Potential occupational standard
Occupational standard in development
Approved occupational standard
Occupational standard without apprenticeship
Custom occupational card
Apprenticeship
Higher Technical Qualification
T Level
Technical Qualification
Career starter apprenticeship
Royal apprenticeship
Occupational progression
Technical education progression
Mid green occupation
Dark green occupation
Favourite occupation
View glossary of terms
home Digital
Cyber security technical professional

Cyber security technical professional

Digital

Level 6 - Professional Occupation

Leading teams which manage cyber security risks.

Print to PDF View occupation in map

Reference: OCC0409

Status: assignment_turned_inApproved occupation

Average (median) salary: £45,593 per year

SOC 2020 code: 2135 Cyber security professionals

SOC 2020 sub unit groups:

  • 2135/01 Cyber operational defence specialists
  • 2135/99 Cyber security professionals n.e.c.

Technical Education Products

ST0409:

Cyber security technical professional (integrated degree)

(Level 6)

Approved for delivery

Employers involved in creating the standard:

QinetiQ (Chair of the employer group), 3SDL, BAE Systems, Becrypt, BT, CGI, Crest, DWP, HPE, IBM, Transport for London (TfL), Virgin Trains South Coast, NCSC (National Cyber Security Centre)

Summary

A cyber security technical professional operates in business or technology / engineering functions across a range of sectors of the economy including critical national infrastructure (such as energy, transport, water, finance), public and private, large and small. They will normally operate with a considerable degree of autonomy and will lead teams which research, analyse, model, assess and manage cyber security risks; design, develop, justify, manage and operate secure solutions; and detect and respond to incidents. They work in accordance with applicable laws, regulations, standards and ethics.

Employers involved in creating the standard:

QinetiQ (Chair of the employer group), 3SDL, BAE Systems, Becrypt, BT, CGI, Crest, DWP, HPE, IBM, Transport for London (TfL), Virgin Trains South Coast, NCSC (National Cyber Security Centre)

Green themes

Financial and Professional Business Services

Typical job titles include:

Cyber Incident Manager
Cyber Research Analyst
Cyber Risk Analyst
Cyber Risk Manager
Cyber Security Design Engineer
Cyber Security Engineer

Keywords:

Cyber Security
Cyber Security Technical Professional
Databases
Software
Technical Professional

Knowledge, skills and behaviours (KSBs)

K1: 1: N/A Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance.
K2: 2: Design, build, configure, optimise, test and troubleshoot simple and complex networks. Network foundations, connections, internetworking, protocols, standards, performance, security and server virtualisation.
K3: 3: Apply statistical techniques to large data sets. Identify vulnerabilities in big data architectures and deployment. Information management, big data concepts, statistical techniques, database concepts and data quality.
K4: 4: Build test and debug a digital system to a specification. Computer architecture, digital logic, machine level representation of data.
K5: 5: Configure an Operating System in accordance with security policy. Identify threats and features. Operating System principles, architectures, features, mechanisms, security features and exploits.
K6: 6: Write, test, debug programs in high and low level languages and scripts. Algorithm and program design, concepts, compilers and logic. Programming languages.
K7: 7: Design, implement and analyse algorithms. Algorithms, complexity and discrete maths.
K8: 8: Construct software to interact with the real world and analyse for security exploits. How software interacts with the hardware and real world environment and security issues.
K9: 9: Analyse malware & identify its mechanisms. Malware, reverse engineering, obfuscation.
K10: 10: Apply secure programming principles and design patterns to address security issues. Defensive programming, malware resistance, code analysis, formal methods, good practice.
K11: 11: Apply system engineering and software development methodologies and models. System development principles, tools, approaches, complexity, software engineering.
K12: 12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations. Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment.
K13: 13: Assess culture & individual responsibilities. Human dimensions of cyber security.
K14: 14: Undertake ethical system reconnaissance and intelligence analysis. Structured and ethical intelligence analysis, methods, techniques.
K15: 15: Undertake risk modelling, analysis and trades. Management of cyber security risk, tools and techniques.
K16: 16: Undertake risk assessment to an external standard. Quantitative & qualitative risk management theory & practice, role of risk stakeholders.
K17: 17: Apply a management system and develop an information security management plan. Concepts & benefits of security management systems, governance & international standards.
K18: 18: Configure and use security technology components and key management. Security components: how they are used for security / business benefit. Crypto & key management.
K19: 19: Design & evaluate a system to a security case. How to compose a justified security case.
K20: 20: Architect, analyse & justify a secure system. Understand security assurance, how to achieve it and how to apply security principles
K21: 21: Develop an assurance strategy. Assurance concepts & approaches.
K22: 22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours. How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques.
K23: 23: Manage intrusion response, including with 3rd parties. Cyber incident response, management, escalation, investigation & 3rd party involvement.
K24: 24: N/A Legal, regulatory, compliance & standards environment.
K25: 25: Organise testing & investigation work in accordance with legal & ethical requirements. Applicability of laws regulations & ethical standards.
K26: 26: Develop & apply information security policy to implement legal or regulatory requirements. Legal responsibilities of system owners, users, employers, employees.

S1: Fluent in written communications and able to articulate complex issues.
S2: Makes concise, engaging and well-structured verbal presentations, arguments and explanations.
S3: Able to deal with different, competing interests within and outside the organisation with excellent negotiation skills.
S4: Able to identify the preferences, motivations, strengths and limitations of other people and apply these insights to work more effectively with and to motivate others.
S5: Able to work effectively with others to achieve a common goal.
S6: Competent in active listening and in leading, influencing and persuading others.
S7: Able to give and receive feedback constructively and incorporate it into his/her own development and life-long learning.
S8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem solving techniques to complex systems and situations.
S9: Able to put forward, demonstrate value and gain commitment to a moderately complex technology-oriented solution, demonstrating understanding of business need, using open questions and summarising skills and basic negotiating skills.
S10: Can conduct effective research, using literature and other media.
S11: Logical thinking and creative approach to problem solving.
S12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).

B1: Demonstrates business disciplines, ethics and courtesies, demonstrating timeliness and focus when faced with distractions and the ability to complete tasks to a deadline with high quality.
B2: Flexible attitude and ability to perform under pressure.
B3: A thorough approach to work in the cyber security role.

Occupational Progression

This occupational progression map shows technical occupations that have transferable knowledge and skills.

In this map, the focused occupation is highlighted in yellow. The arrows indicate where transferable knowledge and skills exist between two occupations. This map shows some of the strongest progression links between the focused occupation and other occupations.

It is anticipated that individuals would be required to undertake further learning or training to progress to and from occupations. To find out more about an occupation featured in the progression map, including the learning options available, click the occupation.

Progression decisions have been reached by comparing the knowledge and skills statements between occupational standards, combined with individualised learner movement data.

Technical Occupations

Levels 2-3

Higher Technical Occupations

Levels 4-5

Professional Occupations

Levels 6-7

Progression link into focused occupation.
assignment_turned_in

Level 4

Progression link into focused occupation.
assignment_turned_in

Level 4

Progression link into focused occupation.
assignment_turned_in

Level 4

This is the focused occupation.
assignment_turned_in

Level 6

Progression link from focused occupation.
assignment_turned_in

Level 6

Progression link from focused occupation.
assignment_turned_in

Level 7

Digital