Cyber Security Analyst

As Cyber Security Analyst, you'll be responsible for supporting the ongoing operation and improvement of Cyber and Information Security systems to ensure Openwork's system are protected against threats to its IT systems. The primary goal is to protect Openwork's IT systems from internal and external threats. The analyst will need to understand the IT infrastructure, to monitor using the tools provided, evaluate threats that could potentially harm the organisation, and respond to security breaches. This role would suit someone from a technical background who is proficient in investigating technical IT security issues and pulling together information from various sources to determine if a situation presents a risk. Working with internal teams and/or suppliers to resolve or mitigate risks identified. Our systems are primarily built using the Microsoft stack with a desire to make increased use of cloud technology including but not limited to Azure, Dynamics 365, and Office 365.,

• Security Incident Investigation - Highly skilled in responding to security breaches, intrusions, or other security incidents. working closely with an outsourced SOC and internal teams.
• Security Tooling - Proficient in the use of a variety of security tools that will be monitored and used in the response to security incidents.
• Proactive Monitoring - Utilise Security tools and features to protect the Openwork boundary, endpoints, servers and O365 systems.
• Process -Creation, maintenance and accuracy of process documentation such as incident response processes and playbooks.
• Vulnerability Management - Proactive review and improvement of our vulnerability management posture (work with other teams to ensure timely remediation).
• Threat Intelligence - Utilize threat intelligence services proactive threat hunting to identify and response to risk Controls Assurance
• Assist with ongoing implementation, monitoring, testing, and reporting of security control coverage, compliance with policy and control effectiveness at reducing risk.
• Security Testing - Help deliver a security testing programme covering critical systems and services to identify, track and remediate findings.
• Audit - Support regular internal and external audit activities.
• Project & Change Engagement - Support the security by design approach through articulation of security requirements and ensuring appropriate security due diligence.
• Horizon Scanning - Enhance security capabilities by evaluating new technologies and features.
• Continuous Improvement - Mature the security function by continuously improving technical systems and documented processes.
• Threats - Keep abreast of emerging threat types, active threats, and ways to protect Openwork systems against these.
• Security Policies and Standards - Support the development and implementation of security policies and standards.
• Reporting - Gather and collate data to assist with the production of security-related reporting.
• Data Security - Ensure appropriate data security utilising various data loss prevention tools, methods, and techniques.
• Vendor Management - Foster good working relationships with 3rd party vendors to ensure tooling is appropriately configured, active lines of communication and escalation procedures are in place.
• Identity - Monitor the identity landscape and respond to identity related threats
  
  Strong knowledge of information security principles and practices.
• Proven track record of utilising security tools to monitor systems and assess risk.
• Proven track record of managing security incidents.
• Experience working successfully with 3rd Party vendors.
• Participation in audits, assurance reviews and risk assessments across complex environments.
• Experience working in financial services or a regulated environment would be advantageous.
• Exposure to the tools and techniques used for vulnerability scanning, penetration testing, firewalls, WAF, endpoint security, browsing and email controls.
• Investigating and troubleshooting technical issues from identification to resolution, working with internal teams and suppliers as necessary. Knowledge:
• Understanding of security best practices across multiple domains of information security, ideally in a Microsoft-dominated ecosystem.
• Familiarity with security technologies and tooling (e.g., Microsoft Defender 365, vulnerability management, threat intelligence and web proxy tooling).
• Knowledge of cybersecurity frameworks and standards (e.g., NIST, CIS, ISO27001, OWASP, Cyber Essentials).
• Ability to confidently convey security concepts to peers in technical teams.
• Ability to operate in a fast-paced environment with the skills to deal with complex issues.
• Ability to pull together information from various sources to investigate and troubleshoot issues from discovery through to resolution.
• Demonstrable experience of producing security-related data and reports.
• Strong 'can do' attitude and a self-starter looking to progress in the field of information security.
• Ability to prioritise when faced with a varied and sometimes substantial workload.
• Be a Security advocate and work with other technology teams to embed security in day-to-day operations, designs, and implementations.
• Thorough and detailed orientation to be to be able to complete security incident reports and in the creation and maintenance of incident response documentation.
  
  We're a dynamic, fast-paced and growing business with huge ambition. This is all made possible by the brilliant people who are part of The Openwork Partnership family. We're investing heavily in our colleagues, continuously striving to give them the platform to develop personally and professionally and reach their full potential.
We're also very proud of our culture, as one of the Best 100 Large Companies to work for in 2022. The Openwork Partnership values and respects individuality and we are committed to building an inclusive culture and environment where you can balance a successful career with your commitments and interests outside of work. We believe that you will bring your best self to work if you are trusted to choose when, where and how you do it. On top of offering a modern workplace with bags of development opportunities, we also offer a highly attractive benefits package to reward you for your hard work. This includes a competitive base salary, an industry-leading annual bonus, enhanced pension, critical illness cover, income protection and a range of other flexible benefits.

The role holder will foster strong peer relationships across the Business to promote and encourage good security practice and support Business functions in delivering the required programme of security-related change. The benefits:
• Salary - up to £50,000
• Bonus scheme - on target bonus - 7.5%
• Pension scheme - contribute up to 5% of your salary and Openwork will match you and put in an extra 5%
• Critical illness cover
• Income protection - 1x salary
• Death in service - 4x salary
• 25 days holiday + bank holidays, with the opportunity to buy up to an additional 10 days
• A range of other flexible benefits to include private medical insurance, dental insurance and much more.