Lead Security Operations Analyst

Full Time
Job Description

This role is responsible for the ongoing monitoring of all of the AA cybersecurity tools, leading the resolution of any IT security breaches and remediating any identified security risks. This provides the organisation with the focused and critical information it needs to confidently defend against cyber threats.

What will I be doing?

  • Overseeing the detection of vulnerabilities within the estate by ensuring appropriate scans are completed according to schedule for the defined in scope assets.
  • Interacting with managed security service providers where applicable as well as overseeing the reporting of identified vulnerabilities to relevant teams so that they can be remediated and tracked effectively, escalating non-compliance where appropriate.
  • Using vulnerability and remediation data to inform key security stakeholders of the status and improvement over time of the security
  • posture of the estate as well as determining, prioritising and monitoring a set of internal and external sources for current threat information.
  • Influencing the way that threats and vulnerabilities are managed to drive improvement of end-to-end security at the AA.
  • Expanding and maintaining an in-depth knowledge of principal cyber security threat actors and creating reports consumable by a variety of stakeholders across the organisation. Leading the prioritisation, validation, analysis and correlation of threat information to identify existing and emerging threats to The AA’s most critical assets, interacting with managed security service providers where applicable and also defining the process for communicating actionable threat intelligence to key stakeholders.
  • Lead continuous improvement activities to manage and measure security posture across the organisation, shaping metrics supporting the risk priorities decision making process.
  • Overseeing the identification of issues from operational IT security services, ensuring that risks are reported to Information Security and supporting in the co-ordination of remediation activities – You’ll be collaborating with Information Security by overseeing the delivery of metrics and risks to enable informed decision making.
  • Leading the maintenance of Security Operations processes, technology and service responsibilities.
  • Driving and supporting the application of the end-to-end security process.
  • Collaborating with IT Operations teams to ensure that requirements regarding tools and technology are communicated and understood.
  • Supporting and sometimes delivering the governance of Security Operations and operational IT teams in the wider organisation.
  • Drive governance of SecOps and operational IT teams in the wider organisation to ensure the security requirements of the business are being met.
  • Maintain visibility of performance, issues and areas for improvement across Security Operations to define the strategic direction in collaboration with the CISO.

What do I need?

  • Proven relevant experience in Security Operations
  • Strong knowledge of standard methods / systems for analysis and prioritisation of vulnerabilities e.g. CVE, CVSS
  • Understanding and practical application of cyber security standards and frameworks e.g. ISO27001, NIST, CIS, OWASP, SANS
  • Knowledge, understanding and application of cyberattack frameworks e.g. Cyber Kill Chain, MITRE ATT&CK matrix
  • Strong knowledge of attacker tools, tactics and techniques, including privilege escalation, persistence and lateral movement techniques, common malware and exploit tools and techniques
  • Knowledge of how to manage cyber security risks and issues within a large or complex organisation
  • Stakeholder management and interpersonal skills at both a technical and non-technical level
  • Ability to translate issues arising from security operations into risk
  • Extensive knowledge of security relevant data, including network protocols, ports, and common services such as TCP/IP protocols and application layer protocols (e.g. HTTP/S, DNS, FTP, SMTP, etc.)
  • Experience in building, developing and maintaining a Threat Intelligence and / or Vulnerability Management function
  • Previous experience with vulnerability scanning and management technology e.g. Qualys/Tenable
  • Experience in managing the direction and subsequent collection of intelligence from a number of sources of information

Education and Qualifications:

  • Professional training in Cyber Threat Intelligence and/or Cyber Security Analysis
  • Professional training in Vulnerability Management
  • Open source intelligence qualifications and formal intelligence qualifications are favourable to application
  • Qualifications such as CISSP, CEH, GIAC, CCTIM, OSCP or equivalent are desirable

Additional Information

What else is expected of me?

Good conduct matters at the AA. It’s very important that you act with honesty & integrity, are respectful of others and have a consistent desire to do the right thing. Everyone at the AA lives these behaviours, so we are all able to support the delivery of good outcomes for our customers.

Ensure Treating Customers Fairly (TCF) is embedded in the culture of the AA to deliver the six customer outcomes of right culture, right information, right delivery, right targeting, right advice, and right post sales treatment.

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation or age.