ROLE SUMMARYThe role of the Security Team is to keep the University and its people safe from all forms of cyber security threat, working to minimise the likelihood of disruption to teaching, research and business activities. It does this through a combination of security technologies, controls, processes, policies and by working in partnership with colleagues across the University to ensure that everyone understands the part they play in staying safe online.

As a Senior Information Security Analyst, you will be a leader in all of the key operational activities of the Security Team, including monitoring for and responding to attacks and alerts, improving our detection and response capabilities, handling requests and queries, making changes to security solutions, establishing processes, creating documentation. You will develop your own knowledge and skills in the field of information security while supporting other team members to develop theirs and promote best practice with colleagues across the University.

• Use and develop the University’s SIEM, SOAR and other security solutions to monitor for and respond to attacks, intrusions and unusual, unauthorised or illegal activity. Ensure that these systems function optimally at all times.

• Conduct security investigations, incident response activities and vulnerability assessments. This may occasionally require working extended hours as determined by the severity of the incident.

• Maintain an awareness of the external threat landscape and attacker TTPs, by engaging with trusted sources of threat intelligence and vulnerability information and using this information to direct and continually improve incident response processes.

• Plan and lead operational activities on security solutions e.g. configuration changes or upgrades, including acting as a peer reviewer for changes proposed by other team members and the identification and implementation of new solutions as required. This may occasionally require working outside normal business hours e.g. in evenings or at weekends.

• Monitor for and conscientiously respond to messages, requests and queries received via the service desk ticketing system, email, instant messaging, telephone, etc. by providing advice, support or services as required. This includes communicating with students, staff, suppliers, external bodies, etc. The role holder may be requested to participate in the “Out of Hours Support” scheme if required.

• Take an active role in discussions, meetings, reviews, groups and projects to ensure that information security issues are being adequately addressed and to offer specialist advice and direction as required, including the evaluation of proposed solutions and assessment of external suppliers.

• Lead Information Services projects, including the completion of all relevant project documentation, management of resources, planning of milestones, scheduling of meetings, etc. This will also include ensuing that the change is embedded to realise expected benefits through effective communication and stakeholder management.

• Maintain an enthusiasm and passion for information security and a commitment to ongoing professional development in this area, by attending relevant conferences or events, obtaining recognised security certifications or developing a specialisation for a particular area of information security or technology.

• Promote security best practice across the University.

• Role model the University’s values & behaviours.

• Be responsible for ensuring that the information and records processed (received, created, used, stored, destroyed) on behalf of the University are managed in compliance with ALL applicable legislation, codes and policies e.g. Data Protection, Information Security and Records Management.

Education / Qualifications

• A degree in a relevant discipline. Candidates with other qualifications will be considered if they also have practical experience in a relevant role.

• CompTIA Security+, (ISC)² SSCP or any other similar industry/professional certification, ideally related to cyber security. (DESIRABLE)

Skills / Experience

• Knowledge of the information security issues faced by organisations.

• Knowledge of common security threats and how they can be defended against.

• Knowledge of relevant networking concepts – IP addresses, subnets, protocols/ports, DHCP, DNS, HTTP, TLS, VPN.

• Knowledge of basic operating system concepts – users, groups, files, executables, processes, sockets.

• Knowledge of basic system and application access control concepts – roles, permissions, inheritance, nesting, precedence, access control lists, allowlists, blocklists.

• Experience of working with system and application log files, including correctly establishing the order in which events occurred and combining information from multiple sources.

• Experience of working in a Security Operations Centre or similar role.

• Knowledge of and experience using SIEM solutions.

• Knowledge of other security solutions including firewalls, Intrusion Prevention Systems, web filters, VPNs, endpoint security/anti-malware, Mobile Device Management, encryption, DDoS mitigation, automated vulnerability scanners.

• Experience of writing simple scripts (in a common language such as PowerShell or Python) to automate tasks, retrieve and manipulate data, integrate systems, etc.

• Excellent attention to detail, ensuring that information is conveyed accurately, recorded precisely and tasks are completed correctly.

• Excellent analytical, logical thinking and problem-solving skills, with a strong desire to understand how things work and why things are.

• Very good written and verbal communication skills, with an ability to share information clearly and concisely in both styles.

• Very good organisational skills, with an ability to handle multiple pieces of work at the same time and to deliver results within agreed timescales and with minimal oversight from line management.

• An independent and proactive learner, with a willingness to share knowledge with others but seek advice or support when necessary.

Desirable skills

• Knowledge of and experience using SOAR solutions. (DESIRABLE)
• Knowledge of and experience using Microsoft 365 security solutions.
• Knowledge of and experience using Microsoft Azure security solutions.
• Knowledge of and experience using Cisco network security solutions.
• Knowledge of and experience using VMware datacentre security solutions.
• Experience of using several different operating systems.
• An awareness of the higher education environment and the challenges this can pose for the adoption of rigorous security policies and controls.