Cyber Graduate

This role focuses on applying cybersecurity frameworks like NIST and ISO27001 to conduct risk modeling, vulnerability analysis, and compliance audits to protect business operations across various domains.

At QinetiQ we are creating a workplace that is inclusive; where our differences are not only embraced but make us stronger. A place where we can connect with each other and benefit from the experiences and thinking from people with varied backgrounds, and at different stages in their careers.

Role Purpose:

Apply cyber security skills and knowledge to risk modelling, audit and compliance, risk and vulnerability analysis and security culture improvement, with guidance and direction from more qualified and experienced staff.

Key Accountabilities:

1. Support creation of business risk models and associated material, in support of operational cyber security and business planning across a range of different domains or sectors using established frameworks (e.g. NIST, UK Government) 

2. Support cyber security audit processes in support of operational and business planning activity across a range of different domains or sectors against recognised standards (e.g. ISO27001, UK Government) 

3. Support cyber security vulnerability analysis that provides a rich picture of organisational maturity and risk exposure to cyber security, in support of operational and business planning activity across a range of different domains or sectors using established frameworks (e.g. NIST, MITRE ATT&CK, UK Government) 

4. Understand mitigations for cyber risk in a given business or operational scenario and threat environment 

5. Support development of cyber security risk cases in a given business or operational context 

Key Capabilities/Knowledge:

• Understands threat, vulnerability & cyber risk concepts and can describe some general mitigations and comment on their effectiveness with supporting reasons 

• Awareness of relevant NIST frameworks and ISO27001 standards and how to apply in practice with appropriate supervision 

• Some knowledge of MITRE ATT&CK 

• Awareness of the impact of cyber risk on business or operational outcomes 

• Able to understand regulatory requirements and, with colleagues, devise courses of action to meet these appropriate to the business or operational context. 

• Able to support development of risk mitigation strategies that enhance business outcomes with appropriate supervision 

• Understand cyber risk and mitigations put in place and can provide evidence to help refine risk mitigation approaches with appropriate supervision 

• Able to support identification, documenting and articulation of security risk and mitigation approaches, against technology solutions and business processes 

• Able to engage and communicate with customers at an appropriate level. 

• Able to support engagement and communication effectively with stakeholders at all levels 

• Good awareness of digital technology (in particular computer and computer networks) 

• Some awareness of other cyber security professions and what they contribute 

• Able to articulate evidenced  arguments for recommended courses of action 

• Able to work independently with appropriate direction and supervision, seeking guidance where necessary

Experience & Qualifications:

Essential 

• STEM degree or equivalent 

• Experience that demonstrates an inquisitive and questioning approach, willingness to challenge, ability to reason with evidence, and solve problems 

• Digitally literate (including fluency in Microsoft Office tools) 

Desirable 

• Experience in a cyber-security role 

• Experience supporting security vulnerability, risk, audit & compliance

• Experience supporting work with relevant NIST and ISO27001 frameworks and standards. 

• Experience supporting security audit preparation and outcomes 

• Initial membership of CIISec or equivalent

Our Benefits (the list is not exhaustive):

• On demand learning, access to courses, modules, and lectures via multiple digital learning platforms

• Coaching and Mentoring

• 25 days annual holiday excluding bank holiday

• Matched contribution pension scheme, with life assurance

• Flexible Benefits package

• Employee discount portal

• Employee Assistance Programme

• Employee-led networks 

Security:

Many of our roles at QinetiQ are subject to national security vetting. Applicants who already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. Many roles are also subject to restrictions on access to information, which means factors such as nationality, previous nationalities held and the country in which you were born may impact your role.