Mid Green occupationDigital
Cyber security technical professional
Leading teams which manage cyber security risks.
Summary
A cyber security technical professional operates in business or technology / engineering functions across a range of sectors of the economy including critical national infrastructure (such as energy, transport, water, finance), public and private, large and small. They will normally operate with a considerable degree of autonomy and will lead teams which research, analyse, model, assess and manage cyber security risks; design, develop, justify, manage and operate secure solutions; and detect and respond to incidents. They work in accordance with applicable laws, regulations, standards and ethics.
Typical job titles include
- Cyber Incident Manager | Cyber Research Analyst | Cyber Risk Analyst | Cyber Risk Manager | Cyber Security Design Engineer | Cyber Security Engineer
Knowledge, skills and behaviours (KSBs)
K1:
1: N/A Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance.
K2:
2: Design, build, configure, optimise, test and troubleshoot simple and complex networks. Network foundations, connections, internetworking, protocols, standards, performance, security and server virtualisation.
K3:
3: Apply statistical techniques to large data sets. Identify vulnerabilities in big data architectures and deployment. Information management, big data concepts, statistical techniques, database concepts and data quality.
K4:
4: Build test and debug a digital system to a specification. Computer architecture, digital logic, machine level representation of data.
K5:
5: Configure an Operating System in accordance with security policy. Identify threats and features. Operating System principles, architectures, features, mechanisms, security features and exploits.
K6:
6: Write, test, debug programs in high and low level languages and scripts. Algorithm and program design, concepts, compilers and logic. Programming languages.
K7:
7: Design, implement and analyse algorithms. Algorithms, complexity and discrete maths.
K8:
8: Construct software to interact with the real world and analyse for security exploits. How software interacts with the hardware and real world environment and security issues.
K9:
9: Analyse malware & identify its mechanisms. Malware, reverse engineering, obfuscation.
K10:
10: Apply secure programming principles and design patterns to address security issues. Defensive programming, malware resistance, code analysis, formal methods, good practice.
K11:
11: Apply system engineering and software development methodologies and models. System development principles, tools, approaches, complexity, software engineering.
K12:
12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations. Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment.
K13:
13: Assess culture & individual responsibilities. Human dimensions of cyber security.
K14:
14: Undertake ethical system reconnaissance and intelligence analysis. Structured and ethical intelligence analysis, methods, techniques.
K15:
15: Undertake risk modelling, analysis and trades. Management of cyber security risk, tools and techniques.
K16:
16: Undertake risk assessment to an external standard. Quantitative & qualitative risk management theory & practice, role of risk stakeholders.
K17:
17: Apply a management system and develop an information security management plan. Concepts & benefits of security management systems, governance & international standards.
K18:
18: Configure and use security technology components and key management. Security components: how they are used for security / business benefit. Crypto & key management.
K19:
19: Design & evaluate a system to a security case. How to compose a justified security case.
K20:
20: Architect, analyse & justify a secure system. Understand security assurance, how to achieve it and how to apply security principles
K21:
21: Develop an assurance strategy. Assurance concepts & approaches.
K22:
22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours. How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques.
K23:
23: Manage intrusion response, including with 3rd parties. Cyber incident response, management, escalation, investigation & 3rd party involvement.
K24:
24: N/A Legal, regulatory, compliance & standards environment.
K25:
25: Organise testing & investigation work in accordance with legal & ethical requirements. Applicability of laws regulations & ethical standards.
K26:
26: Develop & apply information security policy to implement legal or regulatory requirements. Legal responsibilities of system owners, users, employers, employees.
Technical Educational Products
- ST0409: Cyber security technical professional (integrated degree) (Level 6) Approved for delivery
- Reference:
- OCC0409
- Status:
Approved occupation
- Average (median) salary:
- £45,546 per year
- SOC 2020 code:
- 2135 Cyber security professionals
- SOC 2020 sub unit groups:
- 2135/02 Cyber security management and governance specialists
- 2135/01 Cyber operational defence specialists
- 2135/99 Cyber security professionals n.e.c.
S1:
Fluent in written communications and able to articulate complex issues.
S2:
Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
S3:
Able to deal with different, competing interests within and outside the organisation with excellent negotiation skills.
S4:
Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
S5:
Able to work effectively with others to achieve a common goal.
S6:
Competent in active listening and in leading, influencing and persuading others.
S7:
Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
S8:
Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem solving techniques to complex systems and situations.
S9:
Able to put forward, demonstrate value and gain commitment to a moderately complex technology-oriented solution, demonstrating understanding of business need, using open questions and summarising skills and basic negotiating skills.
S10:
Can conduct effective research, using literature and other media.
S11:
Logical thinking and creative approach to problem solving.
S12:
Able to demonstrate a ‘security mind-set’ (how to break as well as make).
Technical Educational Products
- ST0409: Cyber security technical professional (integrated degree) (Level 6) Approved for delivery
- Reference:
- OCC0409
- Status:
- Approved occupation
- Average (median) salary:
- £45,546 per year
- SOC 2020 code:
- 2135 Cyber security professionals
- SOC 2020 sub unit groups:
- 2135/02 Cyber security management and governance specialists
- 2135/01 Cyber operational defence specialists
- 2135/99 Cyber security professionals n.e.c.
B1:
Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B2:
Flexible attitude and ability to perform under pressure.
B3:
A thorough approach to work in the cyber security role.
Technical Educational Products
- ST0409: Cyber security technical professional (integrated degree) (Level 6) Approved for delivery
- Reference:
- OCC0409
- Status:
- Approved occupation
- Average (median) salary:
- £45,546 per year
- SOC 2020 code:
- 2135 Cyber security professionals
- SOC 2020 sub unit groups:
- 2135/02 Cyber security management and governance specialists
- 2135/01 Cyber operational defence specialists
- 2135/99 Cyber security professionals n.e.c.
