Back to Courses

Cyber Intrusion Analyst

Course Code: AP4

Level: 4
Subject area: Media, Games & Computing

Qualification: Apprenticeship
Course type: Full-time
Time of Day: Daytime
Duration: Two years
When you'll study: Various days and times

Choose A Start Date & Apply
About the course

The primary role of a Cyber Intrusion Analyst is to detect breaches in network security for escalation to incident response or other determined function. An Intrusion Analyst will typically use a range of automated tools to monitor networks in real time, will understand and interpret the alerts that are automatically generated by those tools, including integrating and correlating information from a variety of sources and in different forms and where necessary seek additional information to inform the Analyst’s judgement on whether or not the alert represents a security breach. When an Analyst has decided that a security breach has been detected, he or she will escalate to an incident response team, or other determined action, providing both notification of the breach and evidence with reasoning that supports the judgement that a breach has occurred. An Analyst will typically work as part of a team (or may lead a team) and will interact with external stakeholders, including customers and third party sources of threat and vulnerability intelligence and advice.

What you'll learn

On this course, you will learn to:

• integrate and correlate information from various sources and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a network security breach
• accurately, impartially and concisely record and report the appropriate information, including the ability to write reports
• recognise and identify all the main normal features of log files generated by typical network appliances, including servers and virtual servers, firewalls, routers
• recognise and identify all the main features of a normally operating network layer, including data structures and protocol behaviour, as presented by network analysis and visualisation tools
• undertake root cause analysis of events and make recommendations to reduce false positives and false negatives
• undertake own research to find information on threat and vulnerability (including using the internet)
• manage local response to non-major incidents in accordance with a defined procedure
• operate according to service level agreements or employer defined performance targets
• understand IT network features and functions, including virtual networking, principles and common practice in network security and the OSI and TCP/IP models, and the function and features of the main network appliances
• understand and utilise at least three Operating System (OS) security functions and associated features
• understand and apply the foundations of information and cyber security including: explaining the importance of cyber security and basic concepts including harm, identity, confidentiality, integrity, availability, threat, risk and hazard, trust and assurance and the ‘insider threat’ as well as explaining how the concepts relate to each other and the significance of risk to a business
• understand and propose appropriate responses to current and new attack techniques, hazards and vulnerabilities relevant to the network and business environment
• understands lifecycle and service management practices to Information Technology Infrastructure Library (ITIL) foundation level
• understands and can advise others on cyber incident response processes, incident management processes and evidence collection/preservation requirements to support incident investigation
• understands the main features and applicability of law, regulations and standards (including Data Protection Act/Directive, Computer Misuse Act, ISO 27001) relevant to cyber network defence and follows these appropriately
• understands, can adhere to and can advise on the ethical responsibilities of a cyber-security professional.

Entry requirements

Acceptance on this Apprenticeship is via initial assessment. Individual employers will set the selection criteria, but this is likely to include A-Levels, level 3 Apprenticeship or other relevant qualification relevant experience and/or an aptitude test.


Assessment is continuous, both on and off the job. Level 2 English and maths will need to be achieved, if not already, prior to taking the end point assessment.

What's next?

On successful completion, you may wish to continue your studies by moving onto a higher level Apprenticeship or course. You could also benefit from greatly enhanced job opportunities, whether with your current employer or elsewhere.
This apprenticeship is recognised for entry to IISP Associate Membership and for entry onto the Register of IT Technicians confirming SFIA level 3 professional competence. Those completing the apprenticeship are eligible to apply for registration.

Important information

Fees quoted apply to courses starting in the academic year 2018/19 (August 2018 – July 2019). There may be a slight increase in fees for courses starting 2019/20.

Whether or not you've got a work placement lined up, you can apply for and start an Apprenticeship at any time. We'll work with you to make sure you're on the right career path and help match you with a suitable employer. Just complete and return an application form.