Senior Security Specialist

By /
  • Anywhere

The Cyber Security team is looking to recruit a Senior Security Specialist to join our Security Operations Centre (SOC), which is responsible for monitoring and responding to cyber incidents affecting IT systems and applications used across the organisation and the wider NHS in Wales.We are seeking a committed and experienced professional to play a key role in supporting the delivery of cyber security services across NHS Wales.This position demands strong analytical thinking and information-gathering capabilities, with the ability to break down complex problems and develop effective, practical solutions.Candidates must demonstrate adaptability in learning and applying new technologies, along with the interpersonal skills required to work effectively with a wide range of teams and disciplines.Excellent communication, collaborative working, and the ability to tailor approaches to suit different audiences are essential.The ideal candidate will bring a proactive and resilient mindset, helping to strengthen the cyber security posture of NHS Wales in an ever-evolving digital landscape.Main duties of the jobAs a Senior Security Specialist, you will lead and support the investigation, analysis, and resolution of complex cyber security incidents, using a wide range of tools and techniques to identify threats, assess their impact, and implement effective responses.You will provide specialist advice across a variety of technical and operational areas, ensuring that systems are developed and maintained securely, in line with national guidance and good practice.You will also support the ongoing improvement of security procedures, contribute to threat intelligence activities, and help ensure critical national infrastructure and information remain protected.About usDigital Health and Care Wales (DHCW) is an expert national body and part of NHS Wales. We work in partnership with NHS Wales colleagues and other key stakeholders to provide national digital and data services which support the delivery of health and social care in Wales. Modern health and care services depend on good digital tools, data and information. DHCW runs or works with more than 100 services and delivers major national digital transformation programmes to support this. In addition, DHCW provides expert advice in relation to cyber security and information governance. We give frontline staff the digital tools which help them provide safer and more efficient care. We are also giving patients and the public digital tools to better manage their own health and wellbeing, empowering people to live healthier lives. We put people at the heart of what we do, working to the highest standards to deliver quality and make digital a force for good in health and care.Working for DHCW offers lots of employee benefits, including flexible working, a competitive salary, 28 days of annual leave plus Bank Holidays and opportunities for career development. We are committed to recognising and celebrating our staff as the most valuable part of our organisation.Date posted16 April 2025Pay schemeAgenda for changeBandBand 6Salary£37,898 to £45,637 a year per annumContractPermanentWorking patternFull-time, Flexible workingReference number025-AC078-0425-AJob locationsHybrid workingLocation to be confirmed at interviewCF11 9ADJob descriptionJob responsibilitiesYou will be responsible for leading cyber security initiatives across planning, incident response, system monitoring, stakeholder engagement, and technical development.This includes managing escalations, delivering training and awareness sessions, developing SOC processes, conducting threat hunting and proactive investigations, and advising on compliance with relevant frameworks such as ISO 27001 and NCSCs Cyber Assessment Framework.You will also be expected to communicate effectively with a range of technical and non-technical stakeholders, contribute to policy and strategy development, and ensure all activity supports the wider goals of Digital Health and Care Wales and NHS Wales. Job descriptionJob responsibilitiesYou will be responsible for leading cyber security initiatives across planning, incident response, system monitoring, stakeholder engagement, and technical development.This includes managing escalations, delivering training and awareness sessions, developing SOC processes, conducting threat hunting and proactive investigations, and advising on compliance with relevant frameworks such as ISO 27001 and NCSCs Cyber Assessment Framework.You will also be expected to communicate effectively with a range of technical and non-technical stakeholders, contribute to policy and strategy development, and ensure all activity supports the wider goals of Digital Health and Care Wales and NHS Wales.Person SpecificationQualificationsEssential

  • A Postgraduate degree (or equivalent qualification / experience) in an associated professional field.
  • Practical experience, working at this level, across the range of work procedures and practices.
  • Evidence of continuous professional development.

Desirable

  • Theoretical and specialist knowledge, gained within one or more of the following: o Professional Cyber Security qualification. o ITIL practitioner, or equivalent qualification. o Leadership experience or qualification.

ExperienceEssential

  • Experience of working within a successful team, preferably in a large complex digital organisation, monitoring and responding to cyber incidents affecting IT systems and applications.
  • Proficient in analysing and investigating the nature, impact and root cause of cyber threats, and implementing mitigation and remediation actions.
  • Proficient in the identification, monitoring and interpretation of information logs and alerts detected by an organisation’s tools and systems.
  • Familiar with supporting audits and risk assessments, producing complex reports and analysing data within set timescales.
  • Familiar with developing training materials to effectively accommodate participants with differing learning styles.
  • Familiar with any tool or system which provides security access control (i.e. prevents unauthorised access to systems).
  • Familiar with incident management tools, including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases.
  • Aware of the planning and management of the interaction between two or more networking systems, computers or other intelligent devices.
  • Proficient in methods and techniques for making effective use of own time.
  • Familiar with applying standards, practices and codes relevant to the IT industry, and the specific organisation or business domain.

Desirable

  • Experience of writing clear and effective Standard Operational Procedures and processes.

Skills and AttributesEssential

  • Analytical Thinking skills to acquire a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
  • Information Acquisition skills to identify gaps in the available information required to understand a problem or situation and devise a means of resolving them.
  • Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
  • Interacting with People skills to establish relationships, contribute to an open culture and maintain contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures.
  • Adaptability skills to adapt style and approach to meet the needs of different audiences.
  • Teamwork skills to work collaboratively with others to achieve a common goal.

Desirable

  • Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
  • Knowledge of NHS Wales or the Health sector.

Person SpecificationQualificationsEssential

  • A Postgraduate degree (or equivalent qualification / experience) in an associated professional field.
  • Practical experience, working at this level, across the range of work procedures and practices.
  • Evidence of continuous professional development.

Desirable

  • Theoretical and specialist knowledge, gained within one or more of the following: o Professional Cyber Security qualification. o ITIL practitioner, or equivalent qualification. o Leadership experience or qualification.

ExperienceEssential

  • Experience of working within a successful team, preferably in a large complex digital organisation, monitoring and responding to cyber incidents affecting IT systems and applications.
  • Proficient in analysing and investigating the nature, impact and root cause of cyber threats, and implementing mitigation and remediation actions.
  • Proficient in the identification, monitoring and interpretation of information logs and alerts detected by an organisation’s tools and systems.
  • Familiar with supporting audits and risk assessments, producing complex reports and analysing data within set timescales.
  • Familiar with developing training materials to effectively accommodate participants with differing learning styles.
  • Familiar with any tool or system which provides security access control (i.e. prevents unauthorised access to systems).
  • Familiar with incident management tools, including interrogation of incident database, creation of parent and child incidents, creation of queries to seek trends and use of known error logs/ databases.
  • Aware of the planning and management of the interaction between two or more networking systems, computers or other intelligent devices.
  • Proficient in methods and techniques for making effective use of own time.
  • Familiar with applying standards, practices and codes relevant to the IT industry, and the specific organisation or business domain.

Desirable

  • Experience of writing clear and effective Standard Operational Procedures and processes.

Skills and AttributesEssential

  • Analytical Thinking skills to acquire a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated.
  • Information Acquisition skills to identify gaps in the available information required to understand a problem or situation and devise a means of resolving them.
  • Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them.
  • Interacting with People skills to establish relationships, contribute to an open culture and maintain contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures.
  • Adaptability skills to adapt style and approach to meet the needs of different audiences.
  • Teamwork skills to work collaboratively with others to achieve a common goal.

Desirable

  • Welsh language skills are desirable, at level 1 or above, in understanding, speaking, reading and writing in Welsh.
  • Knowledge of NHS Wales or the Health sector.

Apply For Job