Infrastructure Threat and Vulnerability Analyst

The founder and sponsor of the Harris Federation, Lord Harris of Peckham, opened our first school in 1990. We have, over the past thirty years, implemented ideas and initiatives that have transformed the opportunities of pupils from working class and disadvantaged backgrounds. Harris academies are widely recognised as a force for social mobility. We are immensely proud of the role that our alumni are now beginning to play in the world and of what we believe our current generation of pupils will go on to achieve.

We now have over 50 schools educating more than 40,000 young people across London and Essex, and employ over 5,000 staff across our academies and head office. With the majority of our academies located in areas of high socioeconomic disadvantage, a high-quality education is key to the futures of the pupils we serve.

As a provider of employment and education, we value the diversity of our staff and students, and all our staff are equally valued and respected. We are committed to providing a fair, equitable and mutually supportive learning and working environment for our students and staff.

Our work will impact many generations to come, and our staff come from all backgrounds and walks of life, coming together to inspire young minds. We promote an inclusive culture that embraces the valuable and enriching contribution that all of our community make. We continue to be proactive in uplifting and supporting all voices at Harris.

To discover more about our culture, ethos and what it is like to work here, visit the Why Work For Us page.

Your responsibilities will include:

• Working in conjunction with the Cyber Security Team, Infrastructure Team and Service Delivery to act as a conduit between all teams to ensure vulnerabilities are being monitored, tracked and remediated
• Participating in proactive and reactive threat hunting
• Executing vulnerability assessments, provide analysis and recommendations to mitigate potential threats
• Working with the Cyber Security Team and Infrastructure Team to perform penetration tests
• Make sure best practices are adhered to when handling security threats and breaches and conducting investigation techniques, such as CIS benchmark, ISO27001 and NCSC
• Continuously researching and investigating new and emerging vulnerabilities including Zero Day events, and participating in external security communities, sharing findings across the security functions
• Recommending remediation strategies and providing advice on complex configuration changes in support of vulnerability remediation
• Conducting vulnerability scanning activities of the internal and external footprint to identify threats and reduce the attack surface
• Reviewing latest sources and vendor news to identify potential risks and vulnerabilities and raising awareness to the business
• Liaising with internal and external security teams including TVM threat intelligence to assess impact and drive timely remediation of high-risk vulnerabilities
• Producing reporting on threat metrics to monitor progress and maturity level

eWe would like to hear from you if you have:

• A clear understanding and drive to meet security and compliance standards with a ‘security first’ ethos
• A minimum of three years' experience carrying out a similar role
• In-depth understanding of Microsoft Defender, patch management tools (such as MECM & PatchMyPC)
• Experience of working with third party security companies (such as MDR or XDR partners) to proactively monitor the estate for new vulnerabilities and identify areas for security hardening
• In-depth understanding of mobile device management/enterprise mobility management with JamF, MS Intune / MECM and Meraki
• Understanding of tools and solutions to implement IT security best practice such as MFA and encryption
• In-depth understanding of Windows 10, MacOS, iOS and iPadOS
• Good understanding of Windows Server 2016 to Windows server 2022
• Good understanding of Microsoft Azure & O365
• Good understanding of networking, DNS and DHCP

If you would like to discuss the opportunity further, or if you have any questions, please contact us via email to arrange a conversation.

Before applying please ensure you download the job pack from our careers website, this will help with completing your application. Please note that we only accept applications submitted online before the closing date.

When applying, you will have the option to import your CV or use a LinkedIn profile which will auto populate the online application. 

A reminder to check your junk mail for our email communications and add us to your safe senders list to ensure all future email communication is received.