Information Security Apprentice

Recruiter
Pinsent Masons
Location
1, Park Row, Leeds, LS1 5AB
Salary
£16,500.00 annually
Posted
15 Apr 2019
Closes
09 Sep 2019
Ref
VAC001524171
Specialism
IT
Sector
Unspecified
Role Type
Apprenticeship, Higher
Start Date
September
Duration
Permanent
Vacancy description

The Information Security Apprentice will support the organisation and its security functions by applying an understanding of cyber threats, hazards, risks, controls, measures and mitigations to protect the organisation's systems and people.

The apprentice will be involved with contributing to Security Projects, Applying Security Frameworks and Controls.

Whether focused on technical or risk analysis, all employees in this occupation work to achieve required security outcomes in a legal and regulatory context in all parts of the economy.

They develop and apply practical knowledge of information security to deliver solutions that fulfil an organisation's requirements.

Your duties and responsibilities in this role will consist of:
  • Threats, hazards, risks and intelligence
  • The ability to discover (through a mix of research and practical exploration) vulnerabilities in a system
  • The ability to analyse and evaluate security threats and hazards to the business, systems or service including processes. Be aware of and demonstrate use of relevant external sources of threat intelligence or advice (e.g. CERT UK). Combine different sources to create an enriched view
  • Research and be aware of common attack techniques and recommend how to defend against them by deploying both technical and process-led mitigating actors. Be aware of and demonstrate use ofrelevant external sources of vulnerabilities (e.g. OWASP)
  • The ability to undertake or support security risk assessments for a system or a set of processes without direct supervision and propose basic remediation advice in the context of the business.

Organisational context
  • The ability to identify and follow organisational policies and standards for information and cyber security
  • Operate according to service level agreements or defined performance targets including incorporating future trends
  • The ability to investigate different views of the future and trends in a relevant technology area or industry best practice and describe what this might mean for our business, with supporting reasoning

Understanding the basics of cyber security including:
  • Why cyber security matters - the importance to business and society
  • Basic theory - concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard and how these relate to each other and lead to risk and harm
  • Security assurance - concepts, the ability to explain what assurance is in security, and 'trustworthy' versus 'trusted' and how assurance may be achieved in practice. The ability to explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods
  • How to build a security requirements case - deriving security objectives with reasoned justification in a representative business scenario or deliverable project
  • Cyber security concepts applied to ICT infrastructure - You should have the ability to describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems
  • Attack techniques and sources of threat - the ability to describe the main types of common attack technique and the role of human behaviour. Explain how attack techniques combine with motive and opportunity to become a threat
  • Cyber defence - describe ways to defend against attack techniques
  • Relevant laws and ethics - describe security standards and applicable legislation globally
  • Threat trends - can describe the significance of identified trendsin cyber security and understand the value and risk of this analyses

Technical Security Competencies

Design build & test a network
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, that includes servers, hubs, switches, routers and user devices to a given design requirement without supervision

Structured and reasoned implementation of security in a network
  • Design and build a simple system in accordance with a simple security case. Provide evidence that the system has properly implemented the security controls required by the security case. The system could be either at the enterprise, network or application layer
  • Select and configure relevant types of common security hardware and software components to implement a given security policy
  • Design a system employing crypto to meet defined security objectives. Develop and implement a key management plan for the given scenario/system
  • Understand the basics of networks: data, protocols and how they relate to each other; the main routing protocols; the main factors affecting network performance including typical failure modes in protocols and approaches to error control
  • The ability to describe what good practice in design is; describe common security architectures; be aware of reputable security architectures that incorporates hardware and software components, and sources of architecture patterns and guidance. Understand how to build a security case including context, threats, justifying the selected mitigations and security controls with reasoning and recognising the dynamic and adaptable nature of threats
  • Understand how cyber security technology components are typically deployed in networks and systems to provide security functionality including hardware and software
  • Understand the basics of cryptography - can describe the main techniques, the significance of key management, appreciate the legal issues


Requirements and prospects

Desired skills

  • A passion for all aspects of security, both technical and non-technical
  • A willingness to commit to the further study required to keep pace with the application of the latest threat concepts and techniques in this ever evolving landscape
  • Keen sense of responsibility, with the moral standing to set a professional example
  • Strong communicator with ability to escalate and delegate effectively
  • Ability to constructively challenge, facilitate and probe to fully understand the business needs
  • Excellent interpersonal skills and the ability to communicate clearly at all levels through reports, presentations and forming effective relationships
  • Flexible approach to incorporate changing priorities
  • Cooperative, service orientated, individual and team worker
  • Ability to work as part of a team but also independently and on own initiative
  • Articulate and capable of producing high quality written output


Personal qualities

  • Ability to absorb information and concepts quickly
  • Conscientious with an accurate and methodical approach to work
  • Flexible approach to tasks that may change daily
  • Analytical ability
  • Proactive in suggesting new ideas and identifying areas for improvement or enhancement
  • Demonstrates determination and a 'can-do' approach


Desired qualifications

Required:
  • Educated to A-level/BTec standard with at least 2 grades C or above; or relevant Level 3 Apprenticeship; plus English and Maths at GCSE grades 4 - 9 / C - A* (or equivalent)

Desirable:
  • STEM subjects preferred at A-level, especially ICT / Computer Science
  • Relevant industry-specific qualifications


Future prospects

  • Experience working in a fast-moving Information Security team including appreciation of IS Engagement, Supply Chain Information, Governance and Technical Security (implementation of threat hunting, vulnerability scanning, incident response and digital forensics)
  • There may be opportunities for further qualifications and/or careers opportunities at Pinsent Masons for individuals successfully completing the apprenticeship

Similar jobs

More searches like this

Similar jobs