Cyber Security Analyst

Division Description:
The Cyber Security operation's function is responsible for the day-to-day provision of enterprise cyber security services to support the business. These services include all aspects of Cyber Risk Management, implementation and maintenance of technical security controls, vulnerability and patch management and operate effective incident management and cyber investigations.

The department’s key objective is to ensure Insight Investment operates a safe, secure, and resilient IT environment that enables it to confidently go about its day-to-day activity.

Position Description:
The purpose of this role is to design new, mature existing and support the operation of cyber security controls and processes within Insight Investment in line with cyber security risks and the cyber security policies and standards. This includes Identity & Access Management (IAM), PAM security monitoring, cloud security, scheduled security checks, security monitoring working with the MSSP (SIEM and other), security incident management, pen-testing. vulnerability management and KRI/KPI reporting.

Role Responsibilities

• Developing a familiarity with new tools and best practices for security operations
• Defining, implementing and maintaining operational security processes
• Reviewing and maturing the Identity and Access Management process in line with industry best practice
• Reviewing incoming SOC requests/incidents
• Assisting in the investigation of SIEM alarms, reported by the MSSP and performing on call once a month
• Assisting in the operational support for the SIEM MSSP
• Helping to develop and fully document new SIEM use cases including how to respond to alarms
• Performing Cloud Security operations related checks
• Developing and maintaining operational Security KRIs/KPIs
• Maintaining technical documentation of operational security controls
• Providing 1/2nd line security incident response capabilities within the Insight SOC
• Creating schedules, writing up Pen-test findings from the report and following through mitigations/remediation plans
• Assisting in the development of new and changes to existing security policies and standards
• Supporting internal and external audits evidence gathering of cyber security
• Chairing Vulnerability management meetings and following through on reports and remediations with the tech teams. Performing risk analysis on when vulnerability management incidents
• Being integral to projects related to Security Operations
• Staying up to date with the latest threat intelligence and threat hunting methodologies to recommend improvements to current processes and security controls
• Performing DSAR requests


Experience Required

• 5 years+ experience in a SOC environment
• Strong communication and collaboration skills
• Fast high paced environment with the ability to work with strict timed deadlines
• Strong prioritisation and an ability to handle multi-tasking situations
• A positive and enthusiastic attitude to investigate and find solutions to security problems
• Hands on experience in the operation of security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, vulnerability management, etc.
• Technical working knowledge of security systems including:
- Network and application firewalls reviews and approvals
- IDS/IPS systems
- Web Proxies and Content Filtering
- Endpoint security including antivirus, host-based firewalls and execution control (Trend Micro an advantage)
- Authentication technologies (Active Directory)
- Network Access Management.
- Privilege Access Management (CyberArk would be an advantage)
- VMWare including VDI
- Vulnerability Management tools. (Qualys VMDR, CSAM and/or Asset management would be an advantage)
- Endpoint Detection Response (EDR)
- Pen-test write up and remediation
- Forensics investigations
- Cloud security in MS Azure
• Experience of participating in security incident response including identification, preservation and interpretation of computer evidence
• Familiarity with database and operating system security
• Threat hunting
• Defence in Depth techniques
• Previous experience working in a technical information security role with similar responsibilities to the above
• Experience in being a key stakeholder in projects with proof of concept
• Experience in being 2nd line incident responder when liaising with MSSP
• Experience in being on-call and escalate where necessary
• Security Certification (e.g. CISSP, SANS, CEH)

Advantageous (not essential)

• Cloud Secrets Management (Cloud Vaults / Key Management & Rotation / MFA / Passwords).
• Scripting tool such as Python etc.
• API Security


Insight is committed to being an inclusive employer and encourages applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief and sexual orientation.