Information Security Analyst (CISSP)
GCIH, GCIA, SSCP, CISSP, Security +, "information security"
Information Security Analyst for a major UK managed services provider
Circa GBP50k base plus GBP15k shift allowance and bonus and benefits
Stratford upon Avon - client site based
We are currently seeking a Security Analyst to join our team based onsite at our offices in Stratford Upon Avon.
In this role, you will undertake analysis of security threats and vulnerabilities, including Vendor Advisories, and output from Vulnerability Scans and SIEM systems, to drive the formulation of remedial action plans, monitor execution, and track on-going risk.
Your key responsibilities will include;
- Working alongside the Security Consultant, our client and Secureworks to maintain a high level of Security Intelligence, working with technology Subject Matter Experts as necessary to determine impact, risk and probability in the context of the affected system and environment. Such intelligence could include:
- Security advisories from vendors
- Outputs from Health checks
- Output from vulnerability scans
- Supporting the onsite team, Secureworks and the Security Consultant to analyse SIEM, IPS/IDS, Firewall alarms, working with technology Subject Matter Experts as necessary to determine impact and risk of identified issues and information, in the context of the affected system and environment.
- Working closely with our client and Secureworks to ensure that appropriate remediation is in place for vulnerabilities, and to formally document any corrective actions are taken
- Working closely with our client, Secureworks and our client to ensure security incidents are assessed and appropriately documented based on factual information and wider contextual information available
- Providing advice and guidance on mitigating controls to prevent security incidents from re-occurring, working with other Group resources as appropriate.
- Contributing to the development and maintenance of testing scripts, policies and standards in line with the overall IT strategy and IT policies and standards
- Undertaking root cause analysis to identify underlying security related problems, prevent reoccurrence and provide more cost effective service to the business
- Providing advice and guidance on security testing
- Contributing to the on-going development of Security processes, helping to develop a culture of continuous improvement
- Complying with all Security, Safety, Health & Environmental policies
- Working out of hours and public holidays as required as part of an on call rota
To be successful in your application you will be able to demonstrate the following;
- Security Certifications in two or more of the following;
- GCIH, GCIA, SSCP, CISSP, Security +
- Experience in low to mid-level security analysis
- Proven experience in PCI/DSS compliant environments
- Experience in Security Systems Analysis and Design (for small projects/changes)
- Experience of working with outputs of vulnerability scans
- Experience in security testing processes and procedures
- Experience in working with SIEM systems
- Strong Skills in Incident Response
- Strong Skills in Problem Management
- Strong Skills in Change Management
- Strong skills in System Documentation using MS Office applications including document management systems
- Good understanding of TCP/IP based networks (Both LAN & WAN)
- Good understanding of MS Windows based Server Operating Systems & protocols
- Good understanding of Linux based Operating Systems & protocols
- Good understanding of Firewall and UTM technologies
- Good understanding of databases and DBMS
- Excellent interpersonal and communication skills (particularly Customer relationship management, Team working, Report writing and Time management)
In addition to the base salary, the benefits of this role include a shift allowance, 25 days annual leave, competitive pension scheme, bonus and a flexible benefits package.