FATP · an independent directoryApprenticeship data sourced from DfE, ESFA and IfATEUpdated daily · GB
L3Apprenticeship5593 approved providers
The Level 3 Cyber security technician, and the 3 providers delivering it.
Provide first line cyber security support
About this apprenticeship
What this apprenticeship covers
Apprentices learn to protect an organisation's digital information by monitoring for threats, applying security controls, and supporting day-to-day security operations. Practical skills include patching software, configuring firewalls, implementing access controls, and working with SIEM tools, anti-virus, anti-malware, and anti-spam systems. The standard also covers identifying vulnerabilities, responding to security incidents within defined procedures, and understanding when to escalate issues. Alongside the technical work, apprentices develop an understanding of how to support a security-aware culture across the organisation.
Day-to-day responsibilities
Working within a Security Operations Centre or Network Operations Centre, an apprentice monitors systems for suspicious activity and responds to alerts following established procedures. Week to week, this means reviewing SIEM dashboards, applying software patches and updates, processing access control requests, and logging security incidents. They work alongside senior analysts and interact with colleagues, internal teams, and occasionally external suppliers. Most tasks are carried out under supervision, with regular check-ins and work reviewed at set milestones.
Career outlook
Completing this apprenticeship typically leads to roles such as junior security analyst, incident response technician, SOC analyst, access control administrator, or junior penetration tester. From there, progression routes include senior analyst positions, specialisation in threat intelligence or penetration testing, and longer-term moves into security architecture or management. Employers recruiting at this level span almost every sector, including financial services, telecoms, healthcare, retail, media, manufacturing, and local government. Any organisation that stores sensitive data digitally and needs to protect it is a potential employer.
3 approved providers
Sorted by achievement rate.
Blackpool and The Fylde College
Employer: 4.0
Blackpool and The Fylde College (B&FC) offers a wide range of technical and professional education o...
Achievement Training
Achievement Training Limited (ATL) is a private training organisation based in Plymouth city centre,...
City of London Corporation
The City of London Corporation delivers apprenticeships and adult learning through its Adult Skills ...
Career outcomes
Roles after completion
Completers typically move into first-line security roles such as Junior Security Operations Centre (SOC) Analyst, Junior Information Security Analyst, Cyber Security Administrator, or Incident Response Technician. Some move into more specialised starting positions, including Junior Penetration Tester or Junior Threat and Risk Analyst. Day-to-day work at this stage involves monitoring alerts, triaging incidents, configuring firewalls, managing access control, and working within defined procedures under supervision.
Progression paths
Within three to five years, analysts commonly progress to mid-level SOC Analyst, Information Security Analyst, or Threat Intelligence Analyst roles, taking on more independent incident handling and leading on specific controls or toolsets. From there, two tracks tend to open up: a leadership path towards SOC Team Lead, Security Manager, or Head of Information Security, and a technical specialist path towards Penetration Tester, Security Engineer, or Cloud Security Architect. Many practitioners also pursue certifications such as CompTIA Security+, CEH, or CISSP alongside their experience.
Where these roles sit
Virtually every sector that holds sensitive data employs people in these roles, which in the UK means financial services, the NHS and wider public health, local and central government, telecoms providers, retail and e-commerce, media organisations, and manufacturing firms. Employers range from large in-house security teams at FTSE-listed companies and public sector bodies to managed security service providers (MSSPs) that deliver outsourced security operations to smaller organisations.
How it's assessed
How the apprenticeship is assessed
Learning takes place in a real workplace from the start, so apprentices build competence in tasks like monitoring for threats, configuring security controls, and responding to incidents as part of their day-to-day role. Before final assessment, both the employer and training provider confirm the apprentice has reached the required standard, a checkpoint commonly called the gateway. Final assessment then verifies that the apprentice can apply the knowledge, skills and behaviours the occupation requires to a professional level. Assessment models across many standards are currently being updated, so check the standard's gov.uk page for the current specification.
What learners need to prepare
Building evidence throughout the apprenticeship, rather than scrambling at the end, makes a significant difference to readiness. Apprentices should keep records of real work, such as logs of security incidents handled, access control changes made, and firewall configurations set up, to draw on when demonstrating competence. Working closely with both the employer and training provider to review progress at regular intervals helps identify any gaps early. Consistent record-keeping from the first weeks of the programme reduces pressure when the gateway review approaches.
Choosing a provider
What good looks like
Look for providers with an achievement rate above 65% on their FATP profile, ideally higher given the relatively short 18-month duration. For a technical role like this, ask whether tutors hold current industry certifications (CompTIA Security+, CEH, or equivalent) and whether the curriculum covers tools apprentices will actually use on the job: SIEM platforms, firewall configuration, patch management processes and access control systems. Strong employer satisfaction scores and recent learner reviews that mention hands-on lab work or simulated SOC environments are a good sign. Check the provider delivers the standard in your region.
Red flags to watch for
Be cautious of providers with high learner volumes but a falling achievement rate, which can indicate stretched delivery staff or poor learner support. If a provider cannot clearly describe how apprentices practise configuring SIEM tools or firewalls in a realistic environment, the programme may be too classroom-theoretical for a role that requires practical first-line competence. Vague responses about end-point assessment preparation, or tutors whose certifications are several years out of date, are worth probing. Opaque cohort sizes can also make it difficult to judge whether a provider genuinely specialises in this standard.
Questions to ask before you commit
- What SIEM platforms, firewall tools and security monitoring software do apprentices work with during training, and how often are those tools updated?
- How do you prepare apprentices for the end-point assessment, and what is your current achievement rate for this standard?
- Can you share examples of job roles or teams where your past completers are working now?
- How is off-the-job training structured for apprentices working in a live SOC or NOC environment?
- What happens if an apprentice's employer does not have a mature cyber security function, and how do you fill those practical gaps?
- How do your tutors maintain current industry knowledge, and what certifications do they hold?
Common questions
What are the entry requirements for a cyber security technician apprenticeship?
Employers set their own entry requirements, but most expect GCSEs in maths and English at grade 4 or above, or equivalent qualifications. Some employers also look for an interest in IT or prior technical experience, though this varies. Apprentices must be in paid employment for the duration of the programme. If a candidate doesn't yet meet English or maths requirements, they can work towards functional skills qualifications alongside the apprenticeship.
How much time does the apprenticeship take, and does the apprentice work throughout?
Yes, the apprentice is employed from day one and learns on the job throughout. Some learning time is spent off the job, whether that's attending training sessions, studying, or completing coursework. The government is currently reviewing minimum duration rules and off-the-job training requirements as part of Skills England reforms. Check the current specification on the Institute for Apprenticeships and Technical Education page for up-to-date details before setting expectations with a new recruit.
How is the apprenticeship assessed?
Before moving to end-point assessment, the apprentice must pass through a gateway, where the employer and training provider confirm the apprentice has developed the necessary knowledge, skills, and behaviours. The end-point assessment then tests competence independently. Assessment models for many standards are being updated, so the exact methods, such as practical observations, professional discussions, or written assessments, should be confirmed against the current specification on gov.uk before enrolment.
How does funding work for employers taking on a cyber security technician apprentice?
The funding band for this standard is £11,000, which is the maximum government contribution towards training and assessment costs. Levy-paying employers draw this from their Digital Apprenticeship Service account. Non-levy employers, typically those with a payroll under £3 million, pay 5% of training costs and the government covers the rest. If you're a small employer with fewer than 50 employees taking on an apprentice aged 16 to 18, training costs are fully funded by the government.
What does a cyber security technician apprentice actually do at work?
Day-to-day tasks typically involve monitoring systems for threats, responding to security alerts, and escalating incidents when needed. Practical work includes patching software, managing access controls, configuring firewalls, and using security tools such as SIEM platforms, antivirus, and anti-malware solutions. Apprentices work under supervision, often within a Security Operations Centre or Network Operations Centre, handling defined procedures and contributing to keeping an organisation's systems secure and available.
What can a cyber security technician apprentice do after completing this apprenticeship?
Completers commonly move into roles such as junior security analyst, incident response technician, or junior SOC analyst. From there, many progress towards higher-level apprenticeships or qualifications in cyber security, such as a Level 4 or degree-level programme. Industry certifications, such as CompTIA Security+ or vendor-specific qualifications, are a natural next step. The occupation is in demand across finance, health, retail, telecoms, and the public sector, so progression opportunities are broad.
Not sure which provider fits?
Tell us a bit about your team and we'll send a shortlist.
Need help choosing a provider?
Tell us your requirements and we'll match you with the right training providers.
Curated by Alex Lockey, FATP founder and editor. Last reviewed: .
Sources include the apprenticeship's official specification on apprenticeships.gov.uk, Skills England guidance, IfATE archive records, DWP funding bands, and provider data sourced directly from the public Apprenticeship Provider and Assessment Register (APAR). Standard reference: 559.
Some sections on this page were drafted with AI assistance from published source data and reviewed by a human editor before publication. See our editorial methodology for how we maintain this content. Spotted something out of date? Tell us.
Related standards
Software Developer L4Artificial intelligence (AI) and automation practitioner L4Hardware, network and infrastructure foundation apprenticeship L2Infrastructure technician L3Digital product manager L4Software and data foundation apprenticeship L2Information communications technician L3Network Cable Installer L3