Junior IT Security Specialist

University of London (T/A Careers Group)
Euston, London
09 Jul 2017
08 Aug 2017
Contract Type
Full Time

An exciting opportunity to join the Security team in the University of London. Please apply if you are available for an immediate start.

Please note that the role demands out of hours/weekend work and occasional travel outside of Central London.

The role

Responsible for the analysis of threat or incident alerts, data and correspondence to assess and categorise the seriousness and impact of security threats and incidents as they emerge on a daily basis.

Based upon the threat assessment, they will co-ordinate the University’s response to a security incident or threat

Liaise with a variety of security teams inside and outside the University, sharing information and co-ordinating incident response. These national and international CERT teams include JANET CSIRT, CERT UK, Russel Group IT Security and University institutional IT security staff.

Responsible for the operational decision to remove, or shutdown, IT services for individuals or institutions as a response to a security incident as appropriate to the situation, balancing the threat posed against the disruption caused by the service removal.

Provide expert advice to senior University staff on whether to shutdown University-wide services during a security incident or threat

Determine when to restore IT services post-incident, without compromising University infrastructure or security.

Determine the cause and mechanism of security incidents, evaluate the potential threat for the University and respond accordingly.

Determine operational security strategies on how to prevent further incidents of the same type.

Liaise, prepare reports and analysis of incidents for external Agencies e.g. JANET, Police, Security Services.

Co-ordinate with Information Management Division & staff as appropriate, to create or refine policies and educational material.

Contributing to the incident response rota providing a limited service on weekends and public holidays.

As well as threat and incident response, the role holder is expected to undertake work to implement or develop services that enhance the security of the University’s infrastructure that can be applied across the entire collegiate University.

Recommend new services or changes to existing services, to enhance the University’s security.

Undertake all aspects of the delivery of these new services.

For new services and infrastructure implemented outside of the IT support unit for other departments, or within the wider collegiate University, the role holder will:

Contribute to the project, or solution, by provide security and policy advice.

Product or service market research, evaluation and testing.

Undertake personal research to stay abreast of current threats, using intelligence gathered from various sources including specialist internet sites, police and government institutions, higher education organisations, researchers, the IT community, conferences and publications.

Look beyond already established and known threats, apply their own initiative and investigatory work to identify threats and detect incidents previously unknown or unimagined.

The role-holder must be able to analyse the implications of any intelligence and evaluate how the threats apply to the complicated nature of the University and its federated provision of IT services and infrastructure; understanding the unique challenges this presents and formulating effective responses.

The role holder must also be able to analyse service logs and data for the pro-active detection of security incidents by technical means, such as custom-written scripts, database searches or activity patterns.

Provide technical advice or guidance on securing IT systems, using email, meetings, presentations or online content.

Provide security advice, guidance or help to students and staff, requiring help with a security related incident.

Write news articles or email communications, addressing the whole collegiate University on current IT threats or incidents. These need to be effectively communicated to their target audience, which is not necessarily other IT staff.

Represent University of London on security matters in meetings across the collegiate University; with outside organisations and conferences.

During this time, the role holder’s authority and responsibility is elevated to that of the Security Lead. This requires the role holder to potentially make executive decisions normally attributed to the Head of Security.

Candidate requirement

  • A recent graduate with education to a good first-degree standard in Cyber Security / Ethical Hacking
  • Substantial experience of providing or supporting IT services in an IT service environment
  • Experience in resolving security or infrastructure IT incidents
  • Must possess the ability to convey and to present potentially complex information so that it is clear and easily understood
  • Committed to high standards, the post holder must be patient, level-headed and good people person, with the ability to work flexibly, and to persevere and remain effective under pressure. Must also be willing to travel to sites around Central London,
  • Possessing demonstrable initiative and judgment to resolve many problems independently, the post holder must be equally effective when working alone or as part of a team and with the organizational skills to be able to manage multiple tasks in a varied workload.