Information Security Analyst
We are working with the V&A Museum who are looking for an Information Security Analyst as they start an exciting time in their history opening two new sites and looking to technology to enhance its visitor facing capabilities as well as evolve its working practices.
They are embarking on a 5-year Technology Transformation Programme to underpin these ambitions and the move to the cloud is fundamental to the success of this programme. This move to the cloud presents new challenges for their Information Security and this role will play a key part in addressing those challenges.
Main Purpose of job
- The Information Security Analyst role will be responsible for the day-to-day actions that will ensure the established information security policies are adhered to by all staff and all systems.
- You will monitor all security and compliance systems regularly, acting where required or ensuring that others who are responsible for those systems are taking appropriate action.
Typical tasks will include –
- Performing ad hoc vulnerability scans using tools like Nessus and assisting with any remediation required
- Daily review of vulnerabilities; follow up with teams responsible for remediation to ensure actions are being take
- Setup and configuration of the vulnerability management tool and its dashboards
Phishing and email hygiene
- Review and analysis of all messages reported as suspicious
- Configuration of user awareness tools; running phishing simulation campaigns
- Releasing blocked messages and attachments after reviewing for potential threats
- Whitelisting and blacklisting email accounts (or domains)
- Whitelisting and blacklisting websites
- Purging emails from archive and user mailboxes
- Review of SIEM and network monitoring alerts taking action as required
- Updating of alerting rules to minimise false positives
- Basic network forensics using tools like Wireshark
User account management
Service request tickets
Ideally you will have the following skill set/training –
- Formal Information Security qualification (CompTIA Security+, CISSP, CEH or similar)
- Demonstrable experience in Information Security Management or IT Audit related role
- Understanding of business continuity and compliance and audit frameworks
- Understanding of IT infrastructure, networking systems and information management systems
- Core Skills
- Experienced in the selection and implementation of appropriate security controls
- Ability to communicate technical information in a clear and understandable manner to non-technical stakeholders
- Ability to produce clear written material for Senior Management
- Significant experience of managing and prioritising a high workload and multiple complex issues and tasks in a changing environment with tight deadlines