Cyber Security Specialist

Resource are partnering with a reputable non-for profit organisation who are embarking on an exciting infosec transformation programme. The role is required to support the programme of work to rapidly enhance the InfoSec posture and see increased resilience against current cyber threats. The role demands someone with experience of delivering change and a sound understanding of IT security and the capability that cyber essentials provides. It will entail close working with a key and one other third party infrastructure provider as well as internal staff in various teams including IT Ops, Shared Services & InfoSec. 

Objectives:

The role is required to:

• Define and see implemented appropriate security incident and trend reporting and triage, ensuring that this can be achieved 24/7
• Developing and implementing a monitoring strategy with supporting policies that takes account of security incidents and attacks and internal incident management policies; ensure that inbound and outbound network traffic is continuously monitored to identify trends that might indicate attacks and/or data compromises
• Assist InfoSec/IT Ops with Vulnerability Management (VM) ensuring that VM is delivered against a formalised programme of work and one that sees focus on resolution of the most critical and high issues first against priorities that take account of risk and asset priorities
• Assist the team to implement a security patching strategy based on risk and asset priorities
• Help build, populate and automate where possible the organisation’s InfoSec scorecard

Identify areas encountered during delivery not covered above for improvement, highlighting potential remedies or tools

Role Capabilities/Experience:

Essential:

• A background in delivering practical implementation of IT security in mid to large environments/networks and familiarity with SOC operations and VM
• Experience of effective working with 3rd party IT providers
• Strong emotional capital, the ability to communicate clearly both verbally, in writing and to build strong relationships
• Strong understanding/familiarisation of and with Cyber Essentials and the role these play in keeping organisations and their data secure, together with the linkage to wider organisational policy, business and risk
• Demonstrable track record in delivering change within Cyber Essentials subject areas/substantive IT Security programmes
• Engineering experience in Network & Cloud Security

Desirable:

• Familiarity with M365/Azure
• SOC and incident response experience
• Sec Ops experience

Qualifications:

Desirable:

• CCSP or equivalent
• ISO 27001/2 or NIST familiarity