Senior Security Operations Analyst

SpinWell Global

Spinwell Global is a team of recruitment experts with experience spanning the globe. With a breadth of skills, including a proper understanding of the business needs, environment and an in-depth knowledge of our niche market place, the team have been successfully providing recruitment solutions and matching applicants and companies for several decades. Concentrating in specific sectors we are a company that realises that it is a benefit to our customers to be a specialist in a few areas rather than a generalist in many.

Key tasks and deliverables:

  • To lead the identification of threats and the detection of malicious behaviour on the Department’s IT estate.
  • To develop protective monitoring processes and systems to support the effective mitigation of risks to DWP’s information systems.
  • To advise on security remediation plans and strategies based on analysis of security threats and vulnerabilities on the estate.
  • To advise on mitigation against known vulnerabilities and risks within DWP’s information systems.
  • To provide the technical lead in incident response, digital forensics and full malware analysis. Provide expertise to ensure these activities meet all statutory, evidential, Departmental and ethical guidelines.
  • To lead in the successful identification of known security vulnerabilities on the Department’s IT estate; providing advice on security remediation plans, risk mitigation and strategies based on analysis of security vulnerabilities on the estate within DWP’s information systems.
  • Design and build complex interrogation scenarios/playbooks using threat intelligence, providing automated data analysis to detect potential abuse or malicious activity.
  • Building documented processes and procedures to ensure all aspects of incident response, digital forensics and malware analysis are carried out in an evidentially secure manner and comply with all statutory, Departmental and ethical guidelines.
  • Ensure the prompt and accurate analysis of data, logs and audit trails to help identify potential security breaches, cyber-attacks or abuse.
  • Provide advice to analysts to support the analysis of anomalies/interpretation of outputs from system logs and audit trails.
  • Lead engagement with DWP business areas to ensure the latest threat intelligence is risk assessed and scenarios to detect abuse and malicious activity are relevant to the changing risk landscape.
  • Provide advice to internal and external DWP stakeholders on developing proportionate controls to mitigate risks to data held on the Department’s IT estate.
  • Lead the development of protective monitoring processes and systems to help mitigate risks to DWP’s information systems.
  • Contribute to the development of communications and stakeholder management strategies, which increase understanding of protective monitoring and processing risks across the Department.
  • Lead the design and delivery of vulnerability assessments and penetration tests.
  • Lead the analysis and interpretation of penetration tests to determine actions and remediation.
  • Lead the analysis of cyber security events and incidents and recommend remediation steps.
  • Assess DWP’s existing capability in collecting, analysing, escalating, and responding to potential cyber-attacks.
  • Implement continuous security vulnerability assessment plans based on the analysis of security threats and vulnerabilities on the estate.
  • Lead delivery of measurable security through vulnerability assessment reporting for mitigating threats and vulnerabilities.
  • Lead development and maintenance of associated policies and standards for mitigating threats and vulnerabilities.
  • Execute security testing to identify security vulnerabilities on the DWP IT estate.
  • Lead the analysis of vulnerabilities and risks across DWP’s Information and Communications Technology (ICT) systems.
  • Review risk assessments of networks, systems, firewalls and anti-virus systems, and recommend proportionate mitigation activity as necessary.
  • Lead the acquisition and analysis of digital images or other data sources including malware to investigate and resolve security incidents, and inform DWP’s response to attack and compromise.
  • Provide technical expertise for the production of Indicators Of Compromise, the resolution of Requests for Information and the production of threat intelligence products.
  • Lead and develop a team of Security Operations Analyst s to achieve optimum outputs.

Experience Required:
Essential Skills

  • BCS Certificate in Information Security Management
  • Proven expertise using digital forensic and malware analysis tools,commercial or open source
  • Proven expertise in the acquisition of digital images from diverse devices including laptop computers,mobile phones and stand-alone storage devices
  • A thorough understanding of the structures underpinning corporate IT systems and how these structures can be compromised and exploited
  • Understanding of the concepts of information security,current and emerging IT security,data protection,and information risk principles and technologies
  • Understanding of security monitoring,intrusion detection,prevention and control systems including firewalls,anti-virus,web proxies and security software
  • Understanding of threat intelligence,security monitoring and vulnerability management tools
  • Ability to influence senior managers at Senior Civil Servant level and above,and to articulate complex security-related messages and recommendations in accessible language tailored for the target audience
  • Well-developed analytical skills,with the ability to swiftly analyse significant quantities of complex data and draw firm conclusions to influence the acceptance of recommendations
  • Experience of managing cybersecurity or fraud incidents across large sets of information
  • Strong knowledge and understanding of the concepts of information security,and of current and emerging IT security,data protection and information risk principles and technologies
  • Experience of managing multiple priorities and responding flexibly and effectively to competing demands,balancing priorities accordingly
  • Comfortable relying on others’ expertise to inform effective decision making

Desirable

  • BCS Certified Information Systems Security Professional (CISSP),or equivalent security qualification
  • Understanding of common network services,including web,mail,file transfer protocol,network vulnerabilities and network attack patterns
  • Understanding of UK public sector Security Policy Framework (SPF),CESG InfoSec Standards, Centre for the Protection of National Infrastructure (CPNI) documents and the Government Secure intranet (GSi) Code of Connection and current government/CESG standards
  • Understanding of industry standards for information security policies,governance processes,risk and control frameworks,such as the ISO27001 standard
  • Understanding of Her Majesty’s Government (HMG) and Departmental policies and standards
  • Experience of automated vulnerability remediation tools such as BigFix or Tanium
  • Understanding of penetration testing methodologies
  • Understanding of analysis and query tools
  • Understanding of organisational (or DWP) operational processes
  • Leadership skills
  • Planning and management skills
  • Well-developed communications,stakeholder management and interpersonal skills
  • Awareness of appropriate software development languages (e.g. Python,Java,JSON,Node.js), COBOL
  • Awareness of Agile project methodology and/or experience of system development in an Agile environment
  • Working knowledge of commercial processes
  • Proven experience advising and applying risk-based proportionate security controls in decision-making
  • Experience facilitating risk workshops to identify proportionate control requirements
  • Experience working with a wide range of clients/stakeholders from commissioning work through to delivery,using appropriate techniques
  • Strong experience of using analytical tools to identify security/fraud compromises within large amounts of complex data
  • Strong experience of analysing large datasets to find anomalies
  • Strong experience of applying information security expertise to protect data

Additional qualifications:

SFIA 6

  • Project Management – Level 4
  • Relationship Management – Level 6
  • Information Security – Level 5
  • Business Risk Management – Level 5
  • Relationship Management – Level 5 (for STRAPSO & Crypto Custodian only)
  • Continuity Management Level 5 (for STRAPSO & Crypto Custodian only)

GIAC Certified Intrusion Analyst (GCIA),GIAC Continuous Monitoring Certification (GMON),GIAC Security Essentials (GSEC),GIAC Certified Enterprise Defender,GIAC Certified Forensic Analyst (GCFA),GIAC Certified Incident Handler (GCIH),GIAC Network Forensic Analyst (GNFA),GIAC Malware Reverse Engineer (GREM) or equivalent qualification

Share: