Security Analyst

About the Role:

Working as part of the Security Incident Response Team the Security Analyst will be responsible for responding to and investigating events generated by our security controls. You will ensure that Security Incidents are promptly identified contained and eradicated working closely with IT our security partners and the wider business to do so.

The successful candidate will be monitoring our SIEM and other security controls to identify potential threats and then use all of the controls and resources at their disposal to determine what steps need to be taken to contain and eradicate confirmed threats. Where necessary you will ensure that any forensic evidence is correctly captured and stored in case it is required for future reference. Following an incident you will work with other teams involved to identify opportunities to improve our controls and processes making recommendations for addressing any lessons learned and implement where appropriate.

The role involves participating in a shift and call out rota to help ensure our environment is monitored and supported on a 24x7 basis.

Key Responsibilities

• Continuously monitor Nexts technical security controls in order to promptly identify and investigate potential threats.
• Respond to Security Incidents ensuring prompt containment and recovery.
• Carry out forensic investigations following security incidents.
• Ensure all investigations and incidents are accurately logged and managed in our ITSM tool.
• Participate in lessons learned meetings and make recommendations for improvements to controls or processes ensuring these are implemented where agreed.
• Liaise with other IT Teams business areas and 3rd Parties to aid in incident investigations and response.
• Ensure continuous awareness of new and emerging threats and understand the TTPs and their relevance to the Next environment.
• Identify false positives and tuning requirements for security controls and work with the Security Engineering team to implement improvements.
• Work with our Security Engineering and Vulnerability & Threat Management Team to test our controls and processes in order to proactively identify opportunities for improvement.
• Maintain operational procedures and technical documentation.
• Manage and maintain metrics and reporting to ensure the security threats and trends impacting our business are understood.

About you:

Essential

• Proven Information Technology experience with a good understanding of network protocols and server infrastructure.
• Windows Server and/or Linux experience.
• Strong analytical and troubleshooting skills.
• Understanding of Information Security including malware emerging threats attacks and vulnerability management.
• A team player who is hardworking and self-motivated.
• Excellent attention to detail.
• Ability to remain calm under pressure and clearly communicate to all levels of management.

Desirable

• Relevant industry recognised security qualification (i.e CySA Security).
• Experience with security or compliance standards such as PCI-DSS or ISO27001.
• Understanding and experience of working for a Retail company.
• Experience with Regex Scripting
• Experience working in a Security Operations Centre.
• Experience working in an Infrastructure or Network Operations Centre
• Experience installing configuring and maintaining common security tools such as EDR IDS/IPS SIEM SOAR
• Digital Forensics experience.

#LI-LE1 #LI-Hybrid