Information Security Analyst – Level 3

This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment.

You will be responsible for conducting diverse cyber security tasks to make sure that our clients are secure and compliant to various EU/UK security regulations.  

This is a technical, hands-on role, and the successful candidate will be responsible for (but not limited to) following:

• Conducting Cyber Threat Modelling (CTM) exercises
• NIS/NIS2 assessments and Remediation
• Security Gap assessments and Remediation
• Cyber Risk Management
• Third Party Risk Management
• Threat and Vulnerability Management
• Incident Response and Management

Skills & Experience:

• Extensive experience in planning and executing CTM exercises for on-prem as well cloud-hosted applications or environments.
• Experience with CTM frameworks like STRIDE, PASTA, MITRE ATT&CK etc.
• Experience in conducting assessments against common security standards like ISO27001, NIST CSF, NIST 800-53, CIS benchmarks etc.
• Experience in assessing, documenting and managing cyber risk, including third-party risk.
• Experience in driving remediation efforts and implementing technical controls to address security gaps from various audits and penetration tests.
• In depth understanding of security requirements around EU as well as UK NIS/NIS2 directives, and other relevant security regulations.
• In-depth understanding of general security principles.
• In-depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner.
• Excellent communication, reporting and presentation skills.
• Ability to plan, prioritise, be proactive and manage own workload.
• Understand up-to-date security threats and common exploits.
• Have an open attitude to sharing knowledge and information.
• Excellent analytical and problem-solving skills.
• Desire to learn new technologies.
• A motivated attitude to learn and challenge comfort zone.
• To keep up to date with the latest security and technology developments.

Desirable

• Cyber Security certification (e.g. CISSP, CISM, CRISC etc.) or equivalent.

• Must have the right to live and work in the UK or Ireland.
• Must meet Security Clearance requirements if this is a requirement of the role. All employees working on secure or sensitive contracts may be required to undergo additional vetting such as SC or NPPV clearance depending on business requirements. Any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check.
• Due to our location, access to own transport is essential.
• This role requires participation in 24/7 On-call, which operates on a rotational basis.

At Telefónica Tech, we believe inclusion is the bridge that empowers everyone to be their authentic selves. We celebrate and respect our differences because diversity drives innovation and makes us stronger.
 
Be yourself with us, and feel that you belong. 

We welcome applicants from all backgrounds and identities regardless of age, disability, gender reassignment, marital or civil partnership status, pregnancy or maternity, race, religion or belief, sex, and sexual orientation. 
 
We are also committed to equity, accessible hiring practices, and creating an inclusive culture through many means including TogetHer (Women's network) and our Employee Resource Groups which include Diversity and Inclusion, Telefónica Tech Pride, Neurodiversity, ELEVATE (African and Caribbean heritage network), and Sustainability.

 We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.