Graduate Cyber Risk Analyst

Date: 25 May 2023

Location: Malvern, England, GB

Company: QinetiQ



Key Accountabilities

  • Support creation of business risk models and associated material, in support of operational cyber security and business planning across a range of different domains or sectors using established frameworks (e.g. NIST, UK Government)
  • Support cyber security audit processes in support of operational and business planning activity across a range of different domains or sectors against recognised standards (e.g. ISO27001, UK Government)
  • Support cyber security vulnerability analysis that provides a rich picture of organisational maturity and risk exposure to cyber security, in support of operational and business planning activity across a range of different domains or sectors using established frameworks (e.g. NIST, MITRE ATT&CK, UK Government)
  • Understand mitigations for cyber risk in a given business or operational scenario and threat environment
  • Support development of cyber security risk cases in a given business or operational context
  • Apply cyber vulnerability and threat insights to support operational cyber security defence, including support to configuration of detection tools
  • Analyse security event information from networks, and other data, to identify potential cyber security incidents and issues and liaise with stakeholder to support remediation & resolution of cyber security incident


Key Capabilities/Knowledge

  • Understands threat, vulnerability & cyber risk concepts and can describe general mitigations
  • Understands threat intelligence concepts and aware of threat intelligence lifecycle
  • Understand relevant NIST frameworks and ISO27001 standards and how to apply in practice with appropriate supervision
  • Some knowledge of MITRE ATT&CK
  • Awareness of the impact of cyber risk, security accreditation and certification on business or operational outcomes
  • Able to understand regulatory requirements and, with colleagues, devise courses of action to meet these appropriate to the business or operational context.
  • able to support development of risk mitigation strategies that enhance business outcomes with appropriate supervision
  • Understand cyber risk and mitigations put in place and can provide evidence to help refine risk mitigation approaches with appropriate supervision
  • Able to support identification, documenting and articulation of security risk and mitigation approaches, against technology solutions and business processes
  • able to engage and communicate  with customers
  • able to support engagement and communication effectively with stakeholders at all levels
  • Good awareness of digital technology (in particular computer and computer network, including basics of TCP/IP)
  • Some awareness of how architects and designers employ the technology to build systems of interest
  • Demonstrate developing judgement in relation to cyber risk and vulnerability assessment
  • Able to articulate evidenced  arguments for recommended courses of action
  • Some Government, defence, CNI market awareness
  • Able to work independently with appropriate direction and supervision, seeking guidance on own initiative for unusual or unfamiliar situations


Experience & Qualifications

  • STEM degree or equivalent
  • Experience that demonstrates an inquisitive and questioning approach, willingness to challenge, ability to reason with evidence, and solve problems
  • Digitally literate (including fluency in Microsoft Office tools)



  • Experience in a cyber security role
  • Experience supporting security vulnerability, risk, audit & compliance
  • Experience supporting work with relevant NIST and ISO27001 frameworks and standards.
  • Experience of at least one sectors or domains that may include defence, wider UK Government or critical national infrastructure.
  • Experience supporting security audit preparation and outcomes
  • Initial membership of CIISec or equivalent



Please note that all applicants must be eligible for SC clearance as a minimum.


UKSV National Security Vetting Solution: guidance for applicants - GOV.UK (

Why join QinetiQ?

As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having the courage to take on a wide variety of complex challenges.

You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here.  

Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits.  You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more. 

About QinetiQ

As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.

Please note that many roles in QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.