Cyber Security Engineer

Detailed job description and main responsibilities Main Duties and Responsibilities

• Administer and optimise the use of the Trust's cybersecurity toolset, which includes antivirus software, vulnerability scanners, SIEM systems, threat protection services, and patch management solutions.
• Ensure that all cybersecurity tools are configured according to best practices and compliant with NHS guidelines and standards.
• Conduct continuous monitoring of the Trust's IT systems to detect, analyse, and respond to cybersecurity incidents and breaches.
• Manage the incident response process, including documentation and reporting, to mitigate risks and minimise the impact of security breaches.
• Assess and manage cybersecurity risks associated with IT systems and operations.
• To manage, maintain, and update firewall rules in line with security best practice and ITIL change management.
• Ensure compliance with relevant legal and regulatory requirements, including GDPR and NHS-specific security mandates.
• Maintain the Trust's risk register, updating and evaluating the effectiveness of security measures regularly.
• Prepare comprehensive reports on the state of the Trust's cybersecurity, detailing vulnerabilities, incidents, and overall security posture for review by senior management.
• Document security breaches and the measures taken to resolve them in a timely and detailed manner.
• Communicate effectively with internal and external stakeholders to raise awareness about cybersecurity issues and strategies.
• Provide regular updates to senior management, and non-technical staff on critical security matters and preventive measures.
• Collaborate with Digital Services teams to design and implement system enhancements that bolster the Trust's cybersecurity defences.
• Participate in the planning and execution of security projects, ensuring alignment with strategic goals and IT infrastructure developments.
• Assist in internal and external audits related to IT security to ensure adherence to security policies and procedures.
• Work with audit teams to address any findings and implement recommended changes to security practices and controls.
• Stay abreast of the latest cybersecurity trends, tools, and practices through continuous professional development.
• Facilitate and participate in cybersecurity training sessions for other IT staff and end-users within the Trust to promote security awareness and best practices.
• Ensure that all backup systems are secure, and that data integrity is maintained during backup and recovery processes.
• Maintain flexibility to respond to urgent cybersecurity issues outside of normal working hours as required.

• University Degree in a related subject or demonstrable equivalent experience in Cyber Security.
• Working toward IT certifications in security. ISC, ISACA, Comp TIA etc

• Current or prior IT Infrastructure certificates
• ITIL - IT Service Management

• Experience of enterprise scale infrastructure and how all the components work together.
• Experience of dealing with Malware, Working with Antivirus tools, Microsoft defender for endpoint. Windows patching
• Experience of firewall configurations, rules, and network topologies.
• Experience with Security tools i.e. Nessus, Pentera, LogPoint, and Penetration testing.
• Patch and vulnerability remediation experience
• Anti‑Virus tools

• Previous IT infrastructure experience
• Previous NHS Experience
• Experience with Palo Alto firewalls

• Able to troubleshoot complex IT issues involving multiple teams and technologies
• Ability to ensure the security systems and tools we use are up-to-date, and managed
• Strong analytical abilities to diagnose and resolve complex technical issues efficiently
• Excellent verbal and written communication skills to effectively interact with all levels of staff and external partners
• Ability to manage multiple projects simultaneously, prioritising tasks to meet deadlines and organisational objectives
• High adaptability to rapidly changing technology environments and the ability to quickly learn and implement modern technologies.

• A good and up to date knowledge of windows and Linux operating systems
• Familiar with software updates and the need for continuous assessment.
• Ability to think creatively to develop new solutions or approaches to ongoing challenges

• Excellent knowledge of security best practices, standards, and frameworks i.e. MITRE
• Excellent knowledge of the windows operating system, workstation, and server
• Understanding of Linux Operating systems
• Experience of the change management process Problem management and incident handling.
• Threat intelligence and threat assessment.

• Working knowledge of NHS and government cyber security systems i.e. Care Certs, CSOC, DSPT, and NCSC

• Ability to articulate complex technical information clearly to non-technical staff and senior…