Cyber Security Specialist in Cardiff

The role involves safeguarding Natural Resources Wales' digital infrastructure, systems, and data. You will proactively identify, assess, and mitigate cyber threats, ensuring the organisation remains resilient in an evolving risk landscape.

This role is central to implementing and maintaining robust cyber security controls, ensuring compliance with key legislation and standards such as NCSC guidance, ISO 27001, and GDPR. You will support the delivery of NRW's cyber resilience strategy by working across the organisation and with external partners to embed secure practices.

You will have the autonomy to investigate incidents, assess risks, and respond to security issues affecting DDaT (Digital, Data and Technology) assets and operations. Findings will be reported weekly to the DDaT Security Board, and you will be responsible for reviewing and updating the DDaT risk register to reflect emerging threats and mitigation actions.

As an organisation, we support flexible working. You will be contracted to either the Bangor or Cardiff NRW office, and a suitable hybrid working pattern will be agreed upon appointment. Travel between Bangor and Cardiff may be required, and any face-to-face meetings or training will be planned in advance.

To make an informal enquiry about this role, please contact Tracey Gilliland. Interviews will be face-to-face (details of location will be shared in advance). Due to the nature of the work, the successful candidate must be eligible for Security Check (SC) clearance, which generally requires five years' continuous residency in the UK. Further details on eligibility can be found on National security vetting: clearance levels - GOV.UK. Offers will also be subject to a satisfactory Disclosure and Barring Service Check (DBS) check. Appointments are normally made within 4 to 8 weeks of the closing date.

What you will do:

• Monitor security alerts and threat intelligence feeds to detect and respond to cyber incidents.
• Lead or support incident response activities, including investigation, containment, eradication, and recovery.
• Manage and maintain security tools such as Security Information and Event Management (SIEM), endpoint protection, vulnerability scanners, and firewalls.
• Conduct regular vulnerability assessments and coordinate remediation efforts.
• Ensure compliance with public sector cyber security frameworks and deliver cyber security awareness training and phishing simulations to staff, promoting a culture of security across the organisation.
• Advise on security requirements for digital transformation projects, ensuring alignment with organisational policies and risk appetite.
• Review new systems and services for security risks, promoting secure-by-design principles throughout their lifecycle.
• Liaise with internal stakeholders, external partners, and national cyber security bodies (e.g., National Cyber Security Centre (NCSC), law enforcement).
• Be responsible for out of hours (OOH) operational management of NRW's entire ICT Security service on a rota basis.
• Undertake health and safety duties and responsibilities appropriate to the post.
• Be committed to Natural Resources Wales Equal Opportunities and Diversity Policy, together with an understanding of how it operates within the responsibilities of the post.
• Be committed to your own development through the effective use of your personal development plan (known as Sgwrs).
• Any other reasonable duties requested commensurate with the grade of this role.

Your qualifications, experience, knowledge and skills:

• High level of technical expertise and skills including detailed knowledge of Azure Stack.
• Degree in Cyber Security, Computer Science, or a related field, or equivalent experience.
• Professional certifications such as CompTIA Security+, CISSP, CISM, or equivalent.
• Strong understanding of cyber security principles, threat landscapes, and attack vectors.
• Experience with security technologies (e.g., SIEM, IDS/IPS, endpoint protection).
• Knowledge of public sector security standards and regulatory requirements (e.g., GDPR, ISO 27001, NCSC CAF).
• Identity and access management (IAM), security operations, cyber threat hunting, Endpoint Detection and Response (EDR) and detection analytics.
• Proficiency in cloud security, particularly with Azure security tools and services.
• Knowledge of secure coding practices and application security.
• Incident response and digital forensics experience.
• You should have security clearance or be eligible for Security Check (SC) clearance in the UK.

Welsh Language Level requirements:

• Essential: Level A1 - Entry level (able to use and understand simple, basic phrases and greetings, no conversational Welsh).

Please note if you do not meet the level A1 requirement, NRW offers a variety of learning options and staff support to help you meet these minimal requirements during the course of your employment with us.

Benefits:

• Civil Service Pension Scheme offering employer contributions of 28.97% (successful internal staff will remain in their current pension scheme).
• 28 days annual leave, rising to 33 days.
• Generous leave entitlements for all your life needs.
• Commitment to professional development.
• Health and wellbeing benefits and support.
• Weekly wellbeing hour to use as you choose.

We are passionate about creating a diverse workforce and positively encourage applications from under-represented communities. We embrace equality of opportunity irrespective of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, and sexual orientation. We are committed to equal opportunities, and we guarantee interviews for candidates with disabilities who meet the minimum selection criteria.

We want to attract and retain talented and highly skilled staff, so we make sure that our pay scales remain competitive. We advertise the full pay scale on our job descriptions. Appointed candidates start at the first point of the pay scale and annual increments are paid each year.

Unless otherwise stated in the 'Role' section of this advert, Natural Resources Wales is unable to offer visa sponsorship for this position. Although we hold a Skilled Worker visa sponsorship licence, it applies only to specific roles that meet both the eligibility criteria and salary requirements set out by the UK Government under the Skilled Worker visa route.

We want our staff to grow professionally and personally. From leadership development to access to further and higher education courses, our staff have opportunities to expand their knowledge on a variety of topics, stay current in their field, and continue to learn as their career progresses.

We are a bilingual organisation which complies with the Welsh Language Standards. Welsh language skills are considered an asset to NRW, and we encourage and support staff to learn, develop, and use their Welsh language skills.