Information security analyst apprentice
Information Security Analyst protects the council’s digital infrastructure, data and operations. Reporting to the Information Security Technical Lead, the role supports security controls across the ICT environment, helping maintain cyber resilience, DLP measures and regulatory compliance.
Role
Principal Duties:
- Proactively monitor network and system activity to detect potential security threats, using tools such as SIEM and endpoint protection platforms
- Assist in the investigation and resolution of low-level security incidents, escalating more complex issues to senior staff
- Maintain detailed logs and records of security events, incidents, and remediation efforts to support audit and compliance requirements
- Use Microsoft security services (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, etc.) and other monitoring tools to identify and respond to potential data loss or unauthorized data sharing
Incident Triage & Response:
- Perform timely triage of security alerts to determine impact and urgency, investigating incidents using available tools and data
- Lead initial incident response actions (containment, remediation, communication) for confirmed security incidents, following established escalation procedures
- Ensuring that all incidents are promptly escalated to senior leadership or external partners, as appropriate
Threat Analysis & Intelligence Integration:
- Analyse malicious activities to determine root cause and attack vectors by mapping observed attacker actions to the MITRE ATT&CK framework
- Monitor threat intelligence feeds for information on new vulnerabilities, malware campaigns, or attack techniques that could impact the Council
- Evaluate this intelligence and adjust monitoring priorities or techniques accordingly
Detection Improvement:
-
In collaboration with the Information Security Technical Lead, contribute to the development and refinement of detection content. Provide feedback on Sentinel analytic rules and Microsoft security services alert tuning based on what is observed
Proactive Threat Hunting:
- conduct proactive threat hunting across the council’s systems utilising the available toolset. This involves hypothesis-driven exploration of data to find hidden threats that haven’t triggered alerts. Throughout ensuring that hunting activities are documented, and any discoveries are handled as in accordance with incident response procedures
Security Tools & Infrastructure:
- Support the deployment, configuration, and maintenance of core security tools including antivirus software, firewalls, SIEM systems, Microsoft security services and endpoint protection
- Ensure DLP policies are effectively integrated into security infrastructure, including email filtering and endpoint protection systems, to prevent leakage of sensitive council data
Vulnerability & Patch Management:
- Assist in conducting regular vulnerability scans and support the patching of systems to mitigate identified risks
- Collaborate with ICT teams to identify and remediate DLP-related vulnerabilities, such as misconfigured access controls or insecure data flows
Security Awareness & Training:
- Contribute to the delivery of security awareness initiatives and training sessions for council staff
- Promote best practices in data handling and educate users on how DLP policies protect council information and support compliance
Metrics and Trend Reporting:
- Contribute to regular operational reports for Information Security management
- These reports may include metrics such as number of alerts processed, number of incidents handled, time to respond, trends in types of attacks observed and current vulnerabilities across the estate
- Demonstrating the SOC’s activity levels and highlight areas of concern
Training
- Velocity apprenticeship training programmes are delivered virtually by our fully qualified and industry experienced training team
- Using their expert knowledge, they will provide the skills necessary to succeed in the workplace and to expand future career prospects
- Throughout the apprenticeship, learners receive coaching, help and guidance from a dedicated team who are there to ensure they get the most from their programme
- The role offers long term security and the opportunity to progress into a permanent position
- Apprenticeship Standard
- Cyber security technologist (2021) (level 4)
- Training Provider
- VELOCITY 1st LIMITED
- Working Week
- A work-life-balance scheme is in operation. Shifts to be confirmed.
- Expected Duration
- 1 Year 7 Months
- Positions Available
- 3
- Closing Date
- Monday, 8th June 2026
- Start Date
- Monday, 7th September 2026
Desired Skills
- Communication skills
- IT skills
- Attention to detail
- Organisation skills
- Customer care skills
- Problem solving skills
- Administrative skills
- Number skills
- Analytical skills
- Logical
- Team working
- Initiative
- Non judgemental
- Cyber compliance monitoring
- People & stakeholder skills
- Security governance & IT
- InfoSec threat awareness
- Security tools training
- GDPR & CE+ awareness
- DLP principles & tech
Qualifications
- English GCSE, grade A*-C/ 9-4 (Essential)
- Maths GCSE, grade A*-C/ 9-4 (Essential)
About the Employer
Rochdale Metropolitan Borough Council
Rochdale Metropolitan Borough Council is the local authority serving the borough of Rochdale in Greater Manchester. The Council delivers a wide range of public services including education, housing, social care, environmental services, public health, regeneration, and community safety.
The organisation is committed to improving outcomes for residents, supporting local communities, and driving economic growth across the borough. Rochdale Council values inclusivity, innovation, collaboration, and continuous improvement, with a strong focus on delivering high-quality and secure public services.