L4 Cyber Security Apprentice – RAC – Bristol, BS32 4QN – £22k-£23k – Find an apprenticeship

Summary

The Security Operations Apprentice role within the RAC Security Operations team carries out operational monitoring, detection and response activities. Operations spans multiple domains including cyber threat intelligence, threat hunting, detection, incident response, vulnerability management and access control management.

Annual wage

£22,000 a year

Minimum wage rates (opens in new tab)

£22,000-£23,000

Training course

Cyber security technologist (2021) (level 4)

Hours

Monday - Friday 9.00am - 5.00pm

35 hours a week

Possible start date

Monday 21 October

Duration

2 Years

Positions available

1

Work

As an apprentice, you’ll work at a company and get hands-on experience. You’ll gain new skills and work alongside experienced staff.

What you’ll do at work

Reports to: Security Architect & Engineering Manager.

Relationships: IT & Digital Technical Teams, Managed Service Providers / Suppliers, InfoSec Team.

Key Responsibilities:

Apply procedures and controls to maintain security and control of an organisation
Process cyber security helpdesk requests ensuring confidentiality, integrity and availability of digital information, meeting relevant legal and regulatory requirements for example access control requests
Monitor, identify, report and escalate information security incidents and events in accordance with relevant procedures and standards
Contribute to documenting the scope and evaluating the results of vulnerability assessments in accordance with management requirements
Maintain an asset register of controlled environments in accordance with relevant policies, procedures and standards
Monitor and detect potential security threats and escalate in accordance with relevant procedures and standards
Practice continuous self-learning to keep up to date with industry trends and developments to enhance relevant skills and take responsibility for own professional development
Conduct regular review of access rights to digital information assets in accordance with relevant procedures and standards
Produce regular KPIs and Metrics

Need to know:

The role holder will work predominantly within a cybersecurity operational capacity with a focus on monitoring, detection and response.

They will be capable of acting outside the scope of playbooks in an out-of-the-box and on occasion “living off the land” scenario.

What you’ll need:

A drive to progress, with a hunger to learn new things and pick up increasing responsibilities
Working understanding of Cyber security policies and standards based on an Information Security Management System (ISMS)
Cyber security awareness and components of an effective security culture, different organisational structures and cultures, the importance of maintaining privacy and confidentiality of an organisation's information and the impact of a poor security culture
Working understanding of Core terminology of cyber security - confidentiality, integrity, availability (the CIA triad), assurance, authenticity, identification, authentication, authorisation, accountability, reliability, non-repudiation, access control
Working understanding of effective offensive tactics, techniques and procedures - particularly within a blue team context
Working understanding of threat hunting methodologies and techniques
Working understanding of how detections work in various mediums, and how to develop them
A general knowledge of vulnerability management and / or access management concepts would be beneficial
General coding / scripting knowledge would be greatly beneficial

Competencies / Behaviours:

Achievement Drive
Building Relationships
Continuous Improvement
Interpersonal and Influencing Skills
Judgement and Decision-Making
Leading Change
Specialist Knowledge - Job Specific, technical network and security

Where you’ll work

RAC, Great Park Road

Bradley Stoke

Bristol

BS32 4QN

Training

An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying.

College or training organisation

TECHNICAL PROFESSIONALS LIMITED

Your training course

Cyber security technologist (2021) (level 4)

Equal to higher national certificate (HNC)

Course contents

Discover vulnerabilities in a system by using a mix of research and practical exploration

Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards

Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)

Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.

Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.

Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification

Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.

Configure, deploy and use computer, digital network and cyber security technology.

Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.

Write program code or scripts to meet a given design requirement in accordance with employers' coding standards

Identify cyber security threats relevant to a defined context

Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.

Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.

Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case

Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.

Use tools, techniques and processes to actively prevent breaches to digital system security.

Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.

Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.

Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.

Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.

Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..

Develop plans for local business continuity for approval within defined governance arrangements for business continuity.

Assess security culture using a recognised approach.

Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.

Develop plans for incident response for approval within defined governance arrangements for incident response.

Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach

Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.

Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.

Manage local response to non-major incidents in accordance with a defined procedure.