An IT Security Analyst is required for a huge organisation based in Milton Keynes. You will be responsible for developing cyber security controls according to best practices, standards and procedures. You’ll have to analyse potential threats and will be performing regular vulnerability and risk assessments.
About the role:
· Audit and monitor compliance of the security controls with Information Security Policies, Procedures and Standards.· Implement minimum standards of Information Security in keeping with best practice, industry and company standards as well as with regulatory and compliant obligations. Working with technical teams to ensure communication and implementation of such policies.· Function as a Security Consultant and advocate for security compliance and best practice in the design and review of technology systems in use throughout the company.· Maintain knowledge of current and emerging security threats and develop systems to evaluate the company’s vulnerability to such threats, along with proposing effective countermeasures to mitigate/remove the risk.· Provide support for incident management and security investigations.· Build alerts and correlation rules using various Big Data Analytics tools and be able to run complex queries using those tools.· Improve and maintain the company’s security event logging, monitoring and alerting capabilities.· Generate reports and presentations to communicate the security posture of the company to key stakeholders.
- Demonstrable knowledge of Information Security principles and at least 2 years of experience in the IT security field.
- Ideally hold some security certification (e.g. CISM, CISSP).
- Working knowledge of current and emerging information technologies, security threats, vulnerabilities, cyber-attack techniques and effective detection and mitigation controls.
- Experience in vulnerability assessment and management.
- Experience with pentesting techniques and tools (e.g. Burp Suite, Kali, Metasploit).
- At least 2 years of experience with security monitoring and compliance tools (i.e. SIEM), preferably including working on the implementation of the technology and/or the integration of new sources.
- Knowledge of TCP/IP Networks, web technologies and applications.
- Knowledge of network and data security best practices, standards and regulations: PCI-DSS, SOX, ISO 27001, etc.