Job summary
The Cyber Security Analyst is responsible for the identification and handling of threats, both internal and external, to the security of Provide and Provide group companies. The Cyber Security Analyst will be expected to research and identify cutting edge techniques and technologies which will strengthen the organisation's cyber security position.
The Cyber Security Analyst will work closely with the Technology Security and Cloud Lead and Director of IT & Systems to ensure all areas of the Environment are maintained and developed to high standards, security is of the highest priority and part of the role will be to analyse gaps, recommend and implement improvements.
A strong knowledge of security hardening techniques, exploit mitigation and security incident management is essential and will be utilised when planning upcoming projects and BAU activities.
Main duties of the job
* Provide strategic and technical expertise to design, implement, and manage advanced cybersecurity solutions.
* Analyse security events and investigate security alerts, resolving or escalating appropriately.
* Document security incidents, identifying process and tooling improvements.
* Conduct security assessments through vulnerability testing and risk analysis.
* Perform root-cause analysis of security breaches.
* Develop and refine incident response playbooks.
* Utilise threat intelligence to identify attack scale, type, and affected systems.
* Act as primary contact for logging and managing security incidents and events.
* Assist with internal and external audits, preparing required information.
* Create and maintain security procedure manuals.
* Promote cybersecurity awareness across the organisation.
* Stay informed about legal, regulatory, and technological cybersecurity developments.
* Communicate complex technical issues clearly to technical and non-technical stakeholders.
* Use diplomacy and negotiation skills when agreeing priorities with senior management and suppliers.
* Deliver technical presentations and training on cybersecurity topics.
* Independently plan workload, make decisions, and implement improvements within organisational policies.
* Act as lead specialist, resolving complex cybersecurity problems autonomously.
* Assist with induction and professional development of junior team members.
* Allocate tasks and oversee junior staff workload planning.
About us
Provide is a Community Interest Company (social enterprise). We deliver a broad range of health and social care services in the community, and are committed to making sure that they are safe, responsive and of high quality. Provide is owned by its employees and has primarily social objectives. Any profits we make are reinvested into the local community or back into delivering services.
We work from a variety of community settings, such as community hospitals, community clinics, schools, nursing homes and primary care settings, as well as within people's homes to provide more than 40 services to children, families and adults across Essex, Dorset, East Anglia and the North of England.
A highly respected, award winning health and social care provider. We expect our staff to demonstrate and uphold our values at all times:
Vision:Transforming Lives
Values:Care, Innovation and Compassion
Mission:An ambitious, employee owned social enterprise, growing in size and influence. We transform lives by treating, caring and educating people.
Provide is an equal opportunity employer committed to building a team that represents a variety of backgrounds, perspectives and skills, proud to have LGBT+, Ethnic Minority and Men's Networks.
We welcome applicants from underrepresented groups. If you have the skills and experience for the job, please apply regardless of your background.
Person Specification
QUALIFICATIONS & EDUCATION
Essential
* Educated to Degree level (Alternatively significant level of experience working at a similar level in a specialist area. Plus, recognised qualification such as ECSA or equivalent cyber security experience. Evidence of professional and/or personal development.
Desirable
* ITIL foundation certificate or higher
* Obtained or working towards any of the below or equivalent: CEH CISM CISSP OSCP CASP+
WORK RELATED KNOWLEDGE & EXPERIENCE
Essential
* Understanding of vulnerability management and related management tools.
* Good knowledge of OWASP top 10
* Understanding of penetration testing methodology and related tools and techniques
* Ability to perform web application vulnerability assessments
* Understanding of server, client and network technologies.
* Understanding of attacker techniques, from post-exploitation to full system compromise and lateral movement.
* Understanding of defender techniques.
* Ability to perform internal security assessments.
* Network Threat Protection and response / reporting.
* PowerShell scripting
* Azure and AWS administration
* M365 administration and security
* Good knowledge of firewalls and networking
Desirable
* Familiar with Kali OS
* Familiar with Linux based OS's
* Experience with Bloodhound, Sharphound, NMAP and other security tools.
* Experience with log management and SIEM
* Experience of threat hunting
* Experience creating security assessment reports and documentation.
* Incident response reporting experience
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Certificate of Sponsorship
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. #J-18808-Ljbffr