Cyber Security Higher Apprentice
NATIONAL GRID PLC
Wooler, NE71 6HD
Closes on Friday 28 February
Posted on 23 December 2024
Contents
Summary
Joining a Higher Apprentice programme at National Grid gives you the opportunity to be responsible for the successful planning and delivery of project work, with real responsibility from day one.
- Annual wage
-
£29,000 a year
Minimum wage rates (opens in new tab)
25 days holiday Pensions and share-option scheme Flexible Benefits & Working Close mentorship and regular feedback Volunteering opportunities
- Training course
- Cyber security technologist (2021) (level 4)
- Hours
-
Monday – Friday, daytime hours (0800-1600, 0900-1700).
37 hours a week
- Possible start date
-
Monday 1 September
- Duration
-
2 years
- Positions available
-
1
Work
As an apprentice, you’ll work at a company and get hands-on experience. You’ll gain new skills and work alongside experienced staff.
What you’ll do at work
National Grid Interconnectors is at the heart of UK’s transition to our net zero energy future, operating a number of HVDC interconnectors that connect the UK’s energy system to some of our closest neighbours, allowing energy to be imported to and exported from the UK. As well as already owning a portfolio of HVDC Interconnectors, we’re working on developing new projects to ensure that we can meet the UK’s future demands for greener energy solutions.
Our Operations Cyber Security team are responsible for ensuring the safe and efficient operational running of the HVDC Interconnectors 24 hours, 365 days per year. They have a critical role in ensuring the highest level of operational performance.
While on the Apprenticeship Programme, you will:
- Apply cyber security system controls to protect systems, information, data & individuals from cyber attacks
- Help prevent data breaches by creating, implementing and monitoring security systems and features
- Maintain the security posture of systems to protect assets and comply with regulations
- Act as a point of contact and specialist support to key operational teams
- Performing regular tasks to ensure the operability and security of key systems – access management, backups, testing etc.
- Performing technical security assessments, design reviews and compliance audits
- Defining, implementing and enforcing security policies and best practices
- Assisting in ensuring systems are secure by design and effectively tested, deployed & maintained
- Maintain an understanding of the threat landscape and adapt security response accordingly
- Support incident management processes to ensure response is optimal
Where you’ll work
Wooler Compressor Station
Milfield
Wooler
NE71 6HD
Training
An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying.
College or training organisation
APPRENTIFY LIMITED
Your training course
Cyber security technologist (2021) (level 4)
Equal to higher national certificate (HNC)
Course contents
- Discover vulnerabilities in a system by using a mix of research and practical exploration
- Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
- Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
- Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
- Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
- Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
- Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
- Configure, deploy and use computer, digital network and cyber security technology.
- Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
- Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
- Identify cyber security threats relevant to a defined context
- Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
- Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
- Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
- Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case
- Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
- Use tools, techniques and processes to actively prevent breaches to digital system security.
- Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
- Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
- Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
- Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
- Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation..
- Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
- Assess security culture using a recognised approach.
- Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
- Develop plans for incident response for approval within defined governance arrangements for incident response.
- Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach
- Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
- Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
- Manage local response to non-major incidents in accordance with a defined procedure.
- Discover vulnerabilities in a system by using a mix of research and practical exploration
- Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards
- Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source)
- Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
- Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
- Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification
- Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
- Configure, deploy and use computer, digital network and cyber security technology.
- Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
- Write program code or scripts to meet a given design requirement in accordance with employers' coding standards
- Identify cyber security threats relevant to a defined context
- Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
Your training plan
Training schedule has yet to be agreed. An apprenticeship includes regular training with a college or other training organisation. At least 20% of your working hours will be spent training or studying. Details will be made available at a later date.
Requirements
Essential qualifications
GCSE or equivalent in:
- 5 GCSES (or equivalent) incl. Maths and English (grade 4 and above)
A Level in:
- 2 A-Levels incl either Maths, Computing or Science (grade A* - C)
BTEC in:
- Engineering (Any), Computing or Business (grade Merit or Distinction)
Let the company know about other relevant qualifications and industry experience you have. They can adjust the apprenticeship to reflect what you already know.
Skills
- Communication skills
- Attention to detail
- Organisation skills
- Problem solving skills
- Presentation skills
- Number skills
- Analytical skills
- Logical
- Patience
- Adaptable
- Safety
- Reliable
- Responsible
About this company
National Grid is at the heart of the energy future, and our people are at the heart of National Grid. We’re 30,000 colleagues strong. In the UK, National Grid don’t generate or sell energy – we join the dots to get energy from A to B. From making a cup of tea in the morning, to keeping the lights on in hospitals, our electricity network puts power in the hands of people. Without it, the world as we know it would grind to a halt. The world of energy is changing beyond recognition as we focus on building a cleaner, greener future. Working at National Grid, you won’t just be touching the lives of almost everyone in the UK – you’ll be shaping the way we use and consume energy for generations to come.
After this apprenticeship
Upon successful completion of the programme, you will join National Grid as a Project Manager.
Ask a question
The contact for this apprenticeship is:
APPRENTIFY LIMITED
box.ukapprentices@nationalgrid.com
The reference code for this apprenticeship is VAC1000293443.
Apply now
Closes on Friday 28 February
When you apply, you’ll be asked to sign in with a GOV.UK One Login. You can create one at the same time as applying for this apprenticeship.
After signing in, you’ll apply for this apprenticeship on the company's website.