Role purpose

The primary purpose of the Security Operations Specialist is to be responsible for designing, testing, implementing, monitoring and supporting security measures.

You will be a security tools and systems expert, understand defensive security techniques (with the ability to think like an offensive cyber adversary), strategy, technologies and be sufficiently agile to cope with a forever changing digital threat landscape.

Responsibilities

? Lead and deliver activities within the continuous programme of cyber security improvement relating to cyber security monitoring and incident response for systems and infrastructure

? Operation and optimisation of security tooling/products, including anti-virus, encryption technologies, network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, privileged access management.

? Respond to Endpoint protection and malware detection tools alerts.

? Makes suggestions on tuning IPS Platforms, Firewall Policies, and other security devices and be innovative on their use.

? Assess and understand Pearson’s current security posture and future architecture, providing recommendations for Cyber Security improvement and risk reduction

? Making recommendations to improve operational effectiveness

? Accountable for Security infrastructure change

? Documentation creation and review

? Defend systems against unauthorized access, modification and/or destruction

? Identify abnormalities and report violations

? Oversee and monitor routine security administration

? Design and conduct security audits to ensure operational security

? Research and recommend security upgrades

Skills and Experience

? Ability to work well in a Team

? Methodical and disciplined work approach

? Good analytical skills

? Good interpersonal skills

? Skills and competencies (one or more)

? Strong knowledge and demonstrable experience of information security technologies and methods

? Security event log collection and analysis

? Experience in systems (Linux/Unix) and networking

? Experience of vulnerability and threat assessment

? Experience of Intrusion detection and prevention systems

? Experience of Web-based application security

? Ability to develop custom code (perl / shell scripting etc.)

? Experience of Cloud systems and their Architecture (AWS, Azure, Google)

? Experience of working in a 24/7 Security Operations Centre environment or similar

? Experience of Incident Handling processes and procedures

Qualifications

? Certified to one or more of the following or equivalent - GCIA, GHIH, GCFA, CISSP, CEH, GERM, GREM, GCFE, OSCP, or SSCP