Security Analyst – IT

Job Type: Permanent Location: Bristol, London

This position will manage, provide technical support, implement, maintain, and troubleshoot all security products used by the firm. The candidate must have significant hands-on experience with security technologies and solutions, perform daily investigation of security incidents, security assessments and audits.

The role holder will also work with relevant teams around the firm to ensure that appropriate operational security controls are understood, agreed, and implemented.

The candidate will be responsible for the overall technical IT security needs to the firm alongside our chosen security partner and outsourced vCisco. For example, the purpose will be to manage intrusion detection/protection systems, firewalls, web filtering solutions, web application firewalls, host intrusion protection, antivirus, antimalware and zero-day threat protection services.

The role

This role will report to the Infrastructure Team Leader/Engineer.

Hours\Travel

Monday to Friday, 35-hour week, working the hours of 09:00am to 5:00pm (the IT Service Desk operates 24/7). However, to allow for holiday cover, project delivery, system updates, etc there will be the requirement to change to an alternative shift or complete overtime outside of the core hours.

Due to the nature of the role, should a security incident occur outside of working hours you may be contacted.

There will on occasion be a requirement to travel to our other offices.

  • Responsible for the overall technical IT security needs to the firm
  • Manage intrusion detection/protection systems, firewalls, web filtering solutions, web application firewalls, host intrusion protection, antivirus, anti-malware and zero-day threat protection services
  • Have a full and complete understanding of the security technologies used to protect the services delivered to the firm, including maintaining the documentation of all services
  • Be a key resource for audits and ensure compliance is maintained to a high level
  • Proactive member of the wider IT team providing services
  • Maintain the most appropriate security designs to support the firm, conduct reviews regularly taking into account established best practices and new technologies
  • Understanding and application of business goals and place security has in achieving them

Responsibilities

  • Manage the firm’s security incident and event management (SIEM) process
  • Run the firm’s technical vulnerability management program to discover, prioritise and remediate technical risk in systems and applications
  • Manage privilege account management systems
  • Manage security and investigate security events to resolution along with managed defence and response provider
  • Conduct technical security reviews and perform risk assessments
  • Conduct firewall, network and systems configuration reviews
  • Interact with technical teams to deliver secure, stable and scalable solutions
  • Work with consultants and third parties in relation to the security of the services they provide
  • Create weekly security reports including keeping track of information security metrics
  • Work with stakeholders to define systems requirements for the security of new technology implementations
  • Undertake a change advisory role including reviewing new change requests and attending the weekly CAB meetings
  • Feed into Major Incident Management and Problem Management processes
  • Keep up to date on the latest security technologies and solutions and conduct research into their potential application in the firm
  • Comply with support and assist in the development of firm security systems, policy and procedures

The team

The IT department is made up of a team of 17 which includes, a Service Delivery Manager, 3x Application Team Members, 6 x Infrastructure Team Members, an Operations Manager, a Financial Systems & Reporting Manager, an IT Project Manager, an Enterprise Architect, and an IT Partner. The IT department, based in London and Bristol, is responsible for the provision of IT services and support to 10 offices across the UK.

The IT department, based in London and Bristol, is responsible for the provision of IT services, support and strategy to 10 offices.

You

The successful candidate will display an adaptable and flexible working style, remaining calm under pressure, adjusting comfortably to changing conditions and priorities. They must be well organised, self-motivated, punctual, and flexible in their approach to work. He or she must also be able to prioritise a variable workload and know when to escalate a problem appropriately.

They will be required to communicate effectively with pressurised users at all levels. Demonstrates excellent communication skills, able to present key points of an argument persuasively whilst demonstrating that they are an excellent team player. The candidate will have a solid background working within a busy team.
The candidate will be expected to provide mentorship to other members of the IT department in relation to security good practice.

The candidate must have strong analytical and problem-solving skills, the ability to systematically break down complex issues and tasks into manageable pieces.

The applicant should be able to demonstrate the following:

  • A strong desire and focus on continued improvements and personal development, including keeping up to date with current industry trends and emerging technologies and best practices
  • Highly self-motivated and directed with excellent interpersonal skills
  • Keeping a clear understanding of impact on our people ie excellent client service skills
  • Keen attention to detail
  • Strong analytical approach to problem solving
  • Ability to work in a fast paced and dynamic environment
  • Excellent communication skills, both written and verbal
  • Excellent documentation skills and capable of creating security architecture diagrams

This job description indicates the general nature and level of work performed within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required. You will also be expected to undertake duties which may not be listed on this job description as directed by your line manager which will be deemed as reasonable within the scope of the role.

Experience

It is preferable if the applicant has experience in these areas:

  • Good experience in an IT security position, preferably in a professional partnership
  • Proven experience in working with working with mixed project teams to define system security requirements
  • Certifications in GIAC GSEC, Sec+, SSCP, CISSP, Microsoft Certified Cybersecurity Architect
  • Proven experience in security planning and development for a large IT department
  • Designing Security solutions with hands on experience with their implementation
  • Must be able to quickly identify root causes and provide possible solutions
  • Experience with attaining and maintaining accreditations such as Cyber Essentials+, ISO27001, NIST.

Salary/benefits

  • 35-hour working week with flexibility around the core hours of 10am-4pm
  • Paid overtime or time off in lieu (pre-approved and only where required).
  • Working from home allowance of £25 a month.
  • Eligibility for the firm’s Profit-Sharing Plan that runs from October to September each year. The scheme enables staff to share in the profits of the firm. Payment is usually c£1,000 for the full year. Paid in December.
  • Salary reviews annually in October.
  • Twenty-three days annual leave with an additional day added after each years’ service. On 1 January, after 1 year’s service, the entitlement will be increased by 7 hours and thereafter by a further 7 hours on 1 January following completion of 2, years’ service, giving a maximum of 175 hours after 2 years’ service.
  • In addition, under the flexible benefits programme, employees are entitled to buy or sell up to five days (35 hours) holiday a year, subject to staff partner approval.
  • Six-month probationary period.
  • Life assurance cover of four times salary,
  • Private Medical – Staff have access to a private medical scheme through the flexible benefits programme.
  • Contributory pension scheme (The firm will contribute 4% of salary on a matched basis with employee from their date of joining)
  • Access to a number of additional benefits with preferential rates under the flexible benefit programme, health cash plans, health screening/GP support, critical illness cover, dental and travel insurance, Techscheme, Cyclescheme, Gymflex and a Workplace ISA.
Loading