Security Analyst (Operations) - Solihull, B90 8BG
Make a Home at Taylor Wimpey
At Taylor Wimpey, we don’t just build houses; we build futures. Not just for the people who live in our homes, but for our own people too. When we bring our collective skills together, we make amazing things happen - for ourselves, for each other and for our customers. There are incredible opportunities on your doorstep, and we want you to discover them all.
With 22 regional offices across the UK and operations in Spain, we bring our vision to life locally. Here, you’ll be given the tools to develop your skills and the freedom to explore new avenues. Share your ideas, experience a no-blame culture, and shape your work around your life.
Every single one of us plays a vital role in bringing to life incredible places and spaces, where anyone can thrive. We believe in making a positive difference to our planet, as well as to people.
Home to work that matters, and you can be a part of it.
Job Summary
As a security analyst you will be responsible for analyzing, maintaining and implementing the Cyber Security requirements of Taylor Wimpey. This specific role will have a focus on ensuring that TW implement and maintain good and recommended security practices on all our live services, with a special focus on Microsoft services. You will be responsible for both monitoring and reporting upon the threat status of Taylor Wimpey. You will be working within a cyber security team and may be expected to undertake a wide variety of functions to help deliver a secure environment. You will be expected to digest, summarise and provide recommendations based upon a range of security information from a range of third parties.
Primary Responsibilities
* Review and ensure the Taylor Wimpey security standards and best security practices are being utilised across all existing infrastructure and application services
* Self-sufficient in developing skills and knowledge in understanding how to protect against new security TTPs as identified
* Review and analyse data provided from Microsoft Defender and Sentinel system
* Review, test and raise changes to meet Microsoft recommended security enhancements, and track their delivery
* Monitor and track new advice on the security services and products in use within the Taylor Wimpey estate
* Raise and ensure implementation of new security practices, or security improvements, in existing infrastructure services, and systems, primarily Microsoft
* Reviewing and managing the current best security practices for a variety of systems, including:
o Microsoft O/S
o SQL database
o M365
+ O365
+ Power BI
+ Dynamics
+ Power Apps
o Azure Cloud environment
o Active Directory
o Third party SaaS providers
o Application vendors
o Network Security
o Identity management and control
o A wide range of onsite systems and applications
* Ensuring best security practices are reviewed as soon as released and recommendations provided to TW where appropriate
* Ability to pragmatically recommend and prioritise required implementation effort based upon Taylor Wimpey risk appetite
* Ensure TW maintain currency with security best practice and configuration recommendations for a variety of systems
* Provide recommendations on improvements to security environments, including detailed configuration setups
* Develop and manage a roadmap of work to ensure new advice and risks are managed within the current infrastructure
* Preferred, not essential, skills to program using Power Bi and Power apps (using a range of inputs and logs) to ensure system security information is analysed effectively and appropriate messages are identified to assist Taylor Wimpey management to make effective risk and resource decisions.
* Engage with (external and internal) support teams to ensure remediation plans are created for any identified risks (or risks are accepted)
* Ensuring security architectures implemented fully by existing systems, and deliver all the security requirements defined within the Taylor Wimpey ISMS and best practices
* Identify and develop appropriate means of investigation to ensure risks are identified
* Researching and evaluating new security products and solutions, and recommending them to improve the organization’s security posture
* Participating in incident response and recovery activities, such as investigating breaches, containing attacks, restoring systems, etc
* Generating reports and dashboards to communicate the status and performance of security environment to stakeholders
* Articulate and raise risks where required
* Collaborate with support Service Providers, IT and business stakeholders
* Analyze general industry standards to ensure compliance within TW appropriate to the risk appetite of TW, these include:
o NCSC
o CISA recommendations
o ISF SOGP changes
o CE + demands
o ISO 27001
o NIST
Experience, Qualifications, Technical Requirements
* Previous operational cyber security industry experience – 3 years minimum.
* Demonstrable experience of working in a cybersecurity operations role
* Self motivated and able to work autonomously
* Knowledge of Cyber Security Risk Management
* Power BI Skills
* Power Apps Skills
* Formal Security qualifications an advantage – ie CISM or equivalent
* Microsoft security configuration experience and expertise
* Security administration on critical systems, such as Microsoft
* Ability to work with various levels of management and SMEs
* Proven track record in undertaking security operations within complex organisational environments
* Proficiency in security assessment tools and methodologies
* Ability to assess complex security issues, developing metrics and providing effective solutions
* Understanding of key business and IT trends which may influence future strategies
What we offer at Taylor Wimpey
At Taylor Wimpey, we are committed to enabling you to make a home with us. Our work is not just about building homes; it's about doing work that matters, making a positive impact on the lives of our customers and the communities we serve.
We enjoy many benefits as standard, including excellent retail discounts, company funded life insurance and private healthcare, and access to a quality pension scheme with company contributions. We also offer our discounted house purchase scheme, car leasing scheme and share plans, as well as the opportunity to tailor your benefit package to suit your needs with options such as buying extra annual leave or adding dependants to your benefit cover. Our total reward offer works perfectly with our culture, we are a welcoming community where everyone can feel at home.
We create a home to your future by providing opportunities for growth and development. We offer industry leading professional training and development, which supports you to unlock your potential and fulfil your career and personal goals in a variety of opportunities and environments. We look to develop our people in the skills and areas they are most interested in, leveraging your qualities and appreciating your unique competencies, skills and expertise that, when we come together, make this a great place to work.
If you want to do work that matters and build a career that lasts, make a home at Taylor Wimpey.
Inclusivity Statement
As a proud Disability Confident Employer, Taylor Wimpey is committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us during the application process that they have a disability and meet the minimum requirements for the role. Join us in building a truly diverse and empowered team.
Internal Applicants:
Please inform your line manager if you wish to apply for this role.