{ “@context”: “http://schema.org”, “@type”: “JobPosting”, “title”: “Cyber Security Analyst – Threat Intelligence”, “description”: “
Overview
Cyber Operations supports safe care and builds public trust by enhancing NHS England’s cyber resilience.
Sub‑directorate structure
- Cyber Security Operations Unit (CSOU & SIO)
- Cyber Delivery Unit (CDU)
- Cyber Improvement Programme
- Chief Information Security Office Function (CISO)
CSOC Threat Intelligence Team
- Intelligence Collection & Analysis – perform collection, aggregation, analysis and contextualisation of healthcare and security information to produce actionable CTI.
- Cybersecurity Threat & Risk Assessment – conduct high‑level risk assessments of current and emerging threats to the health & social care estate.
- Intelligence Dissemination & Reporting – produce stakeholder‑specific intelligence reporting.
- Specialist CTI Support – provide specialist CTI support to CSOC during high‑complexity incidents.
Role
The Cyber Security Threat Intelligence Analyst acts as a threat intelligence specialist, analysing potential security threats facing NHS England.
Core responsibilities
- Interrogate threat intelligence sources to identify items of interest for triage and analysis.
- Collect and process information from threat intelligence sources to aid the identification of potential cyber threats.
- Contextualise and interpret threats via intelligence models and frameworks.
- Identify indicators of compromise within intelligence items.
- Investigate significant intelligence items, identifying opportunities for further lead development.
- Provide specialist CTI support to protective monitoring teams during high‑complexity incidents.
- Create intelligence products for the appropriate audience, quoting sources and stating confidence.
- Contribute to the continuous development of the Threat Operations pod.
- Deliver against CSOC security requirements as directed by senior leadership.
- Lead in‑depth CTI investigations.
Additional context
- Staff may be recruited from outside the NHS and may be appointed at the bottom of the pay band.
- Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.
Contact
For further details or informal visits: Name: Francis Taylor, Job title: Security Lead (Analyst), Email: england.cyberoperationsrecruitment@nhs.net
#J-18808-Ljbffr”, “datePosted”: “2026-05-18”, “hiringOrganization”: { “@type”: “Organization”, “name”: “NHS England”, “sameAs”: “https://uk.whatjobs.com/pub_api__cpl__435630015__4861?utm_campaign=publisher&utm_medium=api&utm_source=4861&geoID=918” }, “jobLocation”: { “@type”: “Place”, “address”: { “@type”: “PostalAddress”, “addressLocality”: “Leeds” } } }Company: NHS England
Location: Leeds
Job Description:
Overview
Cyber Operations supports safe care and builds public trust by enhancing NHS England’s cyber resilience.
Sub‑directorate structure
- Cyber Security Operations Unit (CSOU & SIO)
- Cyber Delivery Unit (CDU)
- Cyber Improvement Programme
- Chief Information Security Office Function (CISO)
CSOC Threat Intelligence Team
- Intelligence Collection & Analysis – perform collection, aggregation, analysis and contextualisation of healthcare and security information to produce actionable CTI.
- Cybersecurity Threat & Risk Assessment – conduct high‑level risk assessments of current and emerging threats to the health & social care estate.
- Intelligence Dissemination & Reporting – produce stakeholder‑specific intelligence reporting.
- Specialist CTI Support – provide specialist CTI support to CSOC during high‑complexity incidents.
Role
The Cyber Security Threat Intelligence Analyst acts as a threat intelligence specialist, analysing potential security threats facing NHS England.
Core responsibilities
- Interrogate threat intelligence sources to identify items of interest for triage and analysis.
- Collect and process information from threat intelligence sources to aid the identification of potential cyber threats.
- Contextualise and interpret threats via intelligence models and frameworks.
- Identify indicators of compromise within intelligence items.
- Investigate significant intelligence items, identifying opportunities for further lead development.
- Provide specialist CTI support to protective monitoring teams during high‑complexity incidents.
- Create intelligence products for the appropriate audience, quoting sources and stating confidence.
- Contribute to the continuous development of the Threat Operations pod.
- Deliver against CSOC security requirements as directed by senior leadership.
- Lead in‑depth CTI investigations.
Additional context
- Staff may be recruited from outside the NHS and may be appointed at the bottom of the pay band.
- Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in our offices.
Contact
For further details or informal visits: Name: Francis Taylor, Job title: Security Lead (Analyst), Email: england.cyberoperationsrecruitment@nhs.net
#J-18808-Ljbffr…
Posted: May 18th, 2026