Cyber Security Analyst

About the Role

This role is key role in delivering cyber security activities that strengthen NPL’s security posture and manage security risk. This role is responsible for assisting with the day-to-day operations of security information systems, including preventing cyber-attacks, monitoring for security incidents, and responding to potential threats. This role supports both technical and governance activities to meet the organisations security objectives.

Key responsibilities

• Support the development and implementation of cyber security processes and procedures to strengthen protection and resilience
• Evaluate risks associated with new technologies, suppliers, and projects in support of business delivery and third-party risk management
• Conduct vulnerability scans and assessments as part of vulnerability management; prioritise and collaborate with IT operations to remediate identified weaknesses in systems and applications
• Monitor and respond to cyber security event alerts, investigating and escalating incidents as required
• Contribute to assurance and compliance activities, including policy reviews, audits, and regulatory checks
• Support process improvement initiatives to enhance efficiency and effectiveness across cyber security people, process, and technology
• Assist with broader cyber security-related IT requests, including travel security requirements, software requisitions, and general queries
• Prepare detailed reports on security incidents, vulnerabilities, and trends to inform decision-making and continuous improvement
• Maintain security metrics and dashboards to measure performance and support reporting
• Maintain and update action trackers, ensuring accurate status reporting and timely follow-up on outstanding tasks
• Collaborate with internal teams and external partners to ensure alignment with security standards and best practices
• Responsible for taking reasonable duty of care for Health & Safety of themselves and of other persons who may be affected by their acts or omissions at work and always follow direct instructions given with regards to Health & Safety.

About You

Core Skills (Essential):

• Experience in IT, engineering or cyber security (typically 2-3+ years), or equivalent practical experience in an operational environment.
• A curious and analytical mindset, with the ability to dig deeper to understand root causes, patterns, and underlying risks.
• Strong analytical skills, including the ability to interpret security data, identify trends, and draw meaningful conclusions.
• High attention to detail, with the ability to accurately document activities, findings, and outcomes.
• Understanding of cyber security risks, controls, and operational security practices, and how these can be applied pragmatically to enable the business.
• Ability to balance security requirements with business needs, taking a proportionate, risk‑based approach.
• Experience working collaboratively with IT teams and wider stakeholders to enable secure delivery.
• Ability to follow defined processes while constructively contributing to their improvement
• Clear written and verbal communication skills, including explaining security issues in a business‑focused way.
• A delivery‑focused, pragmatic approach and willingness to learn and develop.

Additional Skills and Experience (Desirable)

Candidates may bring stronger experience in some of the areas below; however, all analysts are expected to contribute across both operational security and GRC activities as part of the role.

Operational security experience

• Exposure to working in or alongside a SOC or security operations function
• Familiarity with tools such as SIEM, endpoint protection, vulnerability scanning, or security monitoring platforms
• Experience handling or supporting cyber security incidents

Governance, risk and compliance experience

• Experience supporting audits, assurance activities, or compliance exercises
• Experience assessing risk and documenting mitigating controls
• Awareness of cyber security standards or frameworks (e.g. ISO 27001, NIST, Cyber Essentials)
• Experience producing security metrics, dashboards, or management reporting

We actively recruit citizens of all backgrounds, but the nature of our work in specific departments means that nationality, residency and security requirements can be more tightly defined than others. You will be asked about this throughout the recruitment process. To work at NPL, you will need to obtain BPSS security clearance.

Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert therefore we may at any time bring the closing date forward. We encourage all interested applicants to apply as soon as practical.

About Us

The National Physical Laboratory (NPL) is a world-leading centre of excellence that provides cutting-edge measurement science, engineering and technology to underpin prosperity and quality of life in the UK. Find out more about what it is like working here - The measure of us - Overview

NPL and DSIT have strong commitments to diversity and equality of opportunity, and welcome applications from candidates irrespective of their background, gender, race, sexual orientation, religion, or age, providing they meet the required criteria. Applications from women, disabled and black, Asian and minority ethnic candidates in particular are encouraged. All disabled candidates (as defined by the Equality Act 2010) who satisfy the minimum criteria for the role will be guaranteed an interview under the Disability Confident Scheme.

At NPL, we believe our success is a result of the diversity and talent of our people. We strive to nurture and respect individuals to ensure everyone feels valued by treating everyone on the basis of their own individual merits and abilities regardless of their own or perceived identity, as part of our commitment to diversity & inclusion, we ensure we’re creating an environment where all our colleagues feel supported and welcome. More about this on our Diversity & Inclusion page.

We are committed to the health and well-being of our employees. Flexible working and social activities are embedded in our culture to create a positive work-life balance, along with a broad range of rewards, benefits and recognition . Our values are at the heart of what we do, and they shape the way we interact, develop our people and celebrate success. To ensure everyone has an equal chance, we’re always willing to make reasonable adjustments to the recruitment process. If you would like to discuss, please contact us.