Risk and Threat Analyst – Hampshire – SC cleared
Based within this leading organisation you’ll be undertaking Security Risk and Threat Analysis of large IT systems and will possess a practical background and experience in Networks and Software System Security.
- Technical Assessment of Vulnerabilities, Incidents and their impacts (networks, application, system, operational).
- Technical Assessment of the Risk Exposure arising from a Threat Catalogue.
- Identification of mitigations, moderating risk exposure.
- Generation of Risk Reports.
- Liaising with our Customer in support of corroborating status and review of the Risk Analysis.
- Working closely with the Security Manager.
- Some overseas travel may be required.
Secondary responsibilities (supporting additional team):
- Review of expert findings identifying mitigating and remediating solutions.
- Liaising with internal teams, suppliers and customers in the generation of revised Requirements Specifications.
- Establishing and review of Test Procedures for use in verifying compliance for mitigation and remediation of known and applicable vulnerabilities.
- Managing the execution and witnessing of security verification activities, including direct hands on execution.
- Tracking conclusion of mitigation and remediation activities, reporting on vulnerability status folding back into the revision of Risk Exposure assessment and generation of Risk Reports.
- Supporting Accreditation Datapack generation.
- OS Lockdown definition, implementation and validation.
You need to demonstrate extensive experience and be able to operate on both solo activities and also within multi-disciplined teams from engineering and security management.
- Report Writing and Technical Presentation
- Security Risk and Threat Analysis
- DOORs Requirements Management; MS Office
- Understanding Network Security: ACLs, Firewall Rules, DMZs
- Linux and Windows operating Systems, specifically Security enforcing mechanisms.
- An understanding of Network attack Methodologies.
- An understanding of Vulnerability and Incident management (analysis, assessment, mitigation).
- Virtualisation technologies.
- Experience of nmap / Nessus and related Security Toolkits e.g .Kali Linux
- Compliance/Audit experience.
- Experience of using formal configuration management systems.
- CISSP or related certification
- OS Lockdown principles
6 month initial contract, SC clearance is required.