Job summary
Embark on your new role as a Cyber Security Engineer with DHU Healthcare!
Location: Derby
What DHU can offer you:
Working Patterns:We recognise that 9-5 doesnt work for everyone, so we have a range of working patterns available to suit your work/life balance.Our friendly team will work with you to find the best fixed pattern for us both.
Competitive salary: £43,742 (Band 7)
Generous annual leave entitlement:Standard 25 days + 8 bank holidays, increasing with service up to 33 days + 8 bank holidays. Pro Rata/ Per Annum
Main duties of the job
In this role, you will work as part of the Cyber Security Team to ensure that technology, infrastructure, systems, and supporting processes collectively provide appropriate and cost-effective protection against cyber threats and identified security risks. The Cyber Security Engineer will support the Cyber Security Team Leader with ongoing security assessments, incident response, and the implementation of security protocols. You will also play a key role in collaborating with regional and national bodies to ensure compliance with security standards and best practices.
About us
We understand that digital applications may not be suitable for everyone. If you need to apply in a different way that better meets your needs, please reach out to us, and we will gladly accommodate your application in a format that works for you. For more details about our recruitment process, click here, or contact our team of talent acquisition professionals by emailing:Careers@DHUHealthCare.nhs.uk.
At DHU HealthCare we pride ourselves on our diverse workforce, and we remain committed to ensuring every person, in each of our teams, can bring their true selves to work without risk or fear of discrimination. As such, we would welcome applications from diverse audience representing the communities we continue to serve.
We proudly embrace forces-friendly practices and dedicate unwavering support to our Veterans/Service Leavers; Reservists; Cadet Force Adult Volunteers and military spouses/partners, fostering a workplace that values their unique skills and contributions.
Job description
Job responsibilities
* Lead in the remediation of non-compliance with the DSPT, Cyber Alerts or other accreditations, ensuring appropriate responses to NHSE, Cyber Auditors and any other 3rd parties. (this involved receiving highly complex digital information and processing as necessary)
* Provide specialist cyber security advice for multiple security tools, O365, SharePoint, Online platforms, National systems, IT equipment and Medical Device procurement, operational management and life cycling.
* Undertake regular and frequent vulnerability scans, analysing and reviewing any threats and vulnerabilities identified by monitoring systems, and present the options for remediation.
* Work within broad occupational policies, reviewing, inputting and developing new local cyber policies and procedures as a result of legislation changes, best practice and emerging trends.
* Undertake daily security monitoring.
* Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders.
* Set up automatic threat hunting.
* Undertake route cause analysis and implement preventative measures, suggesting measures for the future to avoid recurrence.
* Liaise with counter fraud services, police and any other external organisation organisations as required when investigating cyber security incidents and always maintain confidentiality.
* To monitor Anti-Virus measures to ensure they remain up to date to protect the Businesss network and computers and escalate any issues to the SIRO, should the Business be put at risk of virus threats.
* To assist with ensuring that all new system procurements meet the security requirements of the Business and make recommendations to address any identified gaps or weaknesses.
* To maintain a good technical understanding of complex systems and security issues pertaining to them, including but not limited to, Active Directory, firewalls, remote access systems, hardware, operating systems, applications software, hardware and networking protocols, etc.
* Support with the installation, upgrading, operation, control, maintenance and effective use of all digital security systems.
* Investigates and diagnoses complex security problems, working with users, other staff and suppliers as appropriate to maintain the integrity of the Businesss digital security.
* Ensuring the Businesss digital assets are protected from threat and that the business operations they are intended to provide are maintained in line with required service levels.
* Manages the Digital threat assessment and security control reviews, Digital business risk assessments, and reviews that follow significant breaches of security controls.
* The role will be required to participate in the departmental escalation on-call roster to cover out of hours. In addition, the nature of Digital operations dictates some degree of out-of-hours working e.g. activities such as system maintenance or project go lives, which must be conducted out of core hours in order to minimise disruption to services. Digital staff will be expected to be flexible in their work hours to support these activities and will be rewarded in accordance with standard Business policies for time off in lieu and/or overtime. In addition, Digital works across the Business and you will be expected to work at the Businesss other sites when required to do so to fulfil your role.
Job description
Job responsibilities
* Lead in the remediation of non-compliance with the DSPT, Cyber Alerts or other accreditations, ensuring appropriate responses to NHSE, Cyber Auditors and any other 3rd parties. (this involved receiving highly complex digital information and processing as necessary)
* Provide specialist cyber security advice for multiple security tools, O365, SharePoint, Online platforms, National systems, IT equipment and Medical Device procurement, operational management and life cycling.
* Undertake regular and frequent vulnerability scans, analysing and reviewing any threats and vulnerabilities identified by monitoring systems, and present the options for remediation.
* Work within broad occupational policies, reviewing, inputting and developing new local cyber policies and procedures as a result of legislation changes, best practice and emerging trends.
* Undertake daily security monitoring.
* Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders.
* Set up automatic threat hunting.
* Undertake route cause analysis and implement preventative measures, suggesting measures for the future to avoid recurrence.
* Liaise with counter fraud services, police and any other external organisation organisations as required when investigating cyber security incidents and always maintain confidentiality.
* To monitor Anti-Virus measures to ensure they remain up to date to protect the Businesss network and computers and escalate any issues to the SIRO, should the Business be put at risk of virus threats.
* To assist with ensuring that all new system procurements meet the security requirements of the Business and make recommendations to address any identified gaps or weaknesses.
* To maintain a good technical understanding of complex systems and security issues pertaining to them, including but not limited to, Active Directory, firewalls, remote access systems, hardware, operating systems, applications software, hardware and networking protocols, etc.
* Support with the installation, upgrading, operation, control, maintenance and effective use of all digital security systems.
* Investigates and diagnoses complex security problems, working with users, other staff and suppliers as appropriate to maintain the integrity of the Businesss digital security.
* Ensuring the Businesss digital assets are protected from threat and that the business operations they are intended to provide are maintained in line with required service levels.
* Manages the Digital threat assessment and security control reviews, Digital business risk assessments, and reviews that follow significant breaches of security controls.
* The role will be required to participate in the departmental escalation on-call roster to cover out of hours. In addition, the nature of Digital operations dictates some degree of out-of-hours working e.g. activities such as system maintenance or project go lives, which must be conducted out of core hours in order to minimise disruption to services. Digital staff will be expected to be flexible in their work hours to support these activities and will be rewarded in accordance with standard Business policies for time off in lieu and/or overtime. In addition, Digital works across the Business and you will be expected to work at the Businesss other sites when required to do so to fulfil your role.
Person Specification
Qualifications
Essential
* Educated to degree level, equivalent IT professional qualification, or demonstrable equivalent level of experience.
* Specialist cyber related qualification e.g. Security+, CySa+, PenTest+.
* Knowledge of digital best practice, information security and information governance.
* Experience performing security reviews and risk assessment.
* Experience of managing cyber incidents, response and actions.
* Previous experience of project and change management skills and/or techniques.
* Certified Ethical Hacker.
* ITIL Foundation.
* Knowledge of digital best practice, information security and information governance.
* Experience performing security reviews and risk assessment.
* Experience of managing cyber incidents, response and actions.
* Broad working knowledge of current practices and issues in the cyber field.
* Knowledge of common technologies such as Windows OS, email infrastructure, datacentres, network administration.
* Ability to convey often highly complex technical/ digital / cyber issues to a non-technical/ digital / cyber audience.
* Able to act as a change agent.
* Commitment to maintaining up to date knowledge of the appropriate regulations to enable adherence and to implement new regulations as required (essential)
* Right to work in the UK.
Person Specification
Qualifications
Essential
* Educated to degree level, equivalent IT professional qualification, or demonstrable equivalent level of experience.
* Specialist cyber related qualification e.g. Security+, CySa+, PenTest+.
* Knowledge of digital best practice, information security and information governance.
* Experience performing security reviews and risk assessment.
* Experience of managing cyber incidents, response and actions.
* Previous experience of project and change management skills and/or techniques.
* Certified Ethical Hacker.
* ITIL Foundation.
* Knowledge of digital best practice, information security and information governance.
* Experience performing security reviews and risk assessment.
* Experience of managing cyber incidents, response and actions.
* Broad working knowledge of current practices and issues in the cyber field.
* Knowledge of common technologies such as Windows OS, email infrastructure, datacentres, network administration.
* Ability to convey often highly complex technical/ digital / cyber issues to a non-technical/ digital / cyber audience.
* Able to act as a change agent.
* Commitment to maintaining up to date knowledge of the appropriate regulations to enable adherence and to implement new regulations as required (essential)
* Right to work in the UK.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer details
Employer name
DHU Healthcare
Address
D H U Healthcare C I C
2 Roundhouse Road
Pride Park
Derby
DE24 8JE
Employer's website #J-18808-Ljbffr