Security Operations Analyst in Norwich

The Security Operations Analyst is a member of the Security Operations team, reporting to the Security Operations Lead. The purpose of this role is to maintain strong oversight of the 24x7 Security Operations Centre, manage a number of operational security services related to this, review the security impact of infrastructure changes within the environment, and monitor & manage associated toolsets.

Key Accountabilities / Responsibilities

• Cyber Security Operations

• Responsible for overseeing the day-to-day operational delivery of services provided to DLG by its third party 24x7 Security Operations Centre. These services include Denial Of Service Protection (DDoS), Web Application Firewall, Intrusion Prevention & Detection, File Integrity Monitoring, Vulnerability Scanning, Privileged Access Management, SIEM.
• Responsible for operating and maintaining data leakage prevention toolsets, responding to alerts for data loss events including investigation and management of any data loss incidents that breach corporate data handling requirements and/or industry standards (such as PCI DSS).
• Participate in the rotational 24/7 security incident response capability, acting as the single point of contact for all security related response actions and decisions.
• Responsible for maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly.
• Manage any operational risk remediation to conclusion.
• Responsible for operational support of the security certificate provisioning platform, including all operational functions such as alerting key stakeholders, scheduled and ad-hoc reporting, renewal and revocation of certificates and updates to procedural documentation.
• Responsible for managing the governance of the firewall rule bases and associated change management process.
• Provide security input and maintain relationships with the Service Management function in relation to change management, problem management and incident management.
• Oversee the management of web proxy policy configuration provided by third party providers.
• Monitor the operational security communication channels responding appropriately to queries/requests from the business.
• Monitor and respond to emerging threat patterns, vulnerabilities and anomalies and provide escalations of any unknown threats to relevant areas within the company.
• Report metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required.
• Collaborate with all CISO teams to report appropriate operational issues that may be resolved at an architecture level.

• Develop and maintain relationships with various internal & external stakeholders, including Technology Services and IT Risk.

Required Skills / Competencies

• Microsoft security suites (Defender, Azure & Defender for Cloud)
• Experience of working in high performing teams and understanding the dynamics of teamwork in an operational security environment.
• Knowledge and operational experience in: firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, Network and Cloud Architecture, Voice over IP (VoIP), firewall zoning and PKI infrastructure.
• Ability to read and understand system data including security event logs, system logs, application logs, and device logs.
• Knowledge and experience of enterprise grade technologies including operating systems, databases and web applications.
• Knowledge and experience of performing network traffic analysis for identifying any developing patterns.
• Ability to work both independently and as part of a team.
• Strong analytical skills to monitor information and perform detailed data analysis to identify any vulnerabilities.
• Ability to identify and understand key issues and areas for improvement in the Information Security realm.
• Motivated to delivering quality and striving for continual improvement.
• Logical thinking and analytical ability.
• Aptitude in solving problems independently.
• Communicate and present concisely and effectively based on appropriate level of management interaction.

Desirable Skills / Competencies

• Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM.
• Knowledge of reporting suites such as Power BI.
• Good understanding of Microsoft security suites and associated qualifications.
• Threat identification.
• Fundamental Cloud Concepts for AWS.
• OWASP Top 10: API Security Playbook.
• Security Analysis for CompTIA CySA+ or similar level of certification.
• Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body.
• Technical certifications by a recognised professional body in network or systems engineering.

Mandatory Skills

• Forcepoint DLP.