Level 4 Cyber Security Engineer Apprentice - NHS Informatics Merseyside - L34 9GJ

MERSEY CARE NHS FOUNDATION TRUST

Liverpool (L34 9GJ)

Closes in 20 days (Friday 16 May 2025)

Posted on 7 April 2025

Print

Contents

Summary

To apply an understanding of threats, risks, control measures and mitigations to protect the Trusts' information assets, systems, staff and patients from compromise and harm.

Wage

£23,615 a year

Check minimum wage rates (opens in new tab)

Training course
Cyber security technologist (2021) (level 4)
Hours
Monday - Friday between 9.00am - 5.00pm.

37 hours 30 minutes a week

Start date

Monday 1 September 2025

Duration

2 years

Positions available

1

Work

Most of your apprenticeship is spent working. You’ll learn on the job by getting hands-on experience.

What you’ll do at work

  • You will learn why security matters, basic concepts and theory of information security, vulnerabilities and threats, how to make security assessments and remediate these.
  • You will assist in providing support to the IT Security team, IT Operations, and the wider Trust.
  • You will learn how to maintain knowledge of information and cyber security. To research information and cyber security to evaluate risk and provide advice and guidance. Liaising with suppliers and senior Cyber Security Officers to create security assessments, report findings and make recommendations.
  • Learn about the threat landscape, threat trends and where to source threat intelligence and how to defend against these.
  • Specialising in the Cyber Security Engineer route of the apprenticeship, you will contribute to the ongoing review, monitoring and implementation of security, privacy and other information security controls.
  • Understanding security models and frameworks such as the NCSC’s Cyber Essentials, the Mitre Att&ck framework as well as the Cyber Assessment Framework (CAF).
  • You will learn the principles of security assessments as well as the different methodologies and approaches to analysing risk, scoring risk and providing assurance to key stakeholders. How to develop security policy and process will also be taught.
  • The role will also include audit and assurance, through the work undertaken for the annual Data Security and Protection Toolkit submission each June. You will work closely with the Audit and Accreditation team to understand the importance of the Data Security Protection Toolkit in an NHS organisation.
  • You will learn how to handle security incidents, how to respond to these, creating incident response and business continuity plans.
  • To develop effective methods of communication and collaboration with internal customers, non-ICT and ICT staff and suppliers.

Key responsibilities:

  • The primary role of a Cyber Security Apprentice is to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigation to protect organisations and people.
  • Those focused on the technical side will work on areas such as security design and architecture, security testing, investigations & response.
  • Those focused on the risk analysis side will work on areas such as operations, risk, governance and compliance.
  • The primary role of a Cyber Security Analyst Apprentice is to detect breaches in network security for escalation to incident response. You will typically use a range of automated tools, to monitor networks in real time. You will understand and interpret the alerts that are automatically generated by those tools including integrating and correlating information from a variety of sources.
  • Whether focused on the technical or risk analysis side, all people in this occupation work to achieve required security outcomes in a legal and regulatory context. You will develop and apply practical knowledge in information security to deliver solutions that fulfil organisation's requirements.
  • Develop the technical skills needed to prevent cyber-crime, decrypt data, untangle, clarify and resolve malware issues.
  • Gain invaluable experience by learning challenging theory and applying this on-the-job.
  • Develop the knowledge and skills required, such as how to defend against attack techniques and sources of threat, risk management and building a security case, to equip you to be a future Cyber Security specialist.

Where you’ll work

Saturn House
Knowsley Business Park
Liverpool
L34 9GJ

Training

Apprenticeships include time away from working for specialist training. You’ll study to gain professional knowledge and skills.

College or training organisation

TECHNICAL PROFESSIONALS LIMITED

Your training course

Cyber security technologist (2021) (level 4)

Equal to higher national certificate (HNC)

Course contents
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
  • Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
  • Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case
  • Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
  • Use tools, techniques and processes to actively prevent breaches to digital system security.
  • Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
  • Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
  • Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
  • Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..
  • Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
  • Develop plans for incident response for approval within defined governance arrangements for incident response.
  • Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach
  • Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
  • Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
  • Manage local response to non-major incidents in accordance with a defined procedure.
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Your training plan

This training plan has not been finalised. Check with this employer if you’ll need to travel to a college or training location for this apprenticeship.

More training information

During this apprenticeship, you will follow a fully supported training programme with LearnTech, delivered through combined classroom-based training, workplace assessment/training and online learning.

The training covers the following core occupational duties:

https://www.instituteforapprenticeships.org/apprenticeship-standards/cyber-security-technologist-2021-v1-0

Requirements

Essential qualifications

GCSE in:

  • English (grade 4 (C))
  • Maths (grade 4 (C))

Desirable qualifications

A Level in:

  • IT/Computer Science (grade A*-C)

BTEC in:

  • IT/Computer Science (grade Pass/Merit/Distinction)

Let the company know about other relevant qualifications and industry experience you have. They can adjust the apprenticeship to reflect what you already know.

Skills

  • Communication skills
  • IT skills
  • Organisation skills
  • Problem solving skills
  • Team working
  • Initiative
  • Passion for cyber
  • Time management

Other requirements

You must meet the following eligibility criteria to apply for the role: have been a UK/EEA resident for the last 3 years, hold valid residency status, have the right to work in the UK.

About this company

The NHS has a multi-billion pound budget to deliver an efficient, modern, safe and effective healthcare service to patients. As they go through a period of transformation that sees efficiency savings impacting on their limited resources, they are looking to develop new talent to help deliver this challenge. Almost 2 million people make up the NHS workforce with over 350 different careers being split into 15 categories, one of which is Digital, one of the fastest growing areas within healthcare. Across the North West there are around 6,000 staff working in a Digital career. The overall purpose of Digital is to enable, promote and support the effective use of data, information, knowledge and technology to assist and improve health and health care delivery.

https://www.nhsapprenticeships.com/ (opens in new tab)

After this apprenticeship

This opportunity is advertised on a fixed-term contract basis due to this being an apprenticeship, the objective of which is to gain a recognised qualification and experience in the workplace. This does not include a guaranteed permanent post with an NHS organisation. However, throughout the apprenticeship individuals will be eligible to apply for vacancies within their workplace organisation, subject to the usual recruitment processes, with support being provided to ideally secure a position by completion. The apprenticeship will provide valuable work experience and a qualification that is recognised by employers.

Ask a question

The contact for this apprenticeship is:

TECHNICAL PROFESSIONALS LIMITED

Rachel Martin

r.martin@learn-tech.com

The reference code for this apprenticeship is VAC1000313763.

Apply now

Closes in 20 days (Friday 16 May 2025)

When you apply, you’ll be asked to sign in with a GOV.UK One Login. You can create one at the same time as applying for this apprenticeship.

After signing in, you’ll apply for this apprenticeship on the company's website.