IT Security Officer
Posted: 2nd August 2021
- In this role you will be required to support the IT Security Manager in the continuation of securing and maintaining the cyber security posture of 3 (Expanding to 6) live Datacentre environments. This role will focus heavily on technical implementation, research, monitoring and measuring of security controls that ensure a high level of protection for multiple network environments.
Key Responsibilities & Duties
- Daily investigation of system logs from monitored devices such as Firewalls, Security Information and Event Management (SIEM) systems and the network environment to identify anomalies such as suspicious network traffic, new user accounts and indications of compromise.
- Smarthost Gateway administration including monitoring and reacting to a live threat environment. Continued improvement works in order to enhance and adapt the Email Gateway’s defensive policies.
- Administer and monitor the Anti-Virus control panel including the creation of new policies to ensure the compliance of all connected machines (Workstations and Servers in all production, EMS, BMS and Security networks).
- Administer and monitor the Web Application Firewall proxy, review websites that employees wish to access. Troubleshoot connection issues with SSL sites for employees. This includes being the first point of contact for the GEO-IP blocking feature on the Firewall, liaise with the network team to resolve.
- Assist with Cloud Security Assessments against proposed cloud SaaS. PaaS and IaaS solutions.
- Continued Cyber Security posture testing of the Workstation, Server, EMS \ BMS network and CCTV environments, including testing of new vulnerabilities as they are discovered.
- Assist in the re-certification of IT Security related audits which include ISO 27001 and Cyber Essentials Plus accreditation scheme. Host, assist and remediate actions presented by external auditors.
- Liaise with the IT Security Manager to conduct intelligence projects into current and evolving threats from various information security websites, “dark net” forums and Cyber Security groups using inhouse Cyber Threat Intelligence tools. Research new methods and tools which could be used against installed infrastructure, including carrying out internal penetration tests in order to improve the security posture of the organisation.
- Capture, review and investigation of received Malware that bypasses security systems. Reverse engineer Malware to discover C2 (Command and control Server) origins and ascertain IOC’s (Indicators of Compromise) to confirm the infection vector and remediate. Conduct forensics on infected systems and create new security policies to vaccinate against further attacks.
- Conduct investigations and reporting for incoming phishing emails, mitigate infection vector and discover origin in order to block senders. Conduct OSINT (Open Source Intelligence) against senders and liaise with NCSC to expedite cessation of further threats.
- Conduct Phishing tests against employees and departments, collate results and complete security awareness training.
- Assist Penetration Testers including completing prerequisites prior arrival, creation and configuration of workspace, agreement on scope of works and technical knowledge of installed infrastructure including assistance where required.
- Cyber Security Penetration test remediation works including reporting vulnerabilities to the SLT and NCSC, remediation of discovered vulnerabilities and proof of work within a strict time frame.
- Complete security reviews against all external public facing services such as our corporate website, ticketing system and future perimeter services.
- Liaise with Construction and contractors, implement best practices and build reviews of their hardware that is used within the network infrastructure. Recommend hardening procedures for equipment used in current and new buildings.
- Assist the IT Security Manager to provide security reports, talks, training and demonstrations in order to confirm the infrastructures Cyber Security posture.
- Assist the IT team with the patching of the estate including Corporate, Security, BMS and EMS Servers and workstations. This includes 3rd party software being used in the corporate environment.
- Continue to enhance security posture for the employees and company, introduce new tools and policies, assist with SIMEX and disaster recovery exercises.
- Manage the implementation and monitoring of “Honeypots” to detect intruders inside the network.
- Assist the IT Security Manager in providing weekly and monthly threat intelligence reports for SLT.
- Continued survey of software used by Ark to ensure no company acquisitions affect Arks ISO 27001 accreditation or security posture.
- Training and security awareness for all staff, create a “security knowledgebase” system that all staff can access.
Experience, Skills & Qualifications
- Strong background in IT and information systems, architectures and applications, such as knowledge of Windows OS, Linux OS, networking, Active Directory, VMWare and Azure
- MSc or BSc in computer science, technology or security subject is an advantage
- Certifications such as SSCP, GISF, AZ-500, Security+ and CEH is an advantage
- Experience with anti-virus software, Email Gateway Smarthosts, intrusion detection, firewalls and web application firewall content filtering
- Knowledge of designing secure networks, systems and application architectures
- Knowledge of disaster recovery, computer forensic tools, technologies and methods
- Professional experience in a system administration role supporting multiple platforms and applications
- Ability to obtain SC security clearance
Apply for this position
To be considered for this position, please email your CV and a covering letter to firstname.lastname@example.org.