Senior IT Security Analyst
3 weeks ago
Description
:Department
IT Security is a global function residing within the IT department operating from London and Houston. The Senior IT Security Analyst will be based in London. The purpose of the IT Security function is to manage cyber risks and issues for EDF Trading globally.
Position purpose
The Senior IT Security Analyst will find, test and implement effective technical solutions to counter cybersecurity risks, implementing and managing those solutions either directly or by working closely with Subject Matter Experts (SME’s) in other teams. Privilege access management, Microsoft Active Directory, Microsoft Azure and Office 365 security, supply chain risk management and vulnerability management are key areas of focus for the role.
Main responsibilities
Security programme [40%] : Implement or manage the implementation of technical solutions with SME’s to counter cybersecurity risks in accordance with the security programme including:Researching, designing and testing processes and technical solutions to counter cybersecurity risks,Implementing and maintaining solutions owned by IT Security,Collaborating and driving the implementation of solutions in other teams where needed,Producing technology and process diagrams and other documentation as required.Planning own projects, managing dependencies and required resources. Identity and privilege access management [20%] : Implement or manage the implementation of countermeasures to cyber-attacks that exploit identity and privileged access weaknesses including:Maintaining a practical understanding of how identity and privilege escalation attacks occur particularly in Active Directory and Azure-based environments,Actively seeking out the latest research on attacks and countermeasures,Using software tools or services to detect issues,Proactively mitigating issues directly or by working with relevant SMEs. Vulnerability management [20%] : Manage the remediation of software vulnerabilities including:Monitoring and responding to new vulnerabilities affecting EDF Trading,Managing the remediation of identified vulnerabilities through to closure,Collaborating with Infrastructure SME’s to mitigate Active Directory and Azure configuration-based vulnerabilities,Researching, testing and producing secure configuration standards, coordinating their implementation and compliance. Security incident response [10%] : Support the cyber incident response process including:Monitoring and taking appropriate action in response to suspicious/ phishing emails,Producing playbooks for responding to cyber incidents,Responding to alerts generated by internal monitoring tools and the Company’s Managed Detection and Response (MDR) service,Participating in incident response exercises. Security governance [10%] : Manage supply chain risk exposure including:Undertaking due diligence on prospective and existing third-party service providers,Using software tools, monitor the digital footprint of existing service providers and manage identified risks with the Service Owner.Experience required
The successful candidate can demonstrate they have:
Strong Microsoft Windows, Active Directory and Azure AD technical experience:Managing Active Directory users, computers, and group policy security settingsConfiguration/ hardening of Windows Clients and ServersConfiguration/ hardening of Microsoft Azure, Office 365 and Defender servicesUsing PowerShell to administer or audit objects and automate tasks.Has implemented technology hardening configurations. Hands-on experience or driving initiatives with SME’s to implement/ adopt Privileged Access Management (PAM) to mitigate privilege escalation and lateral movement attacks. Hands-on experience with configuring/ supporting email security solutions to mitigate email-based attacks such as phishing, malicious links, and attachments. Hands-on experience with deploying, configuring, and managing endpoint security solutions including EPP’s, EDR, host firewalls and device control. Performed vulnerability assessments using enterprise tools to identify and manage vulnerabilities in Windows client and server OS, applications, network, storage and cloud infrastructure,Exposure to penetration testing methodologies, tools and performing small assessments is considered an advantage. Performed architectural level security risk assessments of systems/ applications, provided solutions to mitigate risks and managed the treatment of risks through to completion. Developed cyber security incident use cases and response processes and procedures. Coordinated tabletop exercises. Managed own projects or complex changes using proven project management methodologies as far as is necessary to deliver in an enterprise environment (e.g. Kanban).Technical requirements
Offensive Security Certified Professional (OSCP) or equivalent certification or training (e.g. TryHackMe or Hackthebox) is desirable.If these cannot be demonstrated, we are looking for someone who understands at a detailed level how attacks work, particularly those against Microsoft Active Directory environments, to develop mitigations and recovery procedures with precision. Experience with implementing and/ or using CrowdStrike is advantageous. Is familiar with the Mitre ATT&CK knowledge base and how to leverage it for cyber defence. Strong working knowledge and ideally practical experience in leveraging Microsoft capabilities to mitigate risks affecting Microsoft Windows clients, servers, and cloud services. Can use PowerShell to query services for information and ideally write small scripts to automate tasks or to parse files for analysis purposes for example. Is familiar with industry frameworks including ISO 27001 and CIS Critical Controls. Is proficient at using Excel to analyse, manipulate or present data quickly. Strong project planning and execution using Kanban or Waterfall methodologies.Person specification
Has a ‘security mindset’ – asks the right questions to identify security flaws/ issues. Is tenacious, if told something cannot be done, they will proactively research, talk to others and find solutions to security challenges. We want someone who is a problem solver. Demonstrable interest and curiosity in cyber security. The type of person who is researching or completing ‘capture the flag’ (CTF) challenges in their spare time. Highly self-motivated, proactive and approaches challenges with a positive can-do attitude. When presented with an objective, can research, plan, organise and deliver to deadlines with minimal supervision. Attention to detail and strong focus on accuracy of information. Excellent communication skills, being able to adapt their communication style and vocabulary depending on the audience (e.g. technical SME’s vs senior managers). Being able to proof communications created by others.Hours of work:
Core hours of 8.30am – 5.30pm: Monday to Friday. Hybrid Working
-
Senior Analyst Relations Manager
1 week ago
London, United Kingdom Starsight | Analyst Relations Full timeCompany Description.Starsight Communications is Europe's largest and most respected EMEA analyst relations (AR) consultancy. We provide growth and scale companies with strategic expertise and hands-on tactics to enhance their analyst relations. Founded by experienced AR practitioners, Starsight Communications is committed to delivering exceptional results...
-
Proactive Security Analyst
1 day ago
Westminster, Greater London, United Kingdom Security Cleared Jobs Full timeSecurity Analysts £Must hold a security clearance or be willing and able to become cleared A key client of ours is rapidly expanding and looking to take on Security Analysts to carry out state-of-the-art Security Operations work for the defence sector. The company are an international IT consultancy, offering a range of security solutions. They cover both...
-
Senior Application Security Analyst
4 weeks ago
London, United Kingdom Miller Maxwell Full timeSenior Application Security Analyst required by global financial services organisation. The Application Security Analyst will own and assist the client with application security strategy and information technology strategy. The client's cutting-edge technology and innovative solutions are shaping the future of their financial service niche enhancing their...
-
Senior IT Security Analyst
4 weeks ago
London, United Kingdom Tria Recruitment Full timeSenior IT Security Analyst Hybrid - 2 days per week at either the London, Weymouth, or Newcastle offices We are representing a leading B2C retailer who are in the process of modernising their technology estate, with significant investment in IT. As the Senior IT Security Analyst, you will report to the Head of Information Security, whilst leading a team...
-
Senior Application Security Analyst
4 weeks ago
London, United Kingdom Miller Maxwell Ltd Full timeJob Description Senior Application Security Analyst required by global financial services organisation. The Application Security Analyst will own and assist the client with application security strategy and information technology strategy. The client's cutting-edge technology and innovative solutions are shaping the future of their financial service...
-
Senior Security Operations Centre
6 days ago
London, United Kingdom in Newbury Full timeHome Senior Security Operations Centre / Soc Analys... 4 Senior security operations centre / soc analyst jobs in London Senior Security Operations Centre / SOC Analyst London Client Server 04.05.2024 Senior Security Operations Centre / SOC Analyst London Client Server 04.05.2024 Senior Security Operations Centre / SOC Analyst London / WFH to £65k...
-
Senior Security Analyst
4 weeks ago
London, United Kingdom NDK Cyber Full timeAs a Senior Security Analyst, you'll take charge of incident response efforts and ensure customers are maximizing the potential of cutting-edge software. Join a team that's investing heavily in the latest tech, giving you the freedom to operate as a Senior Security Analyst according to your expertise. No shift pattern or weekend work involved –...
-
Senior Security Analyst
4 weeks ago
London, United Kingdom NDK Cyber Full timeAs a Senior Security Analyst, you'll take charge of incident response efforts and ensure customers are maximizing the potential of cutting-edge software. Join a team that's investing heavily in the latest tech, giving you the freedom to operate as a Senior Security Analyst according to your expertise. No shift pattern or weekend work involved – this role...
-
Senior Analyst
4 weeks ago
London, United Kingdom Momentum Security Recruitment Full timeSenior Analyst - Business Continuity, Risk & Crisis Management Location: Canary Wharf Salary: Circa £55,000 This is a great opportunity to join a dynamic team based in Canary Wharf. If you are a talented Analyst with experience across business continuity, risk or crisis management we are keen to hear from you. Your role will focus on the creation,...
-
Senior Product Analyst
2 days ago
London, United Kingdom in Newbury Full time1 Senior product analyst securities lending jobs in London full-time London Jobs for Humanity Posted today Senior Product Analyst - Securities Lending full-time London Jobs for Humanity Posted today Job Description Position Type : Full time Type Of Hire : Experienced (relevant combo of work and education) Education Desired : Bachelor of Computer...
-
Senior Information Security Analyst
4 weeks ago
London, United Kingdom Nexus Jobs Limited Full timeSenior Information Security Analyst Our Client is a leading global company specialising in pharma products. They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security. The Senior Information Security Analyst is responsible for maintaining information security policies, architecture,...
-
Contract Security Vulnerability Analyst
7 days ago
London, United Kingdom iFindTech Ltd Full timeVulnerability Management & Security Analyst - Contract Join our team as a Senior Analyst in Vulnerability Management & Security Testing and be part of shaping a top-notch Threat Defence product! We're seeking a Senior Analyst in Vulnerability Management & Security Testing to play a pivotal role in enhancing our Threat Defence capability and elevating our...
-
Cyber Security Analytics Analyst
20 hours ago
London, United Kingdom ARC IT Recruitment Full timeJob DescriptionCyber Security Analytics AnalystCity/hybrid£45K-£54K + bonus and strong benefitsSplunk SIEMCyber Security Analytics Analyst is required to join the security division of prestigious financial services organisation with offices in the heart of the city. Within this role you will join a high-functioning in-house security analytics team with a...
-
Cyber Security Analytics Analyst
1 day ago
London, United Kingdom ARC IT Recruitment Full timeCyber Security Analytics AnalystCity/hybrid£45K-£54K + bonus and strong benefitsSplunk SIEMCyber Security Analytics Analyst is required to join the security division of prestigious financial services organisation with offices in the heart of the city. Within this role you will join a high-functioning in-house security analytics team with a presence both in...
-
Cyber Security Analytics Analyst
2 weeks ago
London, United Kingdom ARC IT Recruitment Full timeCyber Security Analytics Analyst City/hybrid GBP45K-GBP54K + bonus and strong benefits Splunk SIEM Cyber Security Analytics Analyst is required to join the security division of prestigious financial services organisation with offices in the heart of the city. Within this role you will join a high-functioning in-house security analytics team with a...
-
Cyber Security Analytics Analyst
7 hours ago
London, United Kingdom ARC IT Recruitment Full timeJob Description Cyber Security Analytics Analyst City/hybrid £45K-£54K + bonus and strong benefits Splunk SIEM Cyber Security Analytics Analyst is required to join the security division of prestigious financial services organisation with offices in the heart of the city. Within this role you will join a high-functioning in-house security analytics...
-
Senior Security Operations Center Analyst
3 weeks ago
London, United Kingdom Nexere Consulting Full timeSenior SOC Analyst, SIEM - Sentinel, Manage Engine Log 360, QRadar, Splunk, Incident Response Management, Hybrid London 1-2 days per week. We are hiring a Senior SOC Analyst to help build a new SOC function. The role will initially be very hands on, responsible for monitoring and triaging of events and incidents for our client base, using such tools as...
-
Senior Security Operations Center Analyst
2 weeks ago
London, United Kingdom Nexere Consulting Full timeSenior SOC Analyst, SIEM - Sentinel, Manage Engine Log 360, QRadar, Splunk, Incident Response Management, Hybrid London 1-2 days per week. We are hiring a Senior SOC Analyst to help build a new SOC function. The role will initially be very hands on, responsible for monitoring and triaging of events and incidents for our client base, using such tools as...
-
Senior Information Security Analyst
4 weeks ago
London, United Kingdom Jas Gujral Full timeSenior Information Security Analyst Our Client is a leading global company specialising in pharma products. They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security. The Senior Information Security Analyst is responsible for maintaining information security policies, architecture,...
-
Senior Information Security Analyst
4 weeks ago
London, United Kingdom Nexus Jobs Limited Full timeJob Description Senior Information Security Analyst Our Client is a leading global company specialising in pharma products. They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security. The Senior Information Security Analyst is responsible for maintaining information security policies,...
