IS Security Analyst

Recruiter
MABS Meggitt Group PLC
Location
Coventry
Posted
07 Oct 2017
Closes
13 Oct 2017
Sector
General
Contract Type
Full Time

MIS Role: Security Analyst

Supervisor: Manager, Information Security Operations

Direct Reports: None

Summary

The purpose of this role is to support the design, deployment, and day to day operations of company wide Information Systems security technologies as well as programs deployed globally. The role operates in collaboration with other Information Services teams to improve and maintain the overall security posture of the IT Infrastructure as well as protect data assets. The role will have the critical function of monitoring infrastructure and supporting operational incident response during a known or potential security event. In-depth analysis of systems and data involved with these events will be required on a regular basis to develop threat assessment criteria with regular reporting and performance metrics.

Responsibilities · Operational Duties: Daily review and analysis of data from intrusion detection systems, anti-virus solutions, vulnerability assessment tools, as well as log correlation tools to identify actionable threats or remediation. Responsible for security incident response and event handling as either a primary, secondary, or tertiary responder for any known or potential security incidents/events globally. Communicates and coordinates with all internal IS teams as well as any service providers on various attack scenarios including viruses, worms, stolen credentials, DDOS attacks, etc. Conducts vulnerability assessments including basic penetration testing or digital forensics while communicating and coordinating remediation efforts. Stays well-informed and current on product updates or known vulnerabilities relating to technology including the coordination of security patch implementations or stop-gap measures. Availability will be 7x24x365 on a rotating schedule with primary, secondary, and tertiary support responsibilities.

· Business Support: Participates in business and IS initiatives as an IS security professional providing guidance to others on proper IS security practices. Performs security assessments to identify potential IS security risks in all aspects of the business including IS technical implementations (applications or equipment) as well as IS or business processes. Helps develop and socialize security baselines for all flavors of IT infrastructure. Assists in defining security related processes and procedures for the department as well as the company that can be employed on a global basis. Participates in internal and third party audits of the company's IS security policies, procedures, as well as operational duties while supporting any remediation efforts that may be identified as a result of an audit. Contributes to and delivers end user security awareness training, effective reporting, as well as performance metrics.

· Projects: Helps coordinate and execute IT security projects as defined and prioritized in the overall global IS security strategy. Evaluates the security posture of company IT globally as well as any related data assets to ensure internal security controls are appropriate and operating as intended. Stays well-informed and current on the latest IS security technologies, methodologies, and events. Identifies external resources such as vendors, products, or services that may assist in meeting IS security objectives or promote lower IS security costs. Evaluates and delivers recommendations pertaining to the procurement of security related technology including software, hardware, and services. Evaluates and delivers feedback on the potential security aspects or impact of non-security related technology including software, hardware, and services. Liaisons with external IS security vendors and service providers.

Requirements · Technical Skills ? Detailed functional knowledge of network technologies including network security focused technologies such as next generation firewalls and web application firewalls in a global IT environment

? Working knowledge of server technologies including administration, virtualization, Active Directory, Microsoft Exchange, and Citrix in a global IT environment

? Working knowledge of both Windows and Linux/Unix operating systems

? Working knowledge of security solutions such as anti-virus, intrusion detection, file encryption, security incident and event management, vulnerability assessment, etc.

? Experience in log analysis and correlation

? Experience using Microsoft Word, Excel, PowerPoint, Visio, and SharePoint. Microsoft Project, Access, SQL, PowerShell, or scripting experience is a plus.

· Professional Skills ? Strong customer service, written, and oral communication skills

? Ability to maintain security as well as confidentiality when dealing with sensitive information for a global environment

? Ability to prioritize tasks in order to meet deadlines and deliver measurable results

? Ability to collaborate with team members as well as non-team members to support a multi-site customer base that extends globally

? Knowledge of desk side and help desk support delivery

? Experience in developing as well as implementing support and administration procedures

· Experience

? 1 year of direct information security experience in a global IT environment supporting at least 2 of the 10 security domains

· Education

? University degree (or equivalent experience) in Computer Science, Engineering, or other technical field

· Key Performance Metrics ? Achievement of performance objectives agreed to by the Global Infrastructure Services team as part of the formal performance planning process that includes the following:

· On time delivery of regularly scheduled tasks, duties, approved projects, and Service Desk requests

· Demonstrated knowledge of security technologies and environments

· Demonstrated knowledge of business initiatives and core operations

· Demonstrated initiative to pursue further technological expertise and system administration best practices

· Demonstrated contribution to process and service improvements