IT Security Analyst

Location: Hybrid – Oxford, London, or Brussels

On-call availability may be required in the event of critical incidents.

We're looking for an IT Security Analyst to join our growing IT team. This role will play a critical part in strengthening the firm’s cyber resilience, ensuring the protection of our systems, networks, and data in line with regulatory standards and best practice.

The successful candidate will work closely with our external Security Operations Centre (SOC) and SIEM provider to monitor activity, assess threats, and lead on the response to security incidents. This is a hands-on position requiring strong technical knowledge, good communication skills, and a strategic mindset to support and enhance the firm’s wider security framework.

Key Responsibilities

Security Strategy and Compliance

• Develop, maintain, and enforce IT security policies and procedures.
• Implement security frameworks (currently Cyber Essentials Plus), tailoring them to Oxera’s environment.
• Conduct risk assessments, identify vulnerabilities, and recommend mitigation strategies.
• Remain informed about emerging threats, technologies, and regulatory developments.

Monitoring and Incident Response

• Collaborate with our external SOC/SIEM service to monitor systems and investigate anomalies.
• Lead the response to security incidents, including root cause analysis and remediation.
• Produce incident reports and support regular testing of response protocols.
• Conduct vulnerability assessments and penetration testing, and follow through on remediation.

Training and Awareness

• Deliver security awareness initiatives and training for staff.
• Provide guidance on secure practices and promote a culture of cybersecurity throughout the firm.

Technology and Tools

• Evaluate, implement, and support key security tools (e.g., IDS/IPS, endpoint protection, patch management).
• Ensure consistent application of system updates and patches.
• Audit and optimise the performance of automated patching and MDM solutions.

Collaboration

• Liaise with internal teams and external partners to ensure alignment of security practices with business goals.
• Serve as the primary contact for security-related issues, escalating when necessary.

Candidate Profile

Essential Requirements

• Demonstrable experience in IT roles with a progressive focus on cybersecurity.
• Strong understanding of cybersecurity principles, technologies, and standards.
• Experience with security frameworks, compliance, and vendor management.
• Clear interest and foundational knowledge in cybersecurity, demonstrated through self-study or relevant projects.
• Excellent written and verbal communication skills, with the ability to explain technical matters to non-specialists.

Desirable Qualifications

• Industry certifications (e.g., CompTIA Security+, CEH).
• Degree in Computer Science, IT, or a related discipline (or equivalent experience).
• Familiarity with cloud platforms (e.g., AWS, Azure) and associated security practices.
• Experience with Microsoft Sentinel, DUO MFA, Meraki MDM, and ZENWorks.
• Understanding of the Cyber Essentials Plus accreditation process.
• Strong analytical and decision-making skills.

Performance Indicators

• Reduction in the number and severity of security incidents.
• High levels of engagement in security training across the firm.
• Timely and consistent application of security updates and patches.