Job purpose Cyber Security is responsible for discovering vulnerabilities and risks in networks, software systems and hardware with ongoing vulnerability scans, monitoring network data, and ensuring corporate and Datacentre systems are compliant and secure.
Key Responsibilities and duties • Daily investigation and monitoring of system logs from devices such as Firewalls, Azure, AV/EDR Platforms, Security Information and Event Management (SIEM) systems and the network environment to identify anomalies such as suspicious network traffic, alerts and indications of compromise. If any are identified, investigate any vulnerabilities and escalate resolution to prevent re-occurrence. • Conduct investigations and reporting for incoming phishing emails, mitigate infection vector and discover origin in order to block senders. Conduct OSINT (Open Source Intelligence) against senders and liaise with NCSC to expedite cessation of further threats. • Use Cyber Threat Intelligence to protect supply chain and partners. • Manage the implementation and monitoring of “Honeypots” to detect intruders inside the network. • Administer and monitor the AV/EDR control panel including the creation of new policies to ensure the compliance of all connected machines (Workstations and Servers in all production, EMS, BMS and Security networks). • Smarthost Email Gateway administration including monitoring and reacting to Email born threats. Continued improvement works in order to enhance and adapt the Email Gateway’s defensive policies. • Conduct Phishing tests against employees and departments, collate results and create security awareness training. • Administer and monitor the Web Application Firewall proxy, review website activity and identify potential malicious websites. • Assist the IT Security Manager with Cloud Security Assessments on proposed cloud SaaS. PaaS and IaaS solutions. • Continual Cyber Security posture testing of the Workstation, Server, EMS BMS network and CCTV environments, including testing of new vulnerabilities as they are discovered.
Assist in the re-certification of IT Security related audits which include ISO 27001 and Cyber Essentials Plus accreditation scheme. Host, assist and remediate actions presented by internal/external auditors. • Liaise with the IT Security Manager to conduct intelligence projects into current and evolving threats from various information security websites, “dark net” forums and Cyber Security groups using inhouse Cyber Threat Intelligence tools. • Research new methods and tools which could be used against installed infrastructure, including carrying out internal penetration tests in order to improve the security posture of the organisation. • Capture, review and investigation of received malware that bypasses security systems using Sandbox tools. Reverse engineer malware to discover C2 (Command and control Server) origins and ascertain IOC’s (Indicators of Compromise) to confirm the infection vector and remediate. Conduct forensics on infected systems and create new security policies to vaccinate against further attacks. • Assist Penetration Testers including completing prerequisites prior to arrival, creation and configuration of workspace, agreement on scope of works and technical knowledge of installed infrastructure including assistance where required. • Cyber Security Penetration test remediation works including reporting vulnerabilities to the Senior Leadership Team (SLT) and NCSC, remediation of discovered vulnerabilities and proof of work within a strict time frame. • Complete security reviews against all external public facing services such as our corporate website, ticketing system and future perimeter services. • Liaise with Construction and contractors, implement best practices and build reviews of their hardware that is used within the network infrastructure. Recommend hardening procedures for equipment used in current and new buildings. • Assist the IT Security Manager to provide security reports, talks, training and demonstrations in order to confirm Cyber Security posture. • Assist the IT team with the patching of the estate including Corporate, Security, BMS and EMS Servers and workstations. This includes 3rd party software being used in the corporate environment. • Continue to enhance security posture for the employees and company, introduce new tools and policies, assist with disaster recovery exercises. • Assist the IT Security Manager in providing weekly and monthly threat intelligence reports for SLT. • Continued survey of software used to ensure no company acquisitions affect ISO 27001 accreditation or security posture. • Training and security awareness for all staff, create a “security knowledgebase” system that all staff can access.
Experience, Skills and Qualifications
• Strong background in Cyber Security, IT and network systems, architectures and applications, such as knowledge of Windows OS, Linux OS, networking, Active Directory, VMWare and Azure • Experience with AV/EDR software, Email Gateway Smarthosts, SIEM, intrusion detection, firewalls and web application firewall content filtering • Knowledge of designing secure networks, systems and application architectures • Knowledge of disaster recovery, computer forensic tools, technologies and methods • Professional experience in a system administration role supporting multiple platforms and applications • Ability to obtain relevant security clearance • MSc or BSc in computer science, technology or security subject is an advantage • Cyber Security related certifications such as SANS, AZ-500, Security+ and CEH is an advantage • Access to own vehicle for company travel. • We are committed to a hybrid working environment and therefore expectation is attendance at the office, a minimum of 3 days per week.