Security Operations Analyst
Head of Cloud Operations
Solutions & Technology, Platform Operations
Responsible for the day to day monitoring and review of security across AVEVA’s cloud estate, with a focus on maintaining and driving best practice software development standards within an AWS cloud environment. This is a hands-on role, working with development, operations and IT teams across the organisation to help to implement and manage effective controls and policies and drive a programme of work to achieve ISO27001 compliance.
• Work with internal teams to help maintain secure software development and deployment practices and policies
• Ensure on-going compliance to security practices and policies, preferably with automated tooling.
• Conduct risk assessments and security reviews to ensure compliance with agreed standards.
• Provide accurate security threat modelling.
• To refine and oversee effective controls to mitigate security risks and provide timely visibility of threats across our cloud estate, utilising AWS and other 3rd party tools and services.
• Day to day: to monitor, identify and respond to security incidents and threats, where possible using automated alarms, reports and notifications. Conduct regular and proactive checks of logs, review alerts, event and incident management output, look for unusual activity, review account access requests and exceptions, security test results and open audit actions.
• To own and develop a robust security incident response process covering evaluation, containment, investigation, analysis, recovery and lessons learnt.
• Provide subject matter expertise to business stakeholders as required.
• Make recommendations to continually improve the operational effectiveness of security related policies, procedures and tools.
• Maintain clear and accurate security-related operational documentation.
• Help to devise and contribute to security related metrics for assessing the effectiveness of security controls and programmes.
• To build good working relationships with all colleagues and partners to develop standards, educate and spread good security practices.
• Help to drive and actively contribute to a programme of work to achieve ISO27001 compliance and report on progress.
• Stay current on security industry trends, tools and best practices.
Important Working Relationships:
• Development and Operations team members, Leaders and Managers
• Internal IT
• External partners and vendors
• Customer point of contact
Knowledge, Skills & Experience Required:
• Experience with cloud hosted environments and a technical understanding of core AWS technologies and services.
• A sound understanding of AWS security related principles and best practice recommendations.
• Experience of utilising and incorporating AWS services/reporting within a security framework e.g. IAM, CloudWatch, CloudTrail, Config, Trusted Advisor.
Experience or knowledge of software development and deployment methodologies and principles and an understanding of the tenets and practices of DevOps, CI/CD.
• Experience of security tools and services, such as anti-virus, vulnerability scanning, endpoint security platforms, patch deployment, access controls, centralised logging.
• Excellent verbal and written communication skills.
• Hands-on experience working under Information Security accreditations (e.g. ISO27001, 27017/18).
• Information Security/Network related qualification.
• Strong attention to detail, diligent and tenacious.
• Excellent analysis and dissemination skills.
• High degree of personal motivation and ability to self-manage.
• Strong written, verbal and presentation skills, able to convey information clearly and concisely.
• Maintains and develops security knowledge through reading, group membership and conference attendance.
How to Apply:
AVEVA welcomes all applicants regardless of gender, sexual orientation, marital/civil partnership status, race, religion and belief, disability or age.