IT Systems and Security Analyst

Location:
Biggin Hill
Function:
Engineering & Technical
Department:
IT
About The Role
The IT Department is currently looking for a Systems and Security Analyst. Reporting to the IT Systems Manager, this role will have responsibility for:
 
  • Administration and maintenance of the IT systems located on-premise and within Formula 1’s data centres
  • Administration and maintenance of all Virtualised platforms and cloud based environments
  • Provide the leadership, management and practical implementation of patch management to all server based operating systems and applications across the infrastructure
  • Installation and administration of security measures and applications to protect systems, infrastructure and data
  • Provide and maintain a secure IT operating environment for the business
  • Investigate and document security issues, incidents or breaches, participate as part of an incident management team
  • Work alongside the Information Security team to perform tests and identify system vulnerabilities
  • Fix detected vulnerabilities to maintain a secure IT infrastructure
  • Stay current on IT security trends, security advances and security standards, implement fixes based on current security threats and trends
  • Design and run annual business continuity testing in collaboration with the organisation
  • Liaise with internal teams and vendors to specifying and procure security and compliance hardware/software
  • To have a good knowledge of all regulations and frameworks affecting the company - such as PCI-DSS, GDPR, SOX, ISO 27001 etc
  • When required to, work outside of core business hours to reduce impact on users / downtime
  • Act as an ambassador and advocate for all Information Security matters
  • Research security enhancements and make recommendations to management
  • Participate in projects and make recommendations for Information Security improvements
  • Share knowledge and experience with team members in a manner that enhances the overall performance and knowledge of the team
  • Monitor internal and external policy compliance, report and make recommendations as necessary
  • Work with different departments within the organisation to reduce risk, design technical controls and policies
  • Ensure business practices and policies are followed from a security and compliance perspective
  • Ensure cyber security awareness throughout the organisation
  • Prepare and produce annual budgets related to security and compliance for inclusion into the overall IT budgetary cycle
  • Produce reports as required and directed
 
About You
Essential Criteria:
 
  • HND or Degree in a computer science or relevant training & experience
  • At least 5 years’ IT experience with at least 2 years’ server administrative experience
  • Scripting tools such as PowerShell
  • Commissioned Microsoft Windows Servers, Active Directory and Group Policies
  • Practical use of Microsoft SCCM and/or additional patch management tools
  • Practical use of SCOM and/or other system monitoring tools
  • Microsoft Exchange and email management products such as Mimecast, Proofpoint
  • Practical use of Virtual Machines using hypervisors such as Hyper-V or VMware
  • Practical experience on commissioning or using SIEM or Vulnerability Management tools such as Splunk, LogRhythm, Rapid7 etc
  • Anti Virus server deployment and client management, such as McAfee, Trend, Eset
  • Ability to identify and mitigate system and network vulnerabilities
  • Sound network knowledge; switching, routing, VLAN’s / Subnets etc
  • Understanding of IDP/IPS systems and there operational effectiveness
  • Ability to cope under pressure, particularly in real-time scenarios
  • Good verbal and written communication
  • Dedicated and dependable
  • Adaptable and flexible
  • High level of integrity
  • Self-motivated and organised
  • Pro-active with a can-do attitude
 
Desirable Criteria:
 
  • (ISC)2 CISSP Certification
  • Microsoft Certification (MCSE) - Core Infrastructure
  • AWS/Azure Cloud Certification
  • Compliance, regulatory requirements and standards such as PCI-DSS, GDPR, SOX.
  • Knowledge of common information security management frameworks, such as ISO 27001, and NIST CyberSecurity Framework
  • Experience in running Internal vulnerability scanning
  • Microsoft SQL or Other relational Database Servers
  • Storage and Backup Technologies