Title:                                          Security Analyst

Department:                           Research

Reports to:                              Chief Intelligence Officer

Location:                                  UK/US or Remote

Position Code:                        SA122017-1 / SA122017-2
 
Description:

The Security Analyst is responsible for analysing data and creating and delivering reports on infrastructure insight services and operatively-sourced threat intelligence from the SiO4 research team. This position will interface with cross-functional teams that deliver targeted and widespread threat intelligence and infrastructure insight services. This role is expected to stay up-to-date on the latest IT infrastructure technologies (perimeter and internal IT networks, IoT, SCADA and other pertinent IT assets) and threat intelligence, including hackers' methodologies, in order to deliver clear and concise reporting of infrastructure analysis and anticipated cyber security threats.
 
Responsibilities:
 
  • Monitor, identify, and analyze security risks from research team to determine their impact on and relevance to customers.
  • Analyze data, and create reports with conclusions, recommendations and other bespoke options with the research team and present them to the customer.
  • Assess validity and capability of risks and corrective recommendations.
  • Synthesize data and findings with general trend research to provide threat/risk context for stakeholders.
  • Research, quantify, categorise and communicate assessments of a variety of risks affecting the customer to include but not limited to: 1) physical security and safety; 2) economic and business risk including social engineering; 3) risk associated with cyber related and information security threats.
  • Draft and disseminate professionally written products to internal and external stakeholders 
  • Assist and/or update customer’s IT infrastructure and threat intelligence plans and assist them in potential corrective measures plan and related policies and procedures.
  • Maintain, perform and update the customer’s cyber security and IT risk assessment process and reporting to include tracking and management of any new intelligence and/or follow-up action items or process updates as required.
  • Communicate effectively and tactfully with diverse groups of individuals at all levels of the customer’s organisation.
 
Requirements:

  • Demonstrates high degree of professionalism in communication, attitude and teamwork with customers, peers and management.
  • Demonstrates high level of quality work.
  • Understands and complies with all company rules and regulations. 
  • Attends training and maintains a basic knowledge of procedures to ensure compliance with laws and regulations with an emphasis on GDPR, Information Security, Identity Theft, Information Technology and GLBA. 
  • BS in Computer Science or Information Systems or 3-7 years equivalent experience is desired. 
  • 3-5 years of experience in an information security role, preferably with cyber security company or private sector IT security role. 
  • Understanding of Data Security Standards and information security frameworks. 
  • Experience in performing information security risk assessments. 
  • Strong foundation in and in-depth technical knowledge of security engineering, computer and network security, authentication, and security controls. 
  • Strong understanding of most of the following common security compliance frameworks, controls, and best practices: OWASP Top 10, SANS, NIST. 
  • Critical Security Controls, regulations governing personally identifiable information (PII). 
  • In-depth understanding of network and system security technology and practices across all major-computing areas. 
  • Experience creating and updating relevant security policies and risk assessment documentation. 
  • Preferred but not required, managing, documenting and coordinating testing of Business Continuity and Disaster Recovery Plans. 

Education:

  • BSc in Computer Science or Information Security Systems or 3-7 years equivalent experience is desired.

Miscellaneous:

  • Fluent in English both oral as well as written language