Information Security (Technical) Analyst

Information Security (Technical) Analyst

Department : IT and IT Systems

Location : Greenford (on-site working)

About Us: GBS is a higher education provider offering a range of sector-relevant courses across ten campuses in London, Birmingham, Leeds, and Manchester. Working in partnership with several of the UK’s leading higher education providers, we deliver vocational, undergraduate, and postgraduate programmes in finance, accounting, business, construction, tourism, healthcare, and more.

Our Vision: Changing lives through education.

About the department: The IT and IT Systems department in higher education is responsible for managing and supporting the institution’s technology infrastructure, including networks, servers, and critical software systems. They provide user support, maintain cybersecurity, ensure data compliance, and facilitate teaching, learning, and research through reliable technology services. Their role is to keep campus technology running smoothly and securely while enabling the institution’s academic and administrative functions.

About the role: The Information Security Technical Analyst performs various functions, including providing both operational and technical support for information security processes across GBS which lead to maintaining the confidentiality, integrity, and availability of GBS information, systems, and data.

Main Responsibilities

What the role involves:

• Oversees the monitoring, investigating, and reporting of security related events, to include ensuring appropriate closure and mitigation of risks.
• Engage in planning, initial setup and full-scale rollout of SOC involving multi tenants.
• Track security alerts in Defender and respond with suitable remediation measures to mitigate risks.
• Ensure correct deployment and application of governance policies in Microsoft Purview.
• Creates updates and oversees execution of security assessments and analysis of systems (infrastructure and applications) as needed or in accordance with the security strategic plan.
• Ensures successful compliance of data protection and security requirements within applicable legislation (e.g., GDPR, UK Data Protection Act etc.).
• Conducts assessment on the security of new applications and programs prior to installation or upgrade and within the Software Development Lifecycle.
• Participates in ensuring that Information Security risks are identified, and the risk register is continually maintained and reviewed. Provides monthly risk reporting to the Information Security Manager.
• Responsible for ensuring that all servers and other IT related equipment is hardened against industry security best practices and standards. Performs audits of firewall(s), log management, intrusion detection systems, and content filtering controls (email, DLP and other technical controls).
• Conducts internal security audits and reviews as needed, together with appropriate recommendations and conclusions.
• Identifies and addresses computer vulnerabilities in internal servers, external servers, and applications (cloud or on-premises) and collaborates with stakeholders to ensure associated risks are mitigated and closed.
• Follows the Security Incident Management Response Policy in responding to security incidents and guides the Incident Response Team in handling information security incidents, to include advising and participating in remediation, closure and lessons learned.
• Understands and monitors vulnerabilities, to ensure appropriate classification in line with policy, satisfactory closure, and mitigation.

Requirements

What Experience/Skills are required:

• Bachelor’s degree in computer science or information sciences, or in a similar field.
• Possess certifications from accredited bodies, including Microsoft SC-200, Certified SOC Analyst (CSA), CompTIA CySA+, GIAC Security Operations Certified (GSOC), GIAC Continuous Monitoring Certification (GMON), GIAC Certified Incident Handler (GCIH), CCNA Cyber Ops, or other specialized security certification that assesses the candidates’ security analysis, SOC operations, and incident handling skills.
• Substantial experience in information security across different industries, platforms, and applications. Experience conducting IT compliance assessments (IT General Controls and Audits, PCI, NIST CSF etc.)
• Experience working on implementation in a SOC environment.
• Experience working in Microsoft Defender, Microsoft Purview and Microsoft Sentinel is essential.
• Experience in or understanding of penetration testing and hacking techniques.
• Experience across applying NIST CSF, ITIL, ISO 27001, ISO and other best practice standards

Desirable Experience/Skills:

• In-depth knowledge of architecture, engineering, and operations of at least one
• enterprise SIEM platform (e.g., ArcSight, Splunk, Nitro/McAfee Enterprise Security Manager, QRadar, LogLogic).
• Understanding of event and incident investigations and incident response in a 24/7 SOC environment.
• Proficiency in configuring and managing security technologies such as firewalls, IDS/IPS, SIEM, DLP, and Endpoint protection solutions.
• Good understanding and knowledge of security concepts, protocols, processes, architectures, and platforms (authentication and access control technologies, intrusion detection, network traffic analysis, Web Application Firewalls, Encryption and Key Management, SIEM technology, incident handling, media/malware analysis, etc.)
• Good knowledge of cloud technologies, architecture, and security controls.
• Ability to define problems, collect data, establish facts, and draw valid conclusions (problem solving and analytics).

Other Information

What We Offer:

• 25 days annual leave, plus 8 public holidays
• 1 day extra leave per year of service, up to a maximum of 5 days
• Workplace pension scheme
• Tuition reimbursement for career development courses
• Flexible Benefits: Cycle to Work, Workplace Nursery, Techscheme and much more
• Perks@Work discounts platform, wellbeing centre and much more
• Reward and recognition programme
• £500 award employee referral scheme
• Discretionary annual performance bonus

Employee Testimonial:

The trust placed in me by the company has been like nothing I've ever experienced. This confidence has empowered me to take on new challenges and grow professionally. The support throughout my employment has been very focused and nurturing, providing me with the resources and guidance needed to excel. Regular feedback and opportunities for professional development have been instrumental in honing my skills and advancing my career. The company's commitment to my growth has not only enhanced my capabilities but also fostered a deep sense of loyalty and motivation to contribute to our collective success. — Ahad Shaikh (Professional Services Employee)

GBS is committed to equality, diversity, and inclusion and providing a workplace free from discrimination or harassment. We welcome applications from all backgrounds and communities. We take our core values seriously and work hard to create an environment where everyone feels welcomed.

#Li-onsite

#IndeedSeptember