Cyber Security Risk Analysis Apprentice

Summary

Our IT Security Apprentice will support the IT security manager to protect our digital assets and ensure the integrity, confidentiality, and availability of our information systems. This apprenticeship provides hands-on experience and training in various aspects of IT security, including risk management, supplier management, application testing.

Annual wage

£21,000 a year

Minimum wage rates (opens in new tab)

As part of a growing DHL population, you'll receive access to a variety of excellent benefits including 25 days holiday, pension scheme, medical cover, childcare vouchers, retail discounts, mental health support, and private GP services.

Training course

Cyber security technologist (2021) (level 4)

Hours

Monday to Friday, shifts TBC.

40 hours a week

Possible start date

Thursday 4 September

Duration

2 years

Positions available

1

Work

As an apprentice, you’ll work at a company and get hands-on experience. You’ll gain new skills and work alongside experienced staff.

What you’ll do at work

Our Cyber Security Risk Analyst Level 4 Programme is all about developing the skills required to become a subject matter expert. From day one, you'll take on real responsibility with a supportive culture that helps you develop your skill set, whilst building on your stakeholder management skills.

Working within the wider Digital & Technology Team, you will work with a passionate team focusing on the below and many more.

DWASP (DHL's Web Application Security Program) - Manage penetration tests, coordinate with various stakeholders to organise these tests, and follow up on findings once the tests are complete.
Infosec Priorities (MFA/Concept 2024) - Address other key priorities, including pursuing stakeholders and completing necessary documentation.
Risk Management - Assist in reviewing and organising information security risks, ensuring risk owners update their risks, and processing them for approvals.
INC Management - Assist in managing day-to-day incidents such as identifying malicious files on machines and investigating phishing emails.
Application Management- Handle any ad hoc application tasks, including security reviews, design architecture reviews, and writing documentation and processes.
Supplier Management - Collaborate with supplier managers to review and address any information security risks associated with their suppliers.

Where you’ll work

251 Midsummer Boulevard

Milton Keynes

Bucks

MK9 1EQ

Training

An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying.

College or training organisation

QA LIMITED

Your training course

Cyber security technologist (2021) (level 4)

Equal to higher national certificate (HNC)

Course contents

Discover vulnerabilities in a system by using a mix of research and practical exploration
Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
Configure, deploy and use computer, digital network and cyber security technology.
Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
Identify cyber security threats relevant to a defined context
Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case
Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
Use tools, techniques and processes to actively prevent breaches to digital system security.
Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..
Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
Assess security culture using a recognised approach.
Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
Develop plans for incident response for approval within defined governance arrangements for incident response.
Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach
Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
Manage local response to non-major incidents in accordance with a defined procedure.
Discover vulnerabilities in a system by using a mix of research and practical exploration
Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
Configure, deploy and use computer, digital network and cyber security technology.
Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
Identify cyber security threats relevant to a defined context
Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Your training plan

As part of the DCyber Security Level 4 Apprenticeship, they will complete the learning online through QA Limited and on-site learning at their dedicated DHL Supply Chain site.

Requirements

Essential qualifications

GCSE in:

English (grade Grade C and above/4-9)
Maths (grade Grade C and above/4-9)

Let the company know about other relevant qualifications and industry experience you have. They can adjust the apprenticeship to reflect what you already know.

Skills

Communication skills
IT skills
Attention to detail
Organisation skills
Problem solving skills
Administrative skills
Number skills
Analytical skills
Logical
Team working

Other requirements

Assessment centre 26th March 2025

About this company

Founded in 1969, DHL is the world's leading logistics company. Our 395,000 people in over 220 countries and territories work every day to help our customers cross borders, reach new markets and grow their businesses. DHL Supply Chain, part of the DHL Group, is the world's leading logistics provider and by joining DHL Supply Chain, you are joining a company that offers limitless opportunities to grow

https://careers.dhl.com/global/en/dsc-apprentices-uk (opens in new tab)

After this apprenticeship

We want apprentices to build their careers, with the option to complete a further apprenticeship after completing the Cyber Security Level 4 Apprenticeship
Apprentices can contribute their ideas to influence the success of our business and be a part of an organisation that makes an impact on society as well as on the world of logistics. After your programme you will transition into the Alumni community to continue the growth of your career

Ask a question

The contact for this apprenticeship is:

QA LIMITED

emergingtalent@dhl.com

The reference code for this apprenticeship is VAC1000292889.

Apply now

Closes on Friday 21 February

When you apply, you’ll be asked to sign in with a GOV.UK One Login. You can create one at the same time as applying for this apprenticeship.

After signing in, you’ll apply for this apprenticeship on the company's website.

Cookies on Find an apprenticeship

Contents