IT Security Analyst
The IT Security analyst will work as part of a team responsible for developing and delivering a programme of information security controls. In addition the analyst will provide expertise and assurance that existing controls are maintained, by close collaboration with the IT Infrastructure and Service Delivery teams.
KEY RESPONSIBILITIES & ACCOUNTABILITIES:
Vulnerability management: Manage, broaden and maintain the Company’s vulnerability assessment program. This will include:
- Day to day management of in-place vulnerability assessment technology,
- Running vulnerability scans and determining appropriate mitigation actions,
- Engaging with SME’s agree, prioritise and monitor the delivery of mitigation actions,
- Maintaining awareness of new threats and taking action to protect the Company,
- Work with external partners and internal stakeholders to deliver penetration tests and resulting remediation plans.
Risk management: Implement and run a formalised cyber security risk management process. This will include:
- Building and then maintaining the Company’s asset risk register,
- Performing cyber security risk assessments,
- Performing the patch management of all Servers and Clients
- Managing risk treatment plans with asset owners/stakeholders,
- Review and testing of security controls to assure their effectiveness.
Provide subject matter expertise: Support internal project delivery pipeline, BAU initiatives and changes by providing:
- A central point of contact for security related enquiries,
- Expert guidance on compliance with security policies, architectural principles and security best practices,
- Solutions to security challenges that enables successful outcomes.
Security Incident Response: Support the cyber incident response process including:
- Support the development of new incident monitoring use cases,
- Review alerts generated by monitoring tools (Darktrace),
- Lead the response to and coordination of security incidents.
Access management: Provide assurance on standard and privileged access management:
- Maintain monitoring coverage of privileged access,
- Perform regular reviews of critical system and privileged access. There is an opportunity to automate this process either through existing or potentially new tooling.
IT Service Delivery. Global IT Infrastructure and Technology teams
- Understands how cyber threat operate, the common types of attacks facing organisations and the key technical countermeasures to mitigate them. Practical hands-on experience in either offensive or defensive technical security is a distinct advantage,
- Can undertake and produce a documented business impact analysis and risk assessment,
- Can perform architectural security reviews to identify design weaknesses and provide recommendations to ensure a robust security design,
- Is capable of configuring (infrequent requirement) and reviewing security technology configurations (e.g. audit policies, firewalls, anti-malware, intrusion prevention) to assure their effectiveness,
- Can write at minimum small scripts to query Microsoft Active Directory, servers or workstations (e.g. to report on local admin membership) or to parse files to extract information (e.g. parse exported firewall logs to extract specific data),
- Can create and implement Microsoft AD Group Policy Objects (GPO).
- Implemented and/ or operated vulnerability assessment (VA) tools,
- Performed vulnerability assessments to identify vulnerabilities in Windows client and server OS, applications, network, storage and cloud infrastructure,
- Exposure to penetration testing methodologies or performing small assessments is considered an advantage.
- Has knowledge of and can recommend security controls to mitigate specific risks or issues based on best practice control frameworks including ISO 27001, CIS or NIST.
- Performed architectural level security risk assessments of systems/ applications, provided solutions to mitigate risks and managed the treatment of risks through to completion,
- Has implemented or worked hands on with common security technologies including but not limited to firewalls, anti-malware, email security, intrusion prevention systems, application white listing and log monitoring,
- Has implemented or supported the delivery of operating system and application hardening,
- Has scoped, managed and coordinated penetration tests,
- Developed cyber security incident use cases and response processes and procedures,
- Managed and/ or provided the lead for security incident investigations.