Information Security Analyst

ROLE PROFILE

JOB TITLE: Information Security Analyst

REPORTS TO: CISO

DEPARTMENT: Information Security

COMPANY: Telrock Systems Limited

INTRODUCTION:

With offices in London UK and Atlanta USA, Telrock is a rapidly growing, successful international technology company providing modern SaaS-based, PCI DSS compliant digital engagement and debt collection software solutions to banks, financial services companies and other organisations in the EMEA and North America regions. The company delivers its solutions on private Cloud owned IT technology, with infrastructure hosted at leading third-party hosting providers. The company wishes to strengthen its CISO office team through the appointment of an experienced Information Security Analyst to continue development and oversight of its evolving information and operational security risk management posture. The position will report to the UK based CISO.

ROLE PURPOSE:

The role holder will work directly with IT operations, DevSecOps, Development, Service Delivery, and external stakeholder functions to ensure that business information is protected in-line with the corporate information and cyber security programme and to meet a key business objective of maintaining compliance and regulatory standards. The role holder will assist in the development of security processes and management of information security on a day-to-day basis, by ensuring people, processes and technology comply with the corporate information security, monitoring and review of IT security controls and providing recommendations for improvements.

ROLE RESPONSIBILITIES

Key
Accountabilities

Key Activities / Decision Areas

Threat and Vulnerability Management

• Carry out regular monitoring of the following IT security controls, ensuring threats to business information are identified, logged, remediated and escalated in a timely manner:
  • Vulnerability monitoring
  • Security Information & Event Management
  • IT system secure configuration reviews
  • Intrusion detection/prevention systems
  • Anti-malware protection
  • Data Loss Prevention
  • Web Application Firewall
  • E-mail and Web content control
  • File Integrity Monitoring
  • Cloud operations
• Research and advise on emerging threat actors/sources, zero-day exploits, vulnerabilities, malware, APTs and data exfiltration methods

SIEM and Incident Response

• Ensuring security event logs are monitored and triaged
• Participate in incident response, ensuring timely response actions and appropriate escalation

Technical Vulnerability Management

• Responsible for all aspects of technical vulnerability scanning, reporting and remediation advisory to IT system custodians
• Responsible for the engagement, delivery and management of all vulnerability exploitation testing

Supply Chain Management

• Conducting supplier InfoSec due diligence and periodic risk reviews

Security Education & Awareness Training

• Mature stakeholder InfoSec culture through delivery and reporting of cyber security awareness training and user security assessments

Risk Management

• Deliver information security risk assessments and manage IT policy exceptions

Secure SDLC

• Advise on secure coding and DevSecOps methodology & practice

Regulation & Compliance

• Maintain InfoSec regulation and compliance standards e.g. PCI DSS, SOC2

PERSON SPECIFICATION

Skills, Qualifications and Experience relevant to the Role

Key Performance Criteria

Knowledge and Experience:

• Applicants will have a technical background with at least 5 years exposure to IT administration, IT operations, and IT security and at least 2 years exposure to InfoSec/Cyber security
• Knowledge of current security threats and trends; exposure and/or appreciation of root causes of cyber-attack methodologies e.g. e-mail phishing, malware, data breaches, etc
• Fundamentals of data protection (e.g. GDPR)
• Working under an InfoSec policy framework (e.g. to IOS 27001 standards)
• Exposure to payment services technologies
• Experience implementing and/or maintaining formal best practice information security compliance or certification (e.g., PCI DSS and SOC2 type2)

Competencies:

• Analytical skills and an ability to analyse technical information to identify patterns and trends
• Maintain a current understanding of common vulnerabilities and appropriate remediation
• Documenting operational and security problems within IT service management systems
• Information risk management
• Workload prioritisation management
• Communicating and escalating at all stakeholder levels

Technical Skills:

• Hands-on skills with:
• Linux
• Network and web application firewalls
• Core networking VLANs/Segmentation
• Secure IT system build standards
• Vulnerability scanners e.g. Qualys
• Patch management
• Security event logging/SIEM
• Enterprise password managers
• Reverse proxy
• Virtualisation
• Identity access management
• RAVPN/IPSec VPNs
• Cryptography
• Digital certificate management
• MFA
• Scripting/RegEx

• Working knowledge of:
• Databases & stored procedures
• Web Servers
• APIs
• Application event logging
• Penetration testing techniques
• DevSecOps – development pipeline security
• SDLC – OWASP Top 10/API
• Web application development
• Cloud technologies
• Load Balancing/HA
• Containerisation
• Single-Sign-on/SAML
• Host intrusion prevention
• File transfer mechanisms

Education, Qualifications & Accreditations:

• BSc/MSc in science, technology, engineering, or mathematics (STEM)
• Industry InfoSec qualifications e.g. CompTIA Security+; Cisco CCNA Security; CySA+; CCSP; CISSP
• Penetration testing qualifications e.g. Certified Ethical Hacker (CEH); GIAC GPEN; CREST
• Accreditations e.g. ISO 27001 Lead Implementer, PCI QSA

Languages:

• Fluent in English

Personal Attributes:

• A passion for information/cyber security
• Highly motivated, self-driven, responsible, reliable and organised individual able to use own initiative, manage own time and workload and an excellent attention to detail
• Good oral/written communications
• Capable of developing a strong working relationship with peers to encourage good security practices
• Collaborative and team-oriented, flexible attitude, adhering to a high standard of ethical behaviour
• Maintains continual professional development (CPD)

Location and Hours of Work

UK Head Office

Telrock Systems Ltd

1st Floor, Verse Building

18 Brunswick Place

London N1 6DZ

Core hours: Monday to Friday, 09:00 – 17:00

You may be required to work at home or from any of the Company’s offices. You may be required to work on shift patterns, out of hours or on an on-call basis to provide Information Security Incident Response cover.

Please note that this job description does not form part of your employment contract. The Company can modify your job duties or amend this job description at any time.

Notices: Please include in your application the following notices:

Please acknowledge that you understand that this is a full time London Office based opportunity and no relocation package is available

Confirm your eligibility to work i.e. Right to Work in the UK

Only applications with an attached resume will be reviewed*