Level 3 Cyber Security Technician

Role Profile

This occupation is found in all sectors where information is held digitally and where that information is an asset that needs to be protected including but not limited to finance, retail, telecoms, health, media, manufacturing and local authorities.

The broad purpose of the occupation is to provide first line cyber security support. This requires individuals to monitor and detect potential security threats and escalate as necessary and to support secure and uninterrupted business operations of an organisation through the implementation of cyber security mechanisms and the application of cyber security procedures and controls.

To contribute to the delivery of a security culture across an organisation, understanding vulnerabilities and threats and supporting the development of an organisation's cyber security maturity.

To apply procedures and controls to maintain security and control of an organisation, and process security requests ensuring confidentiality, integrity and availability of information stored digitally.

Typical Roles

  • Access Control Administrator
  • Cyber Security Administrator Junior
  • Security Operations (SOC) Analyst
  • Junior Information Security Analyst
  • Incident Response Technician
  • Centre (SOC) Analyst
  • Junior Threat and Risk Analyst
  • Junior Penetration Tester
  • Junior Security Analyst

Technical Competencies, Technical Knowledge, Understanding and Specialisms


K1: Principles of organisational information security governance and the components of an organisation's cyber security technical infrastructure including hardware, operating systems, networks, software and cloud

K2: Cyber security policies and standards based on an Information Security Management System (ISMS)

K3: Types of physical, procedural and technical controls

K4: Awareness of how current legislation relates to or impacts upon the occupation including Data Protection Act, Regulation of Investigatory Powers Act, Human Rights Act, Computer Misuse Act, Freedom of Information Act, Official Secrets Act, Payment Card Industry Data Security Standard (PCI-DSS), Wireless and Telegraphy Act, professional body codes of conduct, ethical use of information assets

K5: Cyber security awareness and components of an effective security culture, different organisational structures and cultures, the importance of maintaining privacy and confidentiality of an organisation's information and the impact of a poor security culture

K6: Principles of cyber security compliance and compliance monitoring techniques

K7: Core terminology of cyber security – confidentiality, integrity, availability (the CIA triad), assurance, authenticity, identification, authentication, authorization, accountability, reliability, non-repudiation, access control

K8: Common security administrative operational tasks e.g. patching, software updates, access control, configuring a range of firewalls, security incident and event management tools (SIEM) and protection tools (Anti-virus, Anti-malware, Anti-spam)

K9: Cryptography, certificates and use of certificate management tools

K10: Processes for detecting, reporting, assessing, responding to, dealing with and learning from information security events

K11: Principles of identity and access management - authentication, authorisation and federation - and the inter-relationship between privacy and access rights and access control, and the types of access control, access control mechanisms and application control

K12: Types of digital information assets used in a controlled environment and the need to maintain an inventory of information assets used in a controlled environment and the need for and practice of secure information asset disposal

K13: Disaster prevention and recovery methods and the need for continuity of service planning and how an organisation might implement basic disaster prevention and recovery practices using conventional and incremental secure backup and recovery techniques and tools both onsite and offsite including geographic considerations

K14: Categories of cyber security vulnerabilities and common vulnerability exposures –software misconfiguration, sensitive data exposure, injection vulnerabilities, using components with known vulnerabilities, insufficient logging and monitoring, broken access control and authentication, security misconfiguration, incorrect cross-site validation

K15: Components of a vulnerability assessment scope and techniques to evaluate the results of a vulnerability assessment and provide recommendations based upon the evidence provided by the vulnerability assessment tools. The impact that vulnerabilities might have on an organisation and common vulnerability assessment tools and their strengths and weaknesses

K16: Threat sources and threat identification and network reconnaissance techniques and the impact that threats might have on an organisation

K17: Types of information security events – brute force attack, malware activity, suspicious user behaviour, suspicious device behaviour, unauthorized system changes

K18: Computer forensic principles – the importance of ensuring that evidence is not contaminated and maintaining the continuity of evidence without compromising it

K19: Standard information security event incident, exception and management reporting requirements and how to document incident and event information as part of a chain or evidence

K20: Common information security policies – acceptable use, incident management, patching, anti-virus, BYOD, access control, social media, password, data handling and data classification, IT asset disposal

K21: Cyber security audit requirements, procedures and plans, need to obtain and document evidence in an appropriate form for an internal or external auditor to review

K22: The significance of customer issues, problems, business value, brand awareness, cultural awareness/ diversity, accessibility, internal/ external audience, level of technical knowledge and profile in a business context

K23: Evolving cyber security issues in the digital world including the application to critical national infrastructure, communications technologies, the need for information assurance and governance, control systems and internet of things (IoT) devises

K24: Different learning techniques and the breadth and sources of knowledge and sources of verified information and data

K25: Importance of maintaining privacy and confidentiality of an organisations information and the impact of a poor security culture

K26: Concepts of service desk delivery and how to respond to requests for assistance received by a service desk and be able to describe different methods of escalation, when to escalate to a higher level where necessary and the need to communicate accurately and appropriately during an escalation

K27: Risk assessment, risk management and business impact analysis principles

K28: How their occupation fits into the wider digital landscape and any current or future regulatory requirements

K29: How to use data ethically and the implications for wider society, with respect to the use of data

K30: Roles within a multidisciplinary team and the interfaces with other areas of an organisation


S1: Follow information security procedures

S2: Maintain information security controls

S3: Develop information security training and awareness resources

S4: Monitor the effectiveness of information security training and awareness

S5: Handle and assess the validity of security requests from a range of internal and external stakeholders

S6: Follow technical procedures to install and maintain technical security controls

S7: Monitor and report information security events

S8: Recognise when and how to escalate information security events in accordance with relevant procedures and standards

S9: Review and modify access rights to digital information systems, services, devices or data

S10: Maintain an inventory of digital information systems, services, devices and data storage

S11: Scopes cyber security vulnerability assessments

S12: Evaluate the results of a cyber security vulnerability assessment

S13: Perform routine threat intelligence gathering tasks through consulting external sources

S14: Undertake digital information risk assessments

S15: Identify and categorise threats, vulnerabilities and risks in preparation for response or escalation

S16: Document cyber security event information whilst preserving evidence

S17: Draft information management reports using standard formats appropriate to the recipients

S18: Review and comment upon cyber security policies, procedures, standards and guidelines

S19: Perform cyber security compliance checks

S20: Translate audit requirements and collate relevant information from log files, incident reports and other data sources

S21: Communication skills to co-operate as part of a multi-functional, multi-disciplinary team using a range of technical and non-technical language to provide an effective interface between internal or external users and suppliers

S22: Keep up-to-date with legislation and industry standards related to the implementation of cyber security in an organisation


B1: Manage own time to meet deadlines and manage stakeholder expectations

B2: Work independently and take responsibility for own actions within the occupation

B3: Use own initiative

B4: A structured approach to the prioritisation of tasks

B5: Treat colleagues and external stakeholders fairly and with respect without bias or discrimination

B6: Act in accordance with occupation specific laws, regulations and professional standards and not accept instruction that is incompatible with any of these

B7: Review own development needs in order to keep up to date with evolution in technologies, trends and innovation using a range of sources


Functional Skills at Level 2 in both English and Maths will need to be attained as part of the Level 3 Apprenticeship. GCSE Grade 4 (C) in these subjects will be accepted as an exemption of this requirement, subject to production of copied certificates. If Level 2 in either of these subjects is not held, GK Apprenticeships have dedicated tutors who will support this attainment.

Professional Recognition

This apprenticeship is recognised for entry to both CIISec, and BCS Associate Membership and for entry onto the Register of IT Technicians. Those completing the apprenticeship are eligible to apply for registration.

Typical Roles
Cyber Security Administrator, Access Control Administrator, Incident Response Technician, Junior Security Operations Centre (SOC) Analyst, Junior Information Security Analyst, Junior Threat and Risk Analyst, Junior Penetration Tester, Junior Security Analyst.
Employers interested in this apprenticeship should contact Qufaro for further details
Back to top

© Bletchley Park Qufaro Ltd. Site by Dgtl

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.