Cyber Security Analyst

Job content

Company Description

DPD is a member of DPDgroup, one of Europe’s leading parcel delivery networks, and aims to be the most sustainable delivery company in the UK, with a turnover of over £2 billion. We also deliver the best service, use the best technology and recruit and retain the best people in the industry.

Job Description

Our Information Security Manageris looking to recruit a dynamic Cyber Security Analyst to join their highly skilled and high performing team. This role will be based from our site in Oldbury.

Purpose of Position

• To provide support and to manage DPDgroup UK (DPD) Information Security systems in line with service requirements, Geopost/La Poste Information Security standards and directives to successfully maintain our ISO27001 and ISO27701 Accreditation.
• To provide professional, efficient and effective System Security support and proactively manage security for DPD and our third party suppliers that we rely on to sort and deliver parcels for us every day.
• To support the team, department and wider business with penetration testing, security reviews and assessment (eg Black Box/White Box) as well as “Red/Blue Teaming” for “in house” and third party provided applications, systems and services.
• Liaise at all levels through the organisation but primarily within the IT and Legal departments
• A point of contact for Information Security (for projects and ongoing testing) and management of security mailboxes, tickets and workflows from systems and services we support.
  

Key Duties And Responsibilities

• Responsible for the day to day running of the Cyber Security Security systems including contributing as part of a team to the technical management, implementation and support of security related services such as Nessus, Qualys, Immuniweb and other scanning and reporting tools.
• Contributes to the Information System Security Strategy, ensures infrastructure and code deployment and application design in line with that strategy, along with obsolescence planning and patch management, including early warning of vulnerable systems and sites.
• Adherence to and enforcement of standards, policies and procedures as defined by best practice from NIST, OWASP, SANS and ISO27001.
• Contributes to new project take on; project management, infrastructure design, build, test and implementation, support process design and implementation, supplier management for IT Security related work, including ‘Privacy by Design’ and Data Protection using principles from OWASP.
• Responsible for security management within the Google cloud environment. This will include the reviewing of secure coding and infrastructure practices as well as implementing monitoring/alerting to suit the current event management platforms.
• To proactively contribute to and be part of the Information Security team and fulfil Security operation Centre (SOC) type duties.
• Creating and monitoring security-related logs and tools for potential threats, vulnerabilities, and indicators of compromise. Be comfortable using SIEM and logging tools (eg Graylog, Grafana, Elastic) to build monitoring dashboards which will help with identification of future or existing threats.
• Identifying, raising and assisting in responding to and documenting cyber security incidents such as viruses, account compromises, vulnerability exploits, data breaches etc
• Perform risk assessments (on new applications and or existing or new third parties), provide approvals, and advise on technical risk reduction measures for IT application and IT infrastructure projects as well as BAU IT changes as part of the Global function.
• Proactively research and monitor security information to identify potential threats that may impact the organisation.
• Demonstrate a strong understanding of Cisco’s EDR and complimentary security solutions (Secure Endpoint Suite and Umbrella).
• Develop automated processes for continuous remediation; explore integration requirements for orchestration within SecureX.
• Collaborating with teams across the IT function to ensure that our security posture continues to meet the needs of our customers and partners as well as operating to our documented standards.
• Provide analysis and trending of security log data from a large number of heterogeneous security devices.
  

About You

Qualifications

To be considered for this role you must be qualified to degree level in information security or have equivalent demonstrable skills knowledge and experience. Experience of working with penetration testing tools, or relevant background in cyber security is desirable. Direct experience with anti-virus software, endpoint detection response (EDR), firewalls and content filtering and exposure to vulnerability analysis, audit activities, penetration testing and/or risk assessments is essential.

We would also expect;

• Good level of understanding in the approach threat actors take to attacking a network; phishing, port scanning, web application attacks, DDoS, lateral movement.
• Knowledge in Windows, Mac OS, Linux and Google operating systems including how to investigate them for signs of compromise (IOC’s).
• Basic understanding of Cloud architecture and how an attacker can utilise these platforms.
• Ability to demonstrate the right approach to investigating alerts and/or indicators and document your findings in a manner that both peer and executive level colleagues can understand.
• Good understanding of the 6 phases of Incident Response.
• Appreciation of the wider roles of interconnecting Cyber Security teams and collaboration with each of those (i.e. Forensics / Threat Intelligence / Penetration Testing / Vulnerability Management / "Purple Teaming" etc).
• Foundational level of scripting knowledge is desirable.
• Demonstrate the core values of DPD DNA – Passion, Respect, Honesty, Flexibility, Hard Work and Accountability
  

Additional Information

Remuneration

Your package will include a competitive starting salary. As well as this you have access to some other fantastic optional benefits such as Cycle2Work Scheme, Dining Cards, Holiday trading and discounts and savings on 1000’s of retailers.

DPD are passionate about creating an environment that is open, ethical, inclusive and socially responsible. There is a culture of recognition and reward within DPD to include; long-service awards, a special recognition programme for those individuals that go above and beyond, and the DPD Personality of the Year award.

If successful you can look forward to the exciting prospect of joining an increasingly successful and expanding business, that through its constant innovation, has revolutionised the express parcel industry and continues to define its outlook for the future.

DPD is a Valuable 500 company and a Disability Confident Employer

#REF3476Y