Cyber Security Engineer

Job Summary

The Christie NHS Foundation Trust, a world-renowned cancer centre, are seeking an experienced and skilled Cyber Security Analyst (Band
6) to work with us.

As a Cyber Security Analyst at The Christie, your main duties will encompass a range of responsibilities crucial to protecting our digital infrastructure and data. You will play a key role in administering and optimising our cyber security toolset, which includes antivirus solutions, vulnerability scanners, and threat protection services. Your proactive approach will ensure that all cyber security tools are configured according to best practices and compliant with NHS guidelines.

• Administer and optimise the use of the Trust's cybersecurity toolset, which includes antivirus software, vulnerability scanners, SIEM systems, threat protection services, and patch management solutions.
• Ensure that all cybersecurity tools are configured according to best practices and compliant with NHS guidelines and standards.
• Conduct continuous monitoring of the Trust’s IT systems to detect, analyse, and respond to cybersecurity incidents and breaches.
• Manage the incident response process, including documentation and reporting, to mitigate risks and minimise the impact of security breaches.
• Assess and manage cybersecurity risks associated with IT systems and operations.
• Manage, maintain, and update firewall rules in line with security best practice and ITIL change management.
• Ensure compliance with relevant legal and regulatory requirements, including GDPR and NHS-specific security mandates.
• Maintain the Trust's risk register, updating and evaluating the effectiveness of security measures regularly.
• Prepare comprehensive reports on the state of the Trust’s cybersecurity, detailing vulnerabilities, incidents, and overall security posture for review by senior management.
• Document security breaches and the measures taken to resolve them in a timely and detailed manner.
• Communicate effectively with internal and external stakeholders to raise awareness about cybersecurity issues and strategies.
• Provide regular updates to senior management and non‑technical staff on critical security matters and preventive measures.
• Collaborate with Digital Services teams to design and implement system enhancements that bolster the Trust’s cybersecurity defences.
• Participate in the planning and execution of security projects, ensuring alignment with strategic goals and IT infrastructure developments.
• Work with audit teams to address any findings and implement recommended changes to security practices and controls.
• Stay abreast of the latest cybersecurity trends, tools, and practices through continuous professional development.
• Facilitate and participate in cybersecurity training sessions for other IT staff and end‑users within the Trust to promote security awareness and best practices.
• Ensure that all backup systems are secure, and that data integrity is maintained during backup and recovery processes.
• Maintain flexibility to respond to urgent cybersecurity issues outside of normal working hours as required.

Qualifications (Essential)

• University Degree in a related subject or demonstrable equivalent experience in Cyber Security.
• Working toward IT certifications in security (ISC, ISACA, CompTIA, etc.).

Qualifications (Desirable)

• Current or prior IT Infrastructure certificates.
• ITIL – IT Service Management.

Experience (Essential)

• Experience of enterprise scale infrastructure and how all the components work together.
• Experience of dealing with malware, working with antivirus tools, Microsoft Defender for Endpoint, Windows patching.
• Experience of firewall configurations, rules, and network topologies.
• Experience with security tools (e.g. Nessus, Pentera, LogPoint, and penetration testing).
• Patch and vulnerability remediation experience.
• Anti‑Virus tools experience.

Experience (Desirable)

• Previous IT infrastructure experience.
• Previous NHS experience.
• Experience with Palo Alto firewalls.

Skills & Abilities (Essential)

• Able to troubleshoot complex IT issues involving multiple teams and technologies.
• Ability to ensure the security systems and tools we use are up‑to‑date and…