Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
IT Security Specialist
Company GfK
Location London, UK
Preferred GIAC Certifications GSEC, GCIH, GCWN, GMON, GCCC
Travel 0%
Salary Not provided
URL Not provided
Contact Name Matthew Bullimore
Contact Email matthew.bullimore/at/gfk.com
Expires 2020-04-07

Job Description

GfK
Our world is changing fast. Consumers, users, and buyers are calling the shots. New things become possible every second. And more complicated, too.
Our clients are businesses around the globe. To make the best possible decisions every day, they need to really know what is going on, now and in the future.
We don't have a crystal ball, either. But we love data and science and we understand how to connect the two. We care about attention to detail and accuracy. We are digital engineers who build world-class research, powered by high technology.
Because people who know best lead the way. This is why GfK means Growth from Knowledge.

Background
This is an excellent opportunity for an enthusiastic focused IT Security Specialist with a desire for more responsibility and knowledge of technology and security operations.

Reporting to the IT Security Manager, the IT Security Specialist will work across the global organisation to act as an SME on security, lead or support multiple IT security technology initiatives with consultative skills to identify and design security controls that protect the availability, integrity, and confidentiality of information while enabling business growth.

The primary focus of the role is to introduce and maintain a specific set of technologies, designs and standard, acting as the gatekeeper and guiding the design to meet the overall objectives for the IT security domain.

This role will require liaising with Senior Business and IT key stakeholders, as well as Senior Leaders and other stakeholders such as the Data Protection Officer, Compliance Officer and Legal and Works Council representatives.

Key Responsibilities

Operational Security
• Manage and respond to tickets in the security queue
• Assist with or lead security incident response activities
• Attend Global Change Advisory Board and review proposed changes to identify gaps in controls or changes that introduce an unacceptable level of risk
• Assist training the SOC by demonstrating attack tool, creation of SIEM use cases, runbooks
• Support vulnerability management activities
• Respond to queries about the MDR service and agent eg performance, coverage, detection capabilities
• Perform configuration reviews of firewall, AV, web content filter & other security tools
• Perform Effectiveness reviews of technical security controls
• Audit of access control systems

Risk & Threat management
• Maintain expertise by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
• Keep an eye on the emerging threats and vulnerabilities to ensure that the organization’s security posture is kept up to date.
• Align standards, frameworks and security with overall business and technology strategy.
• Work with the IT and Information Security team to identify IT security risks and recommend remediation activities to reduce the risks to an acceptable level

Technology & security tools
• Act as an SME for security topics
• Participate in the review and creation of enterprise security documentation
• Assist or lead with security projects such as:
o System hardening
o Application whitelisting
o Vulnerability management
o Control of administrative rights
o Enhanced security incident response
o Access Management
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
• Design, build and implement enterprise-class security systems in an agile tech environment.
• Provide technical project management for IT Security technology projects.
• Design / adapt security solutions to mitigate threats as they emerge.
• Design / adapt solutions that balance business requirements with information and cyber security requirements.
• Work with the operational teams to ensure that all technology, systems and process controls are implemented, configured and maintained in accordance with security policies

Skills:
• Ability to think like a hacker
• Ability to work independently on defined tasks and can be relied upon to deliver high quality results
• Knowledge of industry security frameworks including Critical Security Controls for Effective Cyber Defense, ISO27001, NIST800-53
• Ability to quickly understand and adapt to a complex and rapidly changing environment
• Demonstrable problem solving, analytical skills and attention to detail
• Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
• Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
• Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
• Ability to work in a fast-paced environment with different international cultures.
• Experience in working in a team-oriented, collaborative environment
• Highly self-motivated, high achiever
• Good written and oral communication skills in English
• Delivering good customer service
• Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
• Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.

Technical Skills:
• Experience in installation, configuration and troubleshooting of tools such as firewalls, IPS, malware protection, web content filters, MFA, SIEM and vulnerability management
• Good knowledge of Microsoft Excel and ability to use pivot tables and VLOOKUP’s to manipulate large sets of data
• Good understanding of scripting (example power shell)
• Experience in auditing of security controls
• Technical IT knowledge and aptitude
• Strong understanding of enterprise-level information systems and technology architectures, expertise in network security, cryptography, virtualization, cloud security concerns.
• Technically aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models.
• Proven ability to provide technical project management on global IT Security projects.
• Some experience in cyber incident management including performing advanced diagnosis and remediation planning on security incidents
• Understanding of Privileges and Rights in Windows AD
• Expert level management of Linux, Windows, AD or Messaging systems

Experience:
• Minimum of 5 years’ experience of relevant IT experience, with at least 1 year exposure to security
• One or more of the following certificates would be beneficial:
o GIAC certification/SANS training, OSCP, CISSP, CISM, CISA, CRISC
• Enthusiastic about the security industry and driven to continue learning and developing new skills
• Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
• A working knowledge of both the operations and digital technology environment
• Working in an global enterprise environment
• Strong experience in working on several projects simultaneously, ability to deliver projects on-time
• Ability to travel, domestic or international, as required