Information Security Analyst – Level 3 CTM/OES

Company Description

Telefónica Tech is a leading provider of innovative tech services for the B2B market with a worldwide presence and strategic hubs in Spain, Brazil, UK and Germany. The company helps leading brands and organisations across the UK and Ireland unlock the power of integrated technology for all businesses, bringing together in one place a unique combination of, the best people, with the best tech and the best platforms in a simplified manner, to make a real difference to every business, every day.

We have an end-to-end portfolio of market leading services and develops integrated technology solutions to accelerate tech adoption through its two core divisions of Tech Cyber security & Cloud and Tech Intelligence of Things. The company has a diverse, highly trained and globally located talent pool of over 2000 employees and serves more than 5.5m customers every day with a service reach in 175 countries. Its dynamic partner ecosystem includes over 300 cutting edge businesses, as well as strategic agreements with all market leaders. 

Job Description

This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment.

You will be responsible for conducting diverse cyber security tasks to make sure that our clients are secure and compliant to various EU/UK security regulations.  

This is a technical, hands-on role, and the successful candidate will be responsible for (but not limited to) following:

• Conducting Cyber Threat Modelling (CTM) exercises
• NIS/NIS2 assessments and Remediation
• Security Gap assessments and Remediation
• Cyber Risk Management
• Third Party Risk Management
• Threat and Vulnerability Management
• Incident Response and Management

Qualifications

Skills & Experience:

• Extensive experience in planning and executing CTM exercises for on-prem as well cloud-hosted applications or environments.
• Experience with CTM frameworks like STRIDE, PASTA, MITRE ATT&CK etc.
• Experience in conducting assessments against common security standards like ISO27001, NIST CSF, NIST 800-53, CIS benchmarks etc.
• Experience in assessing, documenting and managing cyber risk, including third-party risk.
• Experience in driving remediation efforts and implementing technical controls to address security gaps from various audits and penetration tests.
• In depth understanding of security requirements around EU as well as UK NIS/NIS2 directives, and other relevant security regulations.
• In-depth understanding of general security principles.
• In-depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner.
• Excellent communication, reporting and presentation skills.
• Ability to plan, prioritise, be proactive and manage own workload.
• Understand up-to-date security threats and common exploits.
• Have an open attitude to sharing knowledge and information.
• Excellent analytical and problem-solving skills.
• Desire to learn new technologies.
• A motivated attitude to learn and challenge comfort zone.
• To keep up to date with the latest security and technology developments.

Desirable

• Cyber Security certification (e.g. CISSP, CISM, CRISC etc.) or equivalent.

Additional Information

• Must have the right to live and work in the UK or Ireland.
• Must meet Security Clearance requirements if this is a requirement of the role. All employees working on secure or sensitive contracts may be required to undergo additional vetting such as SC or NPPV clearance depending on business requirements. Any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check.
• Due to our location, access to own transport is essential.

We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.