Job summary
The Cyber Security team is looking to recruit a Senior Security Specialist to join our Security Operations Centre (SOC), which is responsible for monitoring and responding to cyber incidents affecting IT systems and applications used across the organisation and the wider NHS in Wales.
We are seeking a committed and experienced professional to play a key role in supporting the delivery of cyber security services across NHS Wales.
This position demands strong analytical thinking and information-gathering capabilities, with the ability to break down complex problems and develop effective, practical solutions.
Candidates must demonstrate adaptability in learning and applying new technologies, along with the interpersonal skills required to work effectively with a wide range of teams and disciplines.
Excellent communication, collaborative working, and the ability to tailor approaches to suit different audiences are essential.
The ideal candidate will bring a proactive and resilient mindset, helping to strengthen the cyber security posture of NHS Wales in an ever-evolving digital landscape.
Main duties of the job
As a Senior Security Specialist, you will lead and support the investigation, analysis, and resolution of complex cyber security incidents, using a wide range of tools and techniques to identify threats, assess their impact, and implement effective responses.
You will provide specialist advice across a variety of technical and operational areas, ensuring that systems are developed and maintained securely, in line with national guidance and good practice.
You will also support the ongoing improvement of security procedures, contribute to threat intelligence activities, and help ensure critical national infrastructure and information remain protected.
The ability to speak Welsh is desirable for this post; Welsh and/or English speakers are equally welcome to apply.
About us
Digital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.
Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.
Job description
Job responsibilities
You will be able to find a full Job description and Person Specification attached within the supporting documents or please click "Apply now" to view in Trac
You will be responsible for leading cyber security initiatives across planning, incident response, system monitoring, stakeholder engagement, and technical development.
This includes managing escalations, delivering training and awareness sessions, developing SOC processes, conducting threat hunting and proactive investigations, and advising on compliance with relevant frameworks such as ISO 27001 and NCSCs Cyber Assessment Framework.
You will also be expected to communicate effectively with a range of technical and non-technical stakeholders, contribute to policy and strategy development, and ensure all activity supports the wider goals of Digital Health and Care Wales and NHS Wales.
Job description
Job responsibilities
You will be able to find a full Job description and Person Specification attached within the supporting documents or please click "Apply now" to view in Trac
You will be responsible for leading cyber security initiatives across planning, incident response, system monitoring, stakeholder engagement, and technical development.
This includes managing escalations, delivering training and awareness sessions, developing SOC processes, conducting threat hunting and proactive investigations, and advising on compliance with relevant frameworks such as ISO 27001 and NCSCs Cyber Assessment Framework.
You will also be expected to communicate effectively with a range of technical and non-technical stakeholders, contribute to policy and strategy development, and ensure all activity supports the wider goals of Digital Health and Care Wales and NHS Wales.
Person Specification
Qualifications and Knowledge
Essential
- A Postgraduate degree (or equivalent qualification / experience) in an associated professional field.
- Practical experience, working at this level, across the range of work procedures and practices.
Desirable
- Theoretical and specialist knowledge, gained within one or more of the following: o Professional Cyber Security qualification. o ITIL practitioner, or equivalent qualification.
Experience
Essential
- Experience of working within a successful team, preferably in a large complex digital organisation, monitoring and responding to cyber incidents affecting IT systems and applications.
- Proficient in analysing and investigating the nature, impact and root cause of cyber threats, and implementing mitigation and remediation actions
- Proficient in the identification, monitoring and interpretation of information logs and alerts detected by an organisation's tools and systems.
- Familiar with supporting audits and risk assessments, producing complex reports and analysing data within set timescales.
- Familiar with developing training materials to effectively accommodate participants with differing learning styles.
- Familiar with incident management tools, including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases.
- Familiar with any tool or system which provides security access control (i.e. prevents unauthorised access to systems).
Desirable
- Experience of writing clear and effective Standard Operational Procedures and processes.
Skills and Attributes
Essential
- Analytical Thinking skills to acquire a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
- Information Acquisition skills to identify gaps in the available information required to understand a problem or situation and devise a means of resolving them.
- Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
Person Specification
Qualifications and Knowledge
Essential
- A Postgraduate degree (or equivalent qualification / experience) in an associated professional field.
- Practical experience, working at this level, across the range of work procedures and practices.
Desirable
- Theoretical and specialist knowledge, gained within one or more of the following: o Professional Cyber Security qualification. o ITIL practitioner, or equivalent qualification.
Experience
Essential
- Experience of working within a successful team, preferably in a large complex digital organisation, monitoring and responding to cyber incidents affecting IT systems and applications.
- Proficient in analysing and investigating the nature, impact and root cause of cyber threats, and implementing mitigation and remediation actions
- Proficient in the identification, monitoring and interpretation of information logs and alerts detected by an organisation's tools and systems.
- Familiar with supporting audits and risk assessments, producing complex reports and analysing data within set timescales.
- Familiar with developing training materials to effectively accommodate participants with differing learning styles.
- Familiar with incident management tools, including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases.
- Familiar with any tool or system which provides security access control (i.e. prevents unauthorised access to systems).
Desirable
- Experience of writing clear and effective Standard Operational Procedures and processes.
Skills and Attributes
Essential
- Analytical Thinking skills to acquire a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
- Information Acquisition skills to identify gaps in the available information required to understand a problem or situation and devise a means of resolving them.
- Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
UK Registration
Applicants must have current UK professional registration. For further information please see
NHS Careers website (opens in a new window).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
UK Registration
Applicants must have current UK professional registration. For further information please see
NHS Careers website (opens in a new window).
