Cyber Security Technologist

Cyber Security Technologist Role Profile

The primary role of a Cyber Security Technologist is to apply an understanding of cyber threats, hazards, risks, controls, measures and mitigation to protect organisations systems and people. Those focused on the technical side work on areas such as security design & architecture, security testing, investigations & response. Those focused on the risk analysis side focus on areas such as operations, risk, governance & compliance. Whether focused on the technical or risk analysis side, all people in this occupation work to achieve required security outcomes in a legal and regulatory context in all parts of the economy. They develop and apply practical knowledge of information security to deliver solutions that fulfill an organisation’s requirements.


Typical job roles:

Cyber Operations Manager, Security Architect, Penetration Tester, Security Analyst, Risk Analyst, Intelligence Researcher, Security Sales Engineer, Cyber Security Specialist, Information Security Analyst, Governance & Compliance Analyst, Information Security Assurance & Threat Analyst, Forensics & Incident Response Analyst, Security Engineer, Information Security Auditor, Security Administrator, Information Security Officer.


Entry Requirements:

Individual employers will set the selection criteria, but this is likely to include A’ Levels, a relevant Level 3 apprenticeship, or other relevant qualifications, relevant experience and/or an aptitude test with a focus on functional maths.


IT Apprenticeship Level

This is a Level 4 Apprenticeship, to find out more check out our Qualifications Levels.


Technical Competencies
Threats, hazards, risks and intelligence

  • Discover (through a mix of research and also practical exploration) vulnerabilities in a system
  • Analyse and evaluate security threats and also hazards to a system or service or processes.
  • Be aware of and demonstrate the use of relevant external sources of threat intelligence or advice (e.g. CERT UK).
  • Also, Combine different sources to create an enriched view.
  • Research and investigate some common attack techniques and recommend how to defend against them. Be aware of and also demonstrate the use of relevant external sources of vulnerabilities (e.g. OWASP)
  • Undertake a security risk assessment for a simple system without direct supervision and also propose basic remediation advice in the context of the employer.
  • Also, Develop a simple security case without supervision. (A security case should describe the security objectives, threats, and also for every identified attack technique identify mitigation or security controls that could include technical, implementation, policy or process)
  • Developing and also using a security case
  • Also, Source and analyse a security case (e.g. a Common Criteria Protection Profile for a security component) and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.


Organisational Context
  • Identify and follow organisational policies and also standards for information and cybersecurity.
  • Operate according to service level agreements or employer defined performance targets


Future Trends
  • Investigate different views of the future (using more than one external source) and trends in a relevant technology area and describe what this might mean for your business, with supporting reasoning.


Technical Knowledge and Understanding
Understands the basics of cyber security including:

  • Why cyber security matters – the importance of business and society
  • Basic theory – concepts such as security, identity, confidentiality, integrity, availability, threat, vulnerability, risk and hazard. Also how these relate to each other and lead to risk and harm
  • Also, Security assurance – concepts (can explain what assurance is for in security and ‘trustworthy’ versus ‘trusted’) and how assurance may be achieved in practice (can explain what penetration testing is and how it contributes to assurance; and extrinsic assurance methods)
  • How to build a security case – deriving security objectives with reasoned justification in a representative business scenario
  • Also, Cyber security concepts applied to ICT infrastructure – can describe the fundamental building blocks and typical architectures and identify some common vulnerabilities in networks and systems.
  • Attack techniques and sources of threat – can describe the main types of common attack techniques; also the role of human behaviour. Explain how attack techniques combine with motive and opportunity to become a threat.
  • Cyber defense – describe ways to defend against attack techniques
  • Also, Relevant laws and ethics – describe security standards, regulations and their consequences across at least two sectors; the role of criminal and other law; key relevant features of UK and international law
  • The existing threat landscape – can describe and know how to apply relevant techniques for horizon scanning including use of recognised sources of threat intelligence
  • Also, Threat trends – can describe the significance of identified trends in cybersecurity and understand the value and risk of this analysis
In addition to the core, all Apprentices will do ONE of the following specialisms:
Option 1: Technologist
Design-build & test a network (“Build a network”)

  •  Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, that includes servers, hubs, switches, routers and user devices to a given design requirement without supervision. Futhermore, provide evidence that the system meets the design requirement.


Technical Knowledge and Understanding

Understands the basics of networks: data, protocols and how they relate to each other; the main routing protocols; the main factors affecting network performance including typical failure modes in protocols and approaches to error control.

Analysing a security case (“Make the security case”)

  • Analyse security requirements (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.), given for a given system or product. Additionally, identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.


Technical Knowledge and Understanding

Understands, at a deeper level than from Knowledge Module 1, how to build a security case: describe what good practice in design is; describe common security architectures; be aware of reputable security architectures that incorporate hardware and software components, and sources of architecture patterns and guidance. Understand how to build a security case including context, threats, justifying the selected mitigations and security controls with reasoning and recognising the dynamic and adaptable nature of threats.

Structured and reasoned implementation of security in a network (“Build a secure network”)

  • Design and build a simple system in accordance with a simple security case. Provide evidence that the system has properly implemented the security controls required by the security case. The system could be either at the enterprise, network or application layer.
  • Also, Select and configure relevant types of common security hardware and software components to implement a given security policy.
  • Design a system employing a crypto to meet defined security objectives. Develop and implement a key management plan for the given scenario/system.


Technical Knowledge and Understanding

Understands how cyber security technology components are typically deployed in networks and systems to provide security functionality including hardware and software.

Understands the basics of cryptography – can describe the main techniques, the significance of key management, appreciate the legal issues


Option 2: Risk Analyst
Cyber security risk assessment

  • Conduct a cyber-risk assessment of an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Identify threats relevant to a specific organisation and/or sector.


Technical Knowledge and Understanding

Understands relevant types of risk assessment methodologies and approaches to risk treatment; can identify the vulnerabilities in organisations and security management systems; understand the threat intelligence lifecycle; describe different approaches to risk treatment. Also, understand the role of the risk owner and contrast that role with other stakeholders.

Information security policy and process

  • Develop an information security policy or process to address an identified risk.
  • Develop an information security policy within a defined scope to take account of a minimum of 1 law or regulation relevant to cyber security.


Technical Knowledge and Understanding

Understands, at a deeper level than from Knowledge Module 1, the legal, standards, regulations and ethical standards relevant to cyber security: governance, organisational structure, roles, policies, standard, guidelines and how these all work together to deliver identified security outcomes. Also awareness of the legal framework, key concepts applying to ISO27001 (a specification for information security management), and awareness of legal and regulatory obligations for breach notification.

Audit and assurance

  • Take an active part in a security audit against a recognised cyber security standard, undertake a gap analysis and make recommendations for remediation

Incident response and business continuity

  • Develop an incident response plan for approval (within an organisations governance arrangements for incident response).
  • Develop a business continuity plan for approval (within an organisations governance arrangements for business continuity).

Cyber security culture in an organisation

  • Assess security culture using a recognised approach.
  • Also, Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.


Underpinning Skills, Attitudes & Behaviours
  • Logical and creative thinking skills
  • Analytical and problem-solving skills
  • Ability to work independently and to take responsibility
  • Also, Can use own initiative
  • A thorough and organised approach
  • Ability to work with a range of internal and external people
  • Also, Ability to communicate effectively in a variety of situations
  • Maintain productive, professional and secure working environment


The Knowledge Modules are summarised below and further details are available in the occupational brief available from the Tech Partnership at
Core (all the apprentices take this Knowledge Module)
Knowledge Module 1: Cyber Security Introduction
Option 1 (Technologist): in addition to the core
2. Knowledge Module: Network and Digital Communications Theory
3. Knowledge Module: Security Case Development and Design Good Practice
4. Knowledge Module: Security Technology Building Blocks
5. Knowledge Module: Employment of Cryptography
Option 2 (Risk Analyst): in addition to the core
Knowledge Module 6: Risk Assessment
Knowledge Module 7: Governance, Organisation, Law, Regulation & Standards Professional Recognition This apprenticeship is recognised for entry on to the Register of IT Technicians and those completing their apprenticeships are eligible to apply for registration