Information security Consultant
Posted on Jul 4, 2019 by CV-Library
You will be responsible for Information Security, risk and asset ownership of relevant security solutions.
To be successful in your application, we are looking for demonstrable experience in the following areas;
* Vulnerability scanner such as Nessus, Security Centre, Tenable.io, Nipper Studio
* Certificate management
* Vulnerability management
* Antivirus/malware management
* Patch Management/WSUS
* Ethical Hacking/Penetration testing
* Cisco/Checkpoint/Fortigate Security devices
More specifically your key accountabilities will be to;
* Articulate technically accurate security information at the appropriate level to business owners, stakeholders and Security Team.
* Be a point of contact for the customers and internal stakeholders for any security related incidents, taking a lead on any remedial actions following a security compromise.
* Provide advice and guidance on mitigating controls to prevent security incidents from re-occurring.
* Undertake root cause analysis to identify underlying security related problems, prevent reoccurrence.
* Take a lead on the analysis of proactive Security Intelligence, working with technology Subject Matter Experts as necessary to determine impact, risk and probability in the context of the affected system and environment. Such intelligence could include, Security advisories from vendors, Outputs from Health checks, Output from vulnerability scans
* Act as the security authority in regard to all aspects of products and services from initial design oversight to End of Life.
* Liaise with Standards and Compliance team and the Portfolio team regarding general security improvement requirements.
* Contribute to the development and maintenance of testing scripts, policies and standards in line with the overall security strategy, and to contribute to the ongoing development of processes, helping to develop a culture of continuous improvement
* Carry out or assist in the periodic IT Health Checks and Vulnerability Scans and ensure reports are maintained in a secure manner for audit purposes. Subsequently own and maintain the Corrective Action Plan(s) as a result of security audits and ensure actions are remediated in a timely manner.
* Report any defects that may have an impact on the security of all aspects of products and services and make recommendations for improvement.
* Support and maintain all aspects of the Information Security technical controls including Anti-Virus, anti-malware, Firewalls, IDS/IPS, FIM and any other preventative security measures of products and services.
* Support Operational teams in the analysis of SIEM, IPS/IDS, Firewall alarms, working with technology Subject Matter Experts as necessary to determine impact and risk of identified issues and information, in the context of the affected system and environment.
* Work closely with Resolver Groups to ensure that appropriate resource is deployed to resolve vulnerabilities, and to formally document any corrective actions are taken.
* Process and analyse data provided by the various security monitoring systems and provide monthly reports to the Information Security Manager on the status of those systems and the overall security posture.
* Assess and advise on security implications of Change Requests. Advise of any changes that may have implications for accreditations such as ISO27001, PSN and PCI/DSS.
* Maintain and review security related processes and procedures including (where appropriate) RMADS (Risk Management Accreditation Document Set) or other compliance related documentation.
* Assist in the development and maintaining of Business Continuity Plans and Disaster Recovery Plans.
* Ensure security risk assessments are completed for each individual or group of assets, reviewed at least annually and associated RTP’s are actioned.
* Ensure assets are Inventoried, appropriately classified and protected and risk assessed
£400 - £450 Daily
£48k - £48k Annual
£90k - £100k Annual
£50k - £70k Annual