IT Security Analyst / Engineer - Birmingham
The Security Analyst / Engineer will be working within a dynamic IT Security Operations team who are responsible for the coordination and implementation of the IT security that serve and protect information assets and systems. You will proactivity work alongside other departments to ensure IT security is considered at every stage of IT operations while supporting the day-to-day activities required to execute/enforce Policies, assuring governance, controls and producing metrics/reports.
Some of your day to day responsibilities will include:
- Investigation of security breaches within Incident Response Process
- Assist with IT risk assessments and network vulnerability assessments in consultation with the Information Security & Assurance Manager and document, prioritise and manage all remediation activities and exceptions where necessary.
- Undertake health and configuration checks of deployed infrastructure to ensure configurations conform to Group policies. Take responsibility for the delivery of remedial actions to address incorrect configurations.
- Create, manage and maintain Security Operations Policies, Process and Procedures.
- Undertakes proactive assurance and audits of live systems and services to track compliance against security designs, standards and specifications;
- Responsible for compiling regular weekly and monthly Security reporting for the IT Shared Service, covering compliance, risks, exceptions and plans.
- Maintains a forward schedule of all planned Security and BCP audit activities, proactively alerting relevant parties to prepare and participate.
- Assist in implementing and operating the ITSS Security Toolsets required to underpin the ITSS Security Management System.
Your experience will include:
- An understanding of cloud based hosting, associated risks and security applications and infrastructure.
- Demonstrable experience in IT security operations, policies, standards, architecture, technologies and work programmes.
- Understanding of defence in depth principles and the role of WARP.
- Solid understanding of information security risk management including risk analysis, mitigation, resolution and acceptance.