Leveraging a variety of internal and external tools and sources to identify threats, assess risks, and produce reports including internal sources, 3rd-party, OSINT etc.
  • Provide analysis on the threat landscape from a wide range of internal and external intelligence and data sources
  • Support in continuously improving our security detection content by monitoring the threat landscape for new techniques which can be developed
  • Provide useful threat-based context to our security analysts
  • Maintain detailed threat profiles on adversaries of interest covering their tactics, techniques and procedures, intent, goals, and strategic objectives
  • Oversee the mapping of Threat Actors and rules against the MITRE ATT&CK model
  • Presenting information to clients at regular meetings to outline the latest threat activity to them, highlighting points of note and proactive measures they can take
  • Establish liaisons with external agencies, authorities, and threat intelligence sharing communities

Where you’ll work

1 Red Hall Court

Wakefield

WF1 2UN

Training

An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying.

College or training organisation

QA LIMITED

Your training course

Cyber security technologist (2021) (level 4)

Equal to higher national certificate (HNC)

Course contents
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
  • Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
  • Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case
  • Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
  • Use tools, techniques and processes to actively prevent breaches to digital system security.
  • Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
  • Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
  • Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
  • Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..
  • Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
  • Develop plans for incident response for approval within defined governance arrangements for incident response.
  • Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach
  • Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
  • Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
  • Manage local response to non-major incidents in accordance with a defined procedure.
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Your training plan

Why choose our Cyber Security Risk Analyst Level 4 apprenticeship?

The Cyber Security Risk Analyst apprenticeship builds and apply an understanding of cyber security to protect your organisation, systems, information, personal data and people from attacks and unauthorised access.

QA's exclusive partnership with Circadence Corporation, the pioneer of the hands-on gamified learning platform Project Ares®, allows us to uniquely incorporate hands-on scenario training into our cyber security apprenticeships. The Project Ares platform offers a totally immersive experience, using automated features to support skills adoption with an in-game advisor, Athena, who advises our players through scenario-based challenges. The platform scenarios replicate the unpredictability and escalating levels of complexity that cyberattacks can present. It drives high levels of engagement through leader boards and badges, elements used widely in the gaming world.

QA’s Cyber Security Risk Analyst Level 4 apprenticeship programme enables the apprentice to:

  • Develop problem-solving and critical thinking skills in a safe, but realistic environment
  • Apply all of the acquired skills throughout the programme, with added scoring of players and opponent actions with replay for object assessment
  • Take part in hands-on training and active-learning models that increase retention rates by 75% so that cyber apprentices can prepare for real-world challenges
  • Support an organisation's formal security governance, regulatory and compliance (GRC) and interact with risk assessments and risk mitigations

Tools and technologies learned: Apprentices will learn to use Project Ares, Python, Microsoft Azure, Microsoft PowerShell, Linux and AWS.

Requirements

Desirable qualifications

A Level in:

  • ICT (grade 3+ (D or above))

Let the company know about other relevant qualifications and industry experience you have. They can adjust the apprenticeship to reflect what you already know.

Skills

  • Communication skills
  • IT skills
  • Attention to detail
  • Organisation skills
  • Problem solving skills
  • Team working
  • Non judgemental

About this company

Who are Talion? A Managed Security Service Provider (MSSP) with a wealth of experience that enables organisations to protect their business estate from cyber-security attacks. We help organisations of all sizes build cyber-security capabilities and maintain compliance through practical Consulting and Managed Services. We blend together best-of-breed technologies to provide real time 24×7 monitoring, triage, remediation, threat assessment, vulnerability management, and Professional Services that give our clients peace of mind that they are protected. Our services include, 24x7 security monitoring from our UK based SOC, Threat Intelligence, and Security Orchestration services, all underpinned by our in-house detection content and SIEM platform management.   Our customers can choose to take all or any one of our services, depending on their needs at the time, which makes Talion a flexible security provider that is able to these robust services to small businesses as well as we do to the largest multi-national organisations.

After this apprenticeship

90% of QA Apprentices secure permanent employment after finishing their apprenticeship. Additionally, there may be opportunities to undertake further apprenticeship training as many of our programs offer on-going development tracks. 

Ask a question

The contact for this apprenticeship is:

QA LIMITED

The reference code for this apprenticeship is VAC1000286911.

Apply now

Closes in 19 days (Thursday 5 December)

When you apply, you’ll be asked to sign in with a GOV.UK One Login. You can create one at the same time as applying for this apprenticeship.

After signing in, you’ll apply for this apprenticeship on the company's website.