Description
Oxford Nanopore:
Oxford Nanopore has developed a new generation of nanopore-based sensing technology for faster, information-rich, accessible and affordable molecular analysis. The technology is used to understand and characterise the biology of humans, animals, plants, bacteria, viruses, and diseases such as cancer. By enabling biological insights, we strive to improve life on Earth and beyond.
We are looking for an experienced individual to join our Information Security team as an information Security Analyst in a fast-paced organisation.
The Role:
The Information Security (InfoSec) Analyst is responsible for identifying and delivering security improvements under the guidance of the Head of Information Security, and designs configuration and process improvements to enhance the security of Oxford Nanopore's information systems.
The InfoSec Analyst will work closely with the Managed Security Operations Centre (MSOC) to help protect ONT and its information and respond in a timely manner to cyber threats.
The role will work with the embedded security tools including Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), User Entity and behaviour Analytics (UEBA), Secure Web Gateway (SWG), Data Loss Prevention (DLP), email filtering, and vulnerability scanning tools, following defined processes and making suggestions for improvements as the role progresses.
In addition, the role will support the GRC activities to maintain ONT's ISO 27001 certification, which could include auditing, risk reviews, tabletop exercises, and user awareness, depending on experience.
The InfoSec Analyst role plays a key park of the information security response capabilities, reducing the cybersecurity risk to the business by improving the accuracy and speed of detection, containment, and response capabilities. The InfoSec Analyst will also support the compliance activities of the ISMS.
Key Responsibilities:
* Assess threats and vulnerabilities across Oxford Nanopore's IT estate and help improve detection capabilities.
* Work with the MSOC to support the Incident Response Process, including incident triage, identifying false positives, and suggesting SIEM alert tuning.
* Work with third parties to securely configure the platforms contributing to Oxford Nanopore's security stack: EDR, SIEM/SOAR, SWG, DLP and vulnerability management.
* Work alongside IT teams to ensure secure practices and changes, and implementation of secure builds in accordance with the InfoSec policies and standards.
* Internal and external stakeholder management of multiple security vendors.
* Produce regular reports and provide security metrics to support decision making.
* Conduct risk assessments as directed by the Head of Information Security.
* Support the ongoing delivery of user awareness and training including regular phishing simulation to ONT staff.
You might be a good fit if you have:
* A proactive approach and can demonstrate taking ownership of and responsibility for resolving issues and delivering improvements.
* An enthusiasm for self-learning and continually expanding one's knowledge and skills.
* High attention to detail with excellent organisational and planning skills.
* Excellent communication and interpersonal skills.
* Demonstrable understanding of Information Security principles and best practices.
* Experience and knowledge of security frameworks and standards such as ISO27001.
* Experience conducting risk assessments, business impact analysis, or control selection.
Preferred Skills and Experience:
* ISO 27001 Lead auditor or Lead implementor.
* Understanding of NIST cyber security framework.
* Understanding of MITRE attack framework.
* Cybersecurity qualification such as a L4 apprenticeship or Security+ (CompTIA).
* Previous experience in a similar role such as technician, analyst, or specialist.
#LI-MO1
#LI-hybrid