Information security analyst apprentice

Rochdale Metropolitan Borough Council

Greater Manchester (OL16 1XU)

Closes in 20 days (Monday 8 June 2026 at 11:59pm)

Posted on 18 May 2026

Print

Contents

Summary

Information Security Analyst protects the council’s digital infrastructure, data and operations. Reporting to the Information Security Technical Lead, the role supports security controls across the ICT environment, helping maintain cyber resilience, DLP measures and regulatory compliance.

Wage

£25,583 a year

Minimum wage rates (opens in new tab)

first 12 months, £25,583 and £25,989 for the remaining months of the contract.

Training course
Cyber security technologist (2021) (level 4)
Hours
A work-life-balance scheme is in operation. Shifts to be confirmed.

37 hours a week

Start date

Monday 7 September 2026

Duration

1 year 7 months

Positions available

3

Work

Most of your apprenticeship is spent working. You’ll learn on the job by getting hands-on experience.

What you'll do at work

Principal Duties:

  • Proactively monitor network and system activity to detect potential security threats, using tools such as SIEM and endpoint protection platforms
  • Assist in the investigation and resolution of low-level security incidents, escalating more complex issues to senior staff
  • Maintain detailed logs and records of security events, incidents, and remediation efforts to support audit and compliance requirements
  • Use Microsoft security services (Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, etc.) and other monitoring tools to identify and respond to potential data loss or unauthorized data sharing

Incident Triage & Response:

  • Perform timely triage of security alerts to determine impact and urgency, investigating incidents using available tools and data
  • Lead initial incident response actions (containment, remediation, communication) for confirmed security incidents, following established escalation procedures
  • Ensuring that all incidents are promptly escalated to senior leadership or external partners, as appropriate

Threat Analysis & Intelligence Integration:

  • Analyse malicious activities to determine root cause and attack vectors by mapping observed attacker actions to the MITRE ATT&CK framework
  • Monitor threat intelligence feeds for information on new vulnerabilities, malware campaigns, or attack techniques that could impact the Council
  • Evaluate this intelligence and adjust monitoring priorities or techniques accordingly

Detection Improvement:

  • In collaboration with the Information Security Technical Lead, contribute to the development and refinement of detection content. Provide feedback on Sentinel analytic rules and Microsoft security services alert tuning based on what is observed

Proactive Threat Hunting:

conduct proactive threat hunting across the council’s systems utilising the available toolset. This involves hypothesis-driven exploration of data to find hidden threats that haven’t triggered alerts. Throughout ensuring that hunting activities are documented, and any discoveries are handled as in accordance with incident response procedures

Security Tools & Infrastructure:

  • Support the deployment, configuration, and maintenance of core security tools including antivirus software, firewalls, SIEM systems, Microsoft security services and endpoint protection
  • Ensure DLP policies are effectively integrated into security infrastructure, including email filtering and endpoint protection systems, to prevent leakage of sensitive council data

Vulnerability & Patch Management:

  • Assist in conducting regular vulnerability scans and support the patching of systems to mitigate identified risks
  • Collaborate with ICT teams to identify and remediate DLP-related vulnerabilities, such as misconfigured access controls or insecure data flows

Security Awareness & Training:

  • Contribute to the delivery of security awareness initiatives and training sessions for council staff
  • Promote best practices in data handling and educate users on how DLP policies protect council information and support compliance

Metrics and Trend Reporting:

  • Contribute to regular operational reports for Information Security management
  • These reports may include metrics such as number of alerts processed, number of incidents handled, time to respond, trends in types of attacks observed and current vulnerabilities across the estate
  • Demonstrating the SOC’s activity levels and highlight areas of concern

Where you'll work

Number One Riverside
Smith Street
Rochdale
Greater Manchester
OL16 1XU

Training

Apprenticeships include time away from working for specialist training. You’ll study to gain professional knowledge and skills.

Training provider

VELOCITY 1ST LIMITED

Training course

Cyber security technologist (2021) (level 4)

Understanding apprenticeship levels (opens in new tab)

What you'll learn

Course contents
  • Discover vulnerabilities in a system by using a mix of research and practical exploration.
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards.
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source).
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification.
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards.
  • Identify cyber security threats relevant to a defined context.
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.
  • Design, build, test and troubleshoot a network incorporating more than one subnet with static and dynamic routes, to a given design requirement without supervision. Provide evidence that the system meets the design requirement.
  • Analyse security requirements given (functional and non-functional security requirements that may be presented in a security case) against other design requirements (e.g. usability, cost, size, weight, power, heat, supportability etc.) for a given system or product. Identify conflicting requirements and propose, with reasoning, resolution through appropriate trade-offs.
  • Design and build, systems in accordance with a security case within broad but generally well-defined parameters. This should include selection and configuration of typical security hardware and software components. Provide evidence that the system has properly implemented the security controls required by the security case.
  • Design systems employing encryption to meet defined security objectives. Develop and implement a plan for managing the associated encryption keys for the given scenario or system.
  • Use tools, techniques and processes to actively prevent breaches to digital system security.
  • Configure digital system monitoring and analysis tools (e.g. SIEM tools), taking account of threat & vulnerability intelligence, indicators of compromise.
  • Conduct cyber-risk assessments against an externally (market) recognised cyber security standard using a recognised risk assessment methodology.
  • Develop information security policies or processes to address a set of identified risks, for example from security audit recommendations.
  • Develop information security policies within a defined scope to take account of legislation and regulation relevant to cyber security.
  • Take an active part in a security audits against recognised cyber security standards, undertake gap analysis and make recommendations for remediation.
  • Develop plans for local business continuity for approval within defined governance arrangements for business continuity.
  • Assess security culture using a recognised approach.
  • Design and implement a simple ‘security awareness’ campaign to address a specific aspect of a security culture.
  • Develop plans for incident response for approval within defined governance arrangements for incident response.
  • Integrate and correlate information from various sources (including log files from different sources, digital system monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a digital system security breach.
  • Recognise anomalies in observed digital system data structures (including by inspection of network packet data structures) and digital system behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.
  • Undertake root cause analysis of events and make recommendations to reduce false positives and false negatives.
  • Manage local response to non-major incidents in accordance with a defined procedure.
  • Discover vulnerabilities in a system by using a mix of research and practical exploration.
  • Analyse and evaluate security threats and hazards to a system or service or processes. Use relevant external source of threat intelligence or advice (e.g. National Cyber Security Centre) Combine different sources to create an enriched view of cyber threats and hazards.
  • Research and investigate common attack techniques and relate these to normal and observed digital system behaviour and recommend how to defend against them. Interpret and demonstrate use of external source of vulnerabilities (e.g. OWASP, intelligence sharing initiatives, open source).
  • Undertake security risk assessments for simple systems without direct supervision and propose basic remediation advice in the context of the employer.
  • Source and analyse security cases and describe what threats, vulnerability or risks are mitigated and identify any residual areas of concern.
  • Analyse employer or customer requirements to derive security objectives and taking account of the threats and overall context develop a security case which sets out the proposed security measures in the context with reasoned justification.
  • Identify and follow organisational policies and standards for information and cyber security and operate according to service level agreements or other defined performance targets.
  • Configure, deploy and use computer, digital network and cyber security technology.
  • Recommend improvements to the cyber security posture of an employer or customer based on research into future potential cyber threats and considering threat trends.
  • Write program code or scripts to meet a given design requirement in accordance with employers' coding standards.
  • Identify cyber security threats relevant to a defined context.
  • Accurately, objectively and concisely record and report the appropriate cyber security information, including in written reports within a structure or template provided.

Training schedule

  • Velocity apprenticeship training programmes are delivered virtually by our fully qualified and industry experienced training team
  • Using their expert knowledge, they will provide the skills necessary to succeed in the workplace and to expand future career prospects
  • Throughout the apprenticeship, learners receive coaching, help and guidance from a dedicated team who are there to ensure they get the most from their programme

Requirements

Essential qualifications

GCSE in:

  • English (grade A*-C/ 9-4)
  • Maths (grade A*-C/ 9-4)

Share if you have other relevant qualifications and industry experience. The apprenticeship can be adjusted to reflect what you already know.

Skills

  • Communication skills
  • IT skills
  • Attention to detail
  • Organisation skills
  • Customer care skills
  • Problem solving skills
  • Administrative skills
  • Number skills
  • Analytical skills
  • Logical
  • Team working
  • Initiative
  • Non judgemental
  • Cyber compliance monitoring
  • People & stakeholder skills
  • Security governance & IT
  • InfoSec threat awareness
  • Security tools training
  • GDPR & CE+ awareness
  • DLP principles & tech

Other requirements

  • Occasional evening or weekend work for which there will be compensation in accordance with local conditions of service
  • This role is expected to perform a reasonable amount of out of hours work given reasonable notice
  • This role is expected to be part of an ‘on-call’ / ‘on standby’ scheme within ICT
  • Requirement to travel within, and outside, the Borough
  • For car owners, casual car allowance is payable

About this employer

Rochdale Metropolitan Borough Council is the local authority serving the borough of Rochdale in Greater Manchester. The Council delivers a wide range of public services including education, housing, social care, environmental services, public health, regeneration, and community safety.

The organisation is committed to improving outcomes for residents, supporting local communities, and driving economic growth across the borough. Rochdale Council values inclusivity, innovation, collaboration, and continuous improvement, with a strong focus on delivering high-quality and secure public services.

http://www.rochdale.gov.uk (opens in new tab)

After this apprenticeship

  • The role offers long term security and the opportunity to progress into a permanent position

Ask a question

The contact for this apprenticeship is:

VELOCITY 1ST LIMITED

Ivana

ivana@velocity-academy.co.uk

The reference code for this apprenticeship is VAC2000032166.

Apply now

Closes in 20 days (Monday 8 June 2026 at 11:59pm)