Cyber Security Analyst

via resource
London (Central)
10 Jan 2018
15 Feb 2018
Contract Type
Full Time

Our client, a leading retail organisation, is looking for a Security Analyst to join their growing team based in their Central London offices.

You will be responsible for ensuring the controls used to protect of our staff, systems, and data are appropriately deployed, configured, tuned, and maintained and to understand security threats and mitigate any security weaknesses in a cost effective manner.

Key Responsibilities for the Security Analyst

  • To monitor and report against information security KPIs and driving the programme of continuous operational security improvements.
  • To be responsible for hands-on maintenance of end-point protection and anti-virus software across the organisations estate (Sophos), including investigation and resolution of alerts.
  • To investigate and review access controls, the assignment and use of privileges, such as Active Directory, Identity and Access Management (IAM) and Privileged Access Management (PAM) solutions.
  • To pro-actively manage our web and email security controls.
  • To identify new vulnerabilities, reviewing and assessing the criticality of patches as well as coordinating the deployment of patches with the operational technical teams.
  • To investigate and provide timely accurate communication of security events and alerts to relevant groups as well as assisting technical teams with the prompt resolution of security incidents.
  • Maintain and improve our Security Incident Event Management (SIEM) and other security platforms to ensure any potential security issues are identified quickly and mitigated.

Skills, Knowledge and Experience required for the Security Analyst

  • Extensive practical operational security experience within an end-user organisation.
  • A solid technical understanding and strong knowledge of IT security best practice, common attack types and detection/prevention methods, including CISecurity Benchmarks, OWASP and NIST guidelines, etc.
  • One or more relevant information security qualifications from a recognised body, such as ISC2 CISSP, GIAC GSEC, etc.