Security & Vulnerability Analyst
Recruiter
Listed on
Location
Salary/Rate
Salary Notes
Type
This job has now expired please search on the home page to find live IT Jobs.
Role summary/purpose of job
The IT Security Operations Team designs, implements and maintains wide range of Security services and tools including but not limited to; Firewalls, Secure Remote Gateways, Network Segmentation systems, IPS, Web Filtering solutions, multi factor Authentication and Privileged Access management tools, endpoints security tools as well as SSL Certificate Management systems and encryption tools. The team also responsible for Vulnerability Management and remediation planning activity in aim to keep on top of new and existing threats and make sure we keep our environment and Data safe and compliant with Security Policy.
Working in a "DevOps like" operating model, the Security Analyst is recognized as the subject matter expert supporting the wider teams across infrastructure and core platforms; ensuring the firm's new and existing security and vulnerability management technologies run efficiently and effectively on a day to day basis whilst at the same time evolving the service delivered by the team's function to adapt to an ever changing environment.
Key responsibilities and deliverables
Technical Responsibilities
Takes a leading role in day to day vulnerability management activity.
Review scan reports, identify vulnerable components and its owners, help apps/system owners to perform an initial security risk analysis and create remediation plan.
Look after vulnerability dashboard and make sure we have up to date vulnerability info visible for Apps/System owners and prepare reports for IT Senior Management and Information Security Group.
Work closely with ISG (Information Security Group) under review of new/emerging vulnerabilities/threats and help with initial prioritisation and remediation.
Help Apps/Service owners to prepare and execute remediation plans or design and implement compensation controls to cover an existing vulnerability.
Gather security notifications from our vendors and perform an initial analysis and reports.
Aid ISG with security incidents investigation and problem resolution.
Review/update an existing Vulnerability processes and procedures.
Take a leading role and act as a bridge between ISG, PMO and IT Infrastructure
Make sure that all critical Apps/Services configured to submit required security/apps logs to SIEM.
Key requirements
Essential
Good working knowledge of Vulnerability scanning and management platforms.
Have strong organisational and communication capabilities.
Working knowledge of - Rapid7/Tenable/Qualys Solutions, vulnerability and patch Management tools (SNow).
Extensive Knowledge of Security modern threats, Cyber attacks vector and Indicators of compromise (IOCs).
Good knowledge around information security best practices
Knowledge of OWASP top 10 and software development security controls.
Public Cloud security controls.
Good understanding of Network and IT Infrastructure security best practice and hardening methodology.
Desirable Experience
Professional Service experience
Prior, multicultural and/or global organisation experience
Experience of operating in a DevOps environment
Desirable Technical Skills
Network Security Services: Web/Email filtering, Firewalls, VMware NSX platform, MFA and PAM tools.
Experience of conducting penetrations tests
Knowledge of 2nd and 3rd layer protocols.
Knowledge and experience of current Windows server operating environments
Desirable Qualifications
ITIL Service Management Foundation certification (or equivalent)
CISSP
CCNA
Juniper - JNCSP, any JNCP security track certification
Inclusion
Freshfields is an equal opportunities employer and all applications received by the firm will be considered by the firm on the basis of their merit alone and we welcome applications from all suitably qualified individuals regardless of background. All offers of employment will be conditional on the candidate having/securing the right to work in the UK and providing the firm with evidence of that right (as required by the Immigration, Asylum and Nationality Act 2006) prior to employment commencing.
Freshfields is a Ban the Box employer. We ask applicants to disclose criminal convictions only when a conditional job offer is made. A conviction does not automatically lead to withdrawal of the offer: we make decisions on a case by case basis and take a number of factors into account (e.g. the role you are applying for and the circumstances of the offence). You would have the opportunity to discuss the matter with us before we make a decision.