Vacancy details

The role

As a Specialist Security Officer, you will play a vital role in safeguarding Natural Resources Wales’ digital infrastructure, systems, and data. You’ll proactively identify, assess, and mitigate cyber threats, helping to ensure the organisation remains resilient in an evolving risk landscape.

This role is central to implementing and maintaining robust cyber security controls, ensuring compliance with key legislation and standards such as NCSC guidance, ISO 27001, and GDPR. You’ll support the delivery of NRW’s cyber resilience strategy by working across the organisation and with external partners to embed secure practices.

You’ll have the autonomy to investigate incidents, assess risks, and respond to security issues affecting DDaT (Digital, Data and Technology) assets and operations. Findings will be reported weekly to the DDaT Security Board, and you’ll be responsible for reviewing and updating the DDaT risk register to reflect emerging threats and mitigation actions.

As an organisation we support flexible working. You will be contracted to the nearest NRW office to your home and a suitable hybrid working pattern will be agreed on appointment. Any regular face to face meetings or training will be planned in advance.

To make an informal enquiry about this role, please contact Tracey Gilliland at Tracey.Gilliland@cyfoethnaturiolcymru.gov.uk

Interviews will be face to face (details of location will be shared in advance)

Due to the nature of the work the successful candidate must be eligible for Security Check (SC) clearance. This generally requires five years’ continuous residency in the UK. Further details on eligibility can be found on National security vetting: clearance levels - GOV.UK Offers will also be subject to a satisfactory Disclosure and Barring Service Check (DBS) check. Appointments are normally made within 4 to 8 weeks of the closing date.

What you will do

• Monitor security alerts and threat intelligence feeds to detect and respond to cyber incidents.
• Lead or support incident response activities, including investigation, containment, eradication, and recovery.
• Manage and maintain security tools such as Security Information and Event Management (SIEM), endpoint protection, vulnerability scanners, and firewalls.
• Conduct regular vulnerability assessments and coordinate remediation efforts.
• Ensure compliance with public sector cyber security frameworks and  deliver cyber security awareness training and phishing simulations to staff, promoting a culture of security across the organisation.
• Advise on security requirements for digital transformation projects, ensuring alignment with organisational policies and risk appetite.
• Review new systems and services for security risks, promoting secure-by-design principles throughout their lifecycle.
• Liaise with internal stakeholders, external partners, and national cyber security bodies (e.g., National Cyber Security Centre (NCSC), law enforcement).
• Be responsible for out of hours (OOH) operational management of NRW’s entire ICT Security service on rota basis.
• Undertake health and safety duties and responsibilities appropriate to the post
• Be committed to Natural Resources Wales Equal Opportunities and Diversity Policy, together with an understanding of how it operates within the responsibilities of the post
• Be committed to your own development through the effective use of your personal development plan (known as Sgwrs).
• Any other reasonable duties requested commensurate with the grade of this role.
• Required to take part in incident response activities 

Your qualifications, experience, knowledge and skills

In your application and interview you will be asked to demonstrate the following skills and experience using the STAR method.

1. High level of technical expertise and skills including detailed knowledge of Azure Stack
2. Degree in Cyber Security, Computer Science, or a related field, or equivalent experience.
3. Professional certifications such as CompTIA Security+, CISSP, CISM, or equivalent.
4. Strong understanding of cyber security principles, threat landscapes, and attack vectors.
5. Experience with security technologies (e.g., SIEM, IDS/IPS, endpoint protection).
6. Knowledge of public sector security standards and regulatory requirements (e.g., GDPR, ISO 27001, NCSC CAF).
7. Identity and access management (IAM), security operations, cyber threat hunting, Endpoint Detection and Response (EDR) and detection analytics.
8. Proficiency in cloud security, particularly with Azure security tools and services.
9. Knowledge of secure coding practices and application security.
10. Incident response and digital forensics experience
11. You should have security clearance or be eligible for Security Check (SC) clearance in the UK

Welsh Language Level requirements:

• Essential: Level A1 - Entry level (able to use and understand simple, basic phrases and greetings, no conversational Welsh)

Please note if you do not meet the level A1 requirement i.e., ability to understand basic phrases and ability to pronounce Welsh names correctly, then NRW offers a variety of learning options and staff support to help you meet these minimal requirements during the course of your employment with us.

Please keep reading

We’re passionate about creating a diverse workforce and positively encourage applications from under-represented communities. We embrace equality of opportunity irrespective of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex and sexual orientation.  

We are committed to equal opportunities and we guarantee interviews for candidates with disabilities who meet the minimum selection criteria.

We want to attract and retain talented and highly skilled staff, so we make sure that our pay scales remain competitive. We advertise the full pay scale on our job descriptions. Appointed candidates start at the first point of the pay scale and annual increments are paid each year.

We want our staff to grow professionally and personally. From leadership development to access to further and higher education courses, our staff have opportunities to expand their knowledge on variety of topics, stay current in their field and continue to learn as their career progresses.  

We are a bilingual organisation which complies with the Welsh Language Standards.  Welsh language skills are considered an asset to NRW and we encourage and support staff to learn, develop and use their Welsh language skills. 

You are welcome to apply for any vacancy in Welsh or English and any application submitted will be treated equally. Applications are welcome from individuals who work part time, as part of a job share or who work full time.