At Brodies LLP, we value and respect all colleagues as individuals. As a UK law firm headquartered in Scotland, we believe that the experiences and perspectives of a diverse workforce that reflects our communities, and the clients we serve, allows us to see the world through many lenses.
As the largest firm in our jurisdiction measured by income, directory rankings, and lawyer numbers, the progress we continue to make is testament to the commitment of our colleagues.
In the last three years, our firm's revenue has grown by 20%, and we have welcomed almost 100 new colleagues. Today, we have more than 800 colleagues and offices in Aberdeen, Edinburgh, Glasgow, Inverness, London, Abu Dhabi and Brussels.
JOB TITLE
Cyber Security Analyst
LOCATION
Location for this role is flexible; however, presence will be required in our offices on occasion.
REPORTING TO
Infrastructure Manager
JOB PURPOSE
A member of the Infrastructure Team within the Innovation & Technology department, the Cyber Security Analyst's role assists the Infrastructure team in ensuring the stable operation of the in-house systems and infrastructure, with a focus on security. The role is responsible for evaluating threats and risks to the firm's technology infrastructure and investigating and responding to security alerts provided by systems such as Arctic Wolf, Darktrace, BitSight, Silverfort, Varonis and DMARC. The Cyber Security Analyst will primarily work on security-related matters and help prepare for compliance audits such as Cyber Essentials Plus and ISO 27001 and respond to audits and testing. The role is responsible for the ongoing maintenance of security systems and monitoring the security landscape and the firm's cyber security posture.
CORE TASKS
1. Administer security solutions, including firewall, anti-virus, SCCM/In-tune, intrusion detection systems, SIEM and network monitoring tools.
2. Monitor and investigate alerts from security solutions and mitigate/treat risks including configuration recommendations arising from penetration and vulnerability testing of systems.
3. Monitor the security of the network using a variety of network and cyber security tools, and work with vendors to troubleshoot cyber security incidents.
4. Work with the Infrastructure team in the secure administration of network hardware and equipment, including routers, switches, hubs, and other systems as required.
5. Work with Business Assurance colleagues to ensure Brodies continuously improves its Cyber and Information Security posture and complies with internal and external audits and standards.
6. Assist with Disaster Recovery and Incident Response processes.
7. Assist with the maintenance of policies and procedures documentation.
8. Support the maintenance of Brodies' Information Security defences and certifications.
9. Work with internal and external auditors as required and on preparation for audit visits.
10. Investigate security alerts from the various information security systems, assess risk, triage and resolve problems, and complete incident reports.
11. Work with the Infrastructure Manager on project work as required and coordinate security projects from kick-off to completion.
12. Be aware of Brodies' information security policies, and protect information assets from unauthorised access, disclosure, modification, destruction or interference at all times.
PERSON SPECIFICATION
1. To be successful in this role, you will be comfortable collaborating with technical and non-technical colleagues alike and managing the demands of key stakeholders.
2. You will have great communication skills, both written and verbal, and will use them to build relationships with others.
3. You will relish the opportunity to effect change and be a keen problem solver with the ability to consider various viewpoints and business needs.
4. You will be able to work as part of a team and individually, proactively identifying what is required and managing your workload.
5. You will have a good understanding of offensive and defensive techniques, and an awareness of frameworks such as OWASP, Cyber Essentials Plus and ISO27001.
6. Previous experience in Infrastructure, Network or Security or similar roles is preferred.
7. Certification in networking technologies and/or information security is desirable (e.g., CISSP, CEH, CompTIA).
8. Legal or professional services experience is desirable but not essential.
SKILLS
1. Able to research problems and translate requirements into solutions.
2. Proven problem solving and troubleshooting abilities.
3. Able to effectively prioritise and execute tasks in a fast-paced environment.
4. Confident communicator at all levels.
5. Able to prioritise, manage competing priorities and manage change with ease.
#J-18808-Ljbffr