2025 Cloud Assurance & Cyber Security Apprentice

THALES UK LIMITED

Crawley, RH10 9HA

Closes on Sunday 16 February

Posted on 28 October 2024

Print

Contents

Summary

As an apprentice, you will gain hands-on experience and practical knowledge in cyber security, particularly focused on security operations and safeguarding public cloud platforms. This role offers a unique opportunity to contribute to the security and integrity of critical systems while gaining exposure to government-level security operations.

Annual wage
£22,500 a year

Minimum wage rates (opens in new tab)

• Pension – Thales match, plus 1%, with a maximum contribution of 7% • Health Insurance – 50% of salary for five years • Performance related pay uplifts

Training course
Cyber security technologist (2021) (level 4)
Hours
Monday – Friday, 37 hours a week (8 hours Monday – Thursday, 5 hours Friday)

37 hours a week

Possible start date

Monday 1 September

Duration

2 years

Positions available

1

Work

As an apprentice, you’ll work at a company and get hands-on experience. You’ll gain new skills and work alongside experienced staff.

What you’ll do at work

  • Cloud Security Monitoring: Assist in monitoring and maintaining the security of the Thales adopted public cloud infrastructure (e.g., AWS, Azure, Google Cloud) in compliance with government security guidelines
  • Incident Response: Support the reporting, investigation and analysis of security incidents and potential breaches within classified environments, helping to resolve issues swiftly
  • Security Auditing: Help perform regular audits of cloud-based systems to ensure compliance with security protocols and government regulations
  • Risk and Vulnerability Assessments: Participate in identifying vulnerabilities within cloud services, maintaining Risk reporting mechanisms and proposing mitigations to improve security posture
  • Compliance & Governance: Assist in ensuring that the Thales cloud environments comply with government policies, such as GDPR, NCSC guidelines, and other relevant frameworks
  • Collaboration with Development Teams: Work alongside cloud architects, developers, and engineers to ensure security is integrated into all stages of development, from design to deployment
  • Training & Development: Engage in continuous learning and development, including completing certifications relevant to cloud security and government standards

Where you’ll work

Manor Royal

Crawley

RH10 9HA

Training

An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying.

College or training organisation

TECHNICAL PROFESSIONALS LIMITED

Your training course

Cyber security technologist (2021) (level 4)

Equal to higher national certificate (HNC)

Course contents
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
  • Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
  • Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case
  • Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
  • Use tools, techniques and processes to actively prevent breaches to digital system security.
  • Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
  • Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
  • Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
  • Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..
  • Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
  • Develop plans for incident response for approval within defined governance arrangements for incident response.
  • Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach
  • Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
  • Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
  • Manage local response to non-major incidents in accordance with a defined procedure.
  • Discover vulnerabilities in a system by using a mix of research and practical exploration
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
  • Identify cyber security threats relevant to a defined context
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Your training plan

This is a 24-month programme aligned to the Level 4 Cyber Security Engineer Apprenticeship standard. Delivered in partnership with a digital specialist provider, this programme will be delivered via a blended model - including live virtual sessions, 1-2-1 coaching calls and online learning. The programme will conclude with an End Point Assessment, followed by roll-off into your permanent role within the Thales UK business.

Requirements

Essential qualifications

GCSE in:

  • 5 GCSES incl Maths and English (grade 9-4 (A-C))
  • Any (grade A-C)

Let the company know about other relevant qualifications and industry experience you have. They can adjust the apprenticeship to reflect what you already know.

Skills

  • Communication skills
  • IT skills
  • Attention to detail
  • Organisation skills
  • Problem solving skills
  • Number skills
  • Analytical skills
  • Logical
  • Team working

About this company

Together, we create the ingenious technological systems and innovations that impact and improve people's lives every single day. Even if you haven't heard the name Thales before, you've definitely benefited from our inventiveness. We reinvest 20% of our sales in Research & Development in the UK. Together we supply invention across 4 core areas: Aerospace, Space, Defence and Security, Digital Identity and Security.

https://www.thalesgroup.com/en (opens in new tab)

Company benefits

201 hours annual leave (plus bank holidays) One additional company day at Christmas Healthcare Cash Plan 24/7 Employee Assistance Programme 80 hours (10 days) volunteering in your first 2 years depending on length of programme Discount Portal

Disability Confident

Disability Confident

A fair proportion of interviews for this apprenticeship will be offered to applicants with a disability or long-term health condition. This includes non-visible disabilities and conditions.

You can choose to be considered for an interview under the Disability Confident scheme. You’ll need to meet the essential requirements to be considered for an interview.

After this apprenticeship

After successful completion of the apprenticeship, you will move into a permanent role within the business.

Ask a question

The contact for this apprenticeship is:

THALES UK LIMITED

Early Careers Team

Suppearlycar@uk.thalesgroup.com

The reference code for this apprenticeship is VAC1000284272.

Apply now

Closes on Sunday 16 February

When you apply, you’ll be asked to sign in with a GOV.UK One Login. You can create one at the same time as applying for this apprenticeship.

After signing in, you’ll apply for this apprenticeship on the company's website.

Company’s application instructions

Online application Online assessment and video interview Virtual assessment centre Offer, if successful