Cyber Security Services Analyst

Purpose of Role:

The Security Services Analyst is a member of the Cyber Defence Centre, reporting to the Cyber Operations Manager. The purpose of this role is to maintain strong operational oversight of the Security Services, managing a number of operational security services, reviewing the security impact of operational changes within the environment and monitoring various toolsets for security violations.

Key Accountabilities/Responsibilities:

• Responsible for overseeing the day-to-day operational delivery of security services provided to our internal customers ensuring the highest levels of service and guidance. These services include Exceptions processing, firewall modifications, business query responses and certificate management.
• Responsible for Security Exception process and reviews. This will entail a good knowledge of potential impact of exceptions, working alongside other CISO teams.
• Responsible for issuing and mgmt. of Certificates within the business and a good understanding of PKI infrastructure.
• Responsible for the review of Data Loss Prevention monitoring and response alongside communications compliance and insider risk.
• Ensuring all requests are dealt with in a timely and efficient manner, understanding where these requests fit into the wider CISO function and how best to serve our customers.
• Responsible for maintaining general security oversight of the technical infrastructure within the responsibilities of the security services team and raising concerns/issues that pose a security risk to the organisation accordingly.
• Responsible for management of the security certificate provisioning platform, including all operational functions. This includes alerting key stakeholders, scheduled and ad-hoc reporting, renewal and revocation of certificates and updates to procedural documentation.
• Responsible for managing and approving changes to the firewall rule bases alongside networking SME's and associated change management processes that align with security.
• Responsible for the review and management of web and user access requests ensuring there is valid business justification and no impact to the security posture. Providing appropriate governance and risk awareness as required.
• Responsible for providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management.
• Responsible for creating, maintaining and improving our relationships with our wider business colleagues around security services.
• Responsible for making appropriate reclassifications within our web proxy policy configuration and fulfilment of exception requests alongside our engineering SME's.
• Responsible for first point of contact and ticket queues and responding appropriately to queries/requests from the business.
• Responsible for providing awareness campaigns to our customers when threat intelligence professionals identify upcoming and/or emerging threats
• Responsible for reporting metrics on the status of requests received by the team and adherence to the KPI's and SLA's, ensuring we deliver a great service to our customers.
• Responsible for collaborating with the CISO and external teams within the business to report appropriate operational issues that may be resolved at an architecture level.
• Responsible for approval of Elevated Privilege requests and Privileged access management request that will come from different areas of the business and ensure that they have a good understanding of the impact of these.
• Responsible for developing and maintaining relationships with various stakeholders outside of CISO

Required Skills/Competencies:

• Strong stakeholder management skills including the ability to work with customers with varied levels of technical skillsets.
• Experience of working in high performing teams and understanding the dynamics of teamwork in an operational security environment.
• Knowledge and operational experience in firewalls, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning and PKI infrastructure.
• Good understanding of ITSM systems and process flows.
• Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications.
• Knowledge and experience of performing network traffic analysis for identifying any developing patterns.
• Ability to identify and understand key issues and areas for improvement in the Information Security services realm.
• Endpoint management solutions - Virus protection & other prevention solution

Desirable Skills/Competencies:

• Fundamental Cloud Concepts for AWS
• OWASP Top 10: API Security Playbook
• Knowledge of Microsoft cloud services and Security suites
• AWS Cloud Security Best Practices
• Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM.
• Knowledge of reporting and automation suites such as Power BI would be beneficial.

Qualifications/Certifications:

• ITIL Foundation
• CompTIA Security + or CompTIA CySA+ equivalent certification
• Certified networking credential (CCNA or equivalent)
• Technical certifications by a recognised professional body in network or systems engineering are desired.

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.