Overall Job Purpose:
The security of information is critical to the ongoing success and reputation of the SCC Secure Data Centre Services business as a Managed Security Service Provider (MSSP). The Information Security Technical Specialist will work as part of the DCS Security Service Platforms team, and will report directly to the Information Security Compliance Manager.
The Information Security Technical Specialist will work across internal and customer environments, to perform, ad-hoc, vulnerability management and project based daily duties across various security platforms, technologies and services.
In order to carry out the required job functions, it is essential to liaise with not only team members but various internal and external teams to ensure policy and processes are being followed to meet internal, customer and compliance requirements.
The role of Information Security Technical Specialist will also form part of the core security team that deliver and drives continual service improvement across the internal Cyber Security Centre function and core platforms covering Data Centre Services and SCC customers ensuring delivery of best of breed compliant security services in the most effective and efficient manner.
Main Duties of the Job:
- Act as technical subject matter expert (SME) primarily focussed on Vulnerability Management monitoring and Security Testing
- Ensure that Penetration & Vulnerability scanning is performed in line with best practice and company policy. Resolve and/or reports findings to allow risk management to be performed and effective resolution to be achieved
- Provide technical consultancy support to Vulnerability Management projects to assist in the preparation of reports that document vulnerabilities. Including applying quantitative and qualitative risk analysis articulating compliance risk in technical and non-technical terminology, so that it can be interpreted by SCC, its customers both IT and business individuals alike
- Advise and guide on your recommendations on vulnerability remediation measures, using knowledge and experience to substantiate your recommendations
- Collaborate with IT technical teams across the business to deliver Information Security Service improvements
- Provide end to end engagement on a wider range of security projects as a security technical SME including ensuring the governance and change control is enforced
- Provide technical consultancy and project engineering support in the development of the SIEM platform on-boarding process and procedures, ensuring best practice is implemented when possible
- Ensure defined technical compliance functional requirements for each on boarding project and ensure that they are fulfilled prior to going into service
- Champion awareness of developing Information Technology and security risk landscape across the Security Services and the wider business
- Understand the implications of standards and regulations such as GDPR, ISO27001, NCSC Cloud Security Principles, SOAR, to inform decision making
- Assess the current technology infrastructure to identify information security and compliance risk areas and recommend controls to address those risks
- Continually reviewing security threats that require technical support and ensuring resolution is appropriately planned, carried out, checked and reviewed
- Subject matter expert in multiple areas such as Vulnerability Management tools, Windows, Unix, firewalls, intrusion detection, SIEM, threat detection analysis, or information risk management
- Understand security requirements in the Cloud and be able to drive technical implementation requirements
- Solid and demonstrable comprehension of Information Security including malware, emerging threats, attacks, and vulnerability management
- Possess excellent understanding of networking and operational environment concepts
- Possess excellent communication, presentational, critical thinking problem solving, analytical and prioritisation skills.
- Drive policy, process and procedure developed, maintenance and improvement
- Strong working security knowledge and experience gained working with standard accreditation frameworks.
- Identifying technical compliance deviations; manage and driving them to resolution
- Own workload, ensuring work is delivered on time, and exceeds management’s expectations
- Be a self-starter and proactive in driving forward security for the benefit of the business
- Continued self-development and understanding of Information Technology within the Information Security landscape
- Possess strong briefing skills and technics to enable you to brief at all levels and across the business and its customers
- Experience of ITIL v4
- A minimum of 5 years’ experience within a Security Services environment
- Positive personal qualities including drive, professionalism, integrity and teamwork
- Security Clearance (SC) or be able willing to undergo the process to gain clearance
- Hold a recognised Information Security qualification (e.g. CISSP, CISM, CEH and/or SANS GIAC, GCIA, GCIH or demonstrate strong capabilities in Information Security Compliance)
- Hold Network, Security, or Platform certification(s) (S+, N+, MCSP, CCNA,CCNP)
- Working knowledge of service management tools Assyst/ Service Now
- Experience in a Managed Security Service Provider or Multi Tenanted service