Senior Cyber Security Engineer

Job description

Job responsibilities

The Senior Cyber Security Engineer at Public Health Wales is primarily responsible for protecting the organisations digital infrastructure, systems and sensitive data by implementing and enhancing cyber security measures across all IT systems.

This includes designing and documenting secure cyber infrastructure, including network architectures and communication systems, as well as ensuring that all cybersecurity controls align with national standards and best practices.

The role involves proactively identifying and mitigating cyber risks, managing the organisations readiness for cyber threats, and leading responses to security incidents. The postholder will also oversee cyber audits, penetration testing, and incident investigations, often requiring collaboration with staff at all levels.

Monitoring and analysing security events using tools like SIEM is a key duty, ensuring swift detection and response to threats. Additionally, the role includes mentoring cyber security team members, promoting professional development, and fostering a culture of continuous learning.

Strong communication and organisational skills are essential, as the engineer must translate complex technical issues into clear information and deliver robust security policies and infrastructure under pressure.

Qualifications and Knowledge

Essential

• Educated to degree level (preferably in Cyber Security) or equivalent level of work experience and knowledge.
• Evidence of continual professional development.
• Awareness of national and international cyber security regulations, standards and frameworks (e.g. NIS Regulations, ISO 27001, NIST).

Desirable

• Holds a relevant professional cyber security certification (e.g. CISSP, CISM).
• Membership of a professional body (e.g. BCS).
• Knowledge of IT systems within a healthcare environment.
• CCNP Security or equivalent experience.
• Understanding of aligning cyber security with organisational strategy.

Experience

Essential

• Relevant experience in a senior cyber security role, preferably within a healthcare environment.
• Extensive experience working on IT security-related issues.
• Management or supervisory experience.
• Experience in managing and motivating technical teams
• Ability to understand vulnerability scans and penetration tests and develop remediation plans.
• Experience developing and implementing cyber security policies, processes, and procedures.
• Experience managing phishing simulation & training and awareness campaigns.
• Experience with vulnerability scanning, incident response, and third-party risk management.
• Experience in monitoring and configuring warning and security systems.

Desirable

• Cloud Security experience (e.g. Azure, AWS, GCP).
• Experience with firewalls, intrusion detection/prevention systems, and network design.
• Experience with Microsoft Windows Server and IP networking.
• Experience of working within ITIL-based change management processes.
• Ability to evaluate and select from a range of security tools and controls.

Skills and Attributes

Essential

• Excellent problem-solving and analytical skills.
• Excellent verbal and written communication skills.
• Ability to communicate clearly with non-technical staff and end users.
• Pragmatic approach to balancing security and usability.
• Ability to work independently and organise own and team workload.
• Strong planning, prioritisation, and organisational skills.
• Ability to handle sensitive information appropriately.
• Ability to make judgements involving highly complex information.
• Ability to manage IT and cyber security projects and technical implementations.

Desirable

Welsh Language Skills

Other

Ability to travel between sites in a timely manner to meet the needs of the service.

Ability to travel and work away from base.

Able to periodically work out of hours or at weekends when required.

Able to participate in on-call rota.

Person Specification

Qualifications and Knowledge

• oEducated to degree level (preferably in Cyber Security) or equivalent level of work experience and knowledge.
• oEvidence of continual professional development.
• oAwareness of national and international cyber security regulations, standards and frameworks (e.g. NIS Regulations, ISO 27001, NIST).

• oHolds a relevant professional cyber security certification (e.g. CISSP, CISM)
• oMembership of a professional body (e.g. BCS).
• oKnowledge of IT systems within a healthcare environment
• . oCCNP Security or equivalent experience.
• .oUnderstanding of aligning cyber security with organisational strategy.

Experience

• oRelevant experience in a senior cyber security role, preferably within a healthcare environment.
• oExtensive experience working on IT security-related issues.
• oManagement or supervisory experience.
• oExperience in managing and motivating technical teams
• oAbility to understand vulnerability scans and penetration tests and develop remediation plans.
• oExperience developing and implementing cyber security policies, processes, and procedures.
• oExperience managing phishing simulation & training and awareness campaigns.
• oExperience with vulnerability scanning, incident response, and third-party risk management.
• oExperience in monitoring and configuring warning and security systems.

• oCloud Security experience (e.g Azure, AWS, GCP)
• oExperience with firewalls, intrusion detection/prevention systems, and network design.
• oExperience with Microsoft Windows Server and IP networking.
• oExperience of working within ITIL-based change management processes.
• oAbility to evaluate and select from a range of security tools and controls.

Skills and Attributes

• oExcellent problem-solving and analytical skills
• oExcellent verbal and written communication skills.
• . oAbility to communicate clearly with non-technical staff and end users.
• oPragmatic approach to balancing security and usability.
• oAbility to work independently and organise own and team workload.
• oStrong planning, prioritisation, and organisational skills.
• oAbility to handle sensitive information appropriately.
• oAbility to make judgements involving highly complex information.
• oAbility to manage IT and cyber security projects and technical implementations.

• oWelsh Language Skills

Other

• oAbility to travel between sites in a timely manner to meet the needs of the service
• oAbility to travel and work away from base.
• oAble to periodically work out of hours or at weekends when required.
• oAble to participate in on-call rota.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website.

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants.

Employer details

Employer name

Public Health Wales

Address

Capital Quarter 2

Tyndall Street

Cardiff

CF10 4BZ

Employer's website

https://phw.nhs.wales/