The security analyst will work in the IT department to help safeguard Nominet’s infrastructure and data systems. Security and resilience are top priorities as Nominet systems are integral to the continued operations of the Internet.
The security analyst will combine their knowledge of the security landscape and the tools which are used to monitor and mitigate against cyber threats, to provide insight and assurance of Nominet’s security risks.
This role will suit a person that has a strong interest in security and has experience with the tools and processes used in an Information Security Management System. They should have good communication skills, a can-do attitude and a willingness to learn.
- Analysis and reporting on a wide variety of security data to provide situational awareness and trends in behaviours. Data sources include access logs, DNS data, intrusion detection systems and syslogs.
- Assessments of security reports from internal and external sources.
- Conduct security risk assessments on a wide variety of topics including IT systems and architecture, development processes and IT operations.
- Incident response to vulnerabilities found or active security incidents.
- Identify and research future security initiatives to protect Nominet and its customers.
- Communication of security issues, describing technical and non-technical findings in a way to suit your audience
- Become an authority and expert on all aspects of Cyber Security at Nominet
- Add to the ethos of a world class internet company with innovation, hard-work and a true passion for technology
- Works effectively as ‘part of the Company team’, communicates and advises with a positive attitude at all levels both internally and externally
- Works effectively as part of a department team, recognises areas where support is required and offers assistance proactively.
- Is flexible and adaptable in approach. A 'go to' person.
- Takes an active role in personal development and frequently reviews individual objectives and attends training sessions as required
- Professionally manages workload and can work independently
- Able to effectively plan ahead, problem solve and use initiative
Key results / Outputs and deliverables
- Accountable for the maintenance and further development of security monitoring of Nominet infrastructure and data systems.
- Managing security incidents and assisting in their resolution
- Conducting risk assessments across the business
- Conducting vulnerability assessments on aspects of the infrastructure.
- Working with the Head of Information Security in maintaining ISO27001, setting security strategy and policy
- Working on various initiatives to promote a positive security culture with all staff and key stakeholders
- Providing advice and insight to broader cyber security issues affecting Nominet
Professional skills, background and profile
The ideal candidate would have a real interest and enthusiasm for information security. The new role covers broad aspects of security and the candidate has the opportunity to help shape future security operations. He/she would bring fresh and exciting ideas to the role and have a very inquisitive and analytical mind. He/she would have the ability to work as part of a team as well as being strongly self-motivated.
- Experience of analysing data such as system logs, firewall logs, Intrusion detection systems and access logs. Experience of using a SIEM is desirable but not essential
- Understanding of network protocols and experience in analysis tools such as Wireshark
- An ability to analyse complex data, make informed decisions and communicate effectively to the relevant audience
- Understanding of security processes including vulnerability management, cyber threat monitoring and risk management processes
- Security qualification such as CISMP, CISSP, CISM or degree in a computing-related or other numerate subject such as Computer Science, IT, Physics or Maths. Qualifications can be replaced by good quality experience in the workplace.
- A strong interest and enthusiasm in information security and emerging threats