Summary
As a Senior Cyber Security Analyst you will deliver an outcome-focused, professional and high-quality service.
Using your sound knowledge of cyber security processes, you will triage and handle cyber security alerts and tickets, as well as being the first escalation point for more junior members of the team.
You will participate in larger pieces of security work, including the checking of security controls and being proactive in team projects.
You will produce cyber risk assessments, monitoring controls, audits, and advise projects on cyber risk factors.
Work Activity Components
| Title | Details |
|---|---|
| Compliance (SCTY) (Level Three) | Applies procedures to assess compliance with information security policies and standards. For example, assesses compliance of hardware and software configurations to policies, standards, and legal and regulatory requirements. |
| Controls and reviews (SCTY) (Level Three) | Applies and maintains specific procedures and security controls as required by organisational policy and local risk assessments to maintain confidentiality, integrity and availability of business information systems and infrastructure components. |
| Risks and vulnerability (SCTY) (Level Three) | Performs basic risk and vulnerability assessments for small information systems and may contribute to vulnerability assessments of medium-complexity information systems. Determines when potential security issues should be escalated. |
| Security expertise (SCTY) (Level Three) | Communicates information security issues effectively to business managers and users of systems and networks. |
| Threats and breaches (IG) (Level 3) | Responds to data security breaches in line with security and information governance policies. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation's security policy, which may include escalation and reporting the incident to the Information Commissioner's Office, and records the incident and action taken. |
| Information review (THIN) (Level 2) | Assists with the cleaning and conversion of information gathered into consistent formats for use in operational security activities. |
| Threat intelligence gathering (THIN) (Level 2) | Contributes to routine threat intelligence gathering tasks. Monitors and detects security threats and escalates in accordance with relevant procedures and standards. |
| Threat modelling (THIN) (Level 2) | Assists in threat modelling activities based on intelligence gathered. |
| Auditable records (SCAD) (Level 2) | For all services and systems within identified remit, maintains auditable records and user documentation. Assists in the preparation and maintenance of evidence for use in internal and external audits, compliance or regulatory reporting, security accreditations, and business recovery plans — particularly in the data collection and compilation/production/distribution phases of the exercise. |
| Security advice (SCAD) (Level 2) | Receives and responds to routine requests for security support. Maintains records and advises relevant persons of actions taken. |
| Violation and security breach (SCAD) (Level 2) | Assists in the investigation and resolution of issues relating to access controls and security systems. Investigates and reconciles violation reports and logs generated by automated systems. Investigates any other minor security breaches, in accordance with established procedures and security standards. Integrates findings from other investigators, and compiles reports and recommendations for management follow-up. |
| Assessment documentation (VUAS) (Level 2) | Documents the scope and results of basic vulnerability assessments, or contributes to the documentation of more complex assessments. |
| Communication and awareness (VUAS) (Level 2) | Promotes awareness of security risks and issues to colleagues and others. |
| Critical information and technology assets (VUAS) (Level 2) | Identifies and documents critical information and technology assets within the organisation, including the asset type and asset location. |
| Vulnerability assessment (VUAS) (Level 2) | Undertakes routine vulnerability assessments using automated and semi-automated tools, escalating issues where appropriate. Participates, under supervision, in more complex assessments. |
| Vulnerability identification and analysis (VUAS) (Level 2) | Identifies basic vulnerabilities that might breach a critical information or technology asset. |
Behavioural Skills
| Title | Details |
|---|---|
| Ambiguity | Comfortable dealing with ambiguity and operating in environments that evolve and change. |
| Analytical Thinking | Acquiring a proper understanding of a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts. Selecting the appropriate method/tool to resolve the problem and reflecting critically on the result, so that what is learnt is identified and assimilated. |
| Attention to Detail | Applying specific quality standards to all tasks undertaken to ensure that deliverables are accurate and complete. |
| Customer Focus | Understanding the needs of the internal or external customer and keeping these in mind when taking actions or making decisions. |
| Information Acquisition | Identifying gaps in the available information required to understand a problem or situation and devising a means of resolving them. |
| Teamwork | Working collaboratively with others to achieve a common goal. |
| Verbal Expression | Communicating effectively using the spoken word. |
| Written Expression | Communicating effectively in writing, such as reports and via emails. |
| Resilience | Demonstrates resilience when working under pressure, displaying a calm and rational approach to the task at hand. |
Technical Skills
| Title | Details | Depth |
|---|---|---|
| Access Control Systems | Any tool or system which provides security access control (i.e. prevents unauthorised access to systems). | Familiar with |
| Analytical Tools | Analytical, statistical and machine learning tools appropriate to the organisational environment. Able to apply these tools and techniques to meet the requirements of stakeholders. | Aware of |
| Application Systems | Technical or functional understanding of Commercial Off-the-Shelf (COTS) applications and/or other bespoke software deployed within the organisation in order to provide system configuration, audit, technical, and/or functional support. | Aware of |
| Business Environment | The business environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners and competitors), in particular those aspects of the business that the specialism is to support (i.e. localised organisational awareness from a technical perspective). | Aware of |
| BYOD | The policy of permitting employees to bring personally owned mobile devices (laptops, tablets, smart phones etc) to their workplace, and the implications of using those devices to access privileged company information and applications consistent with safeguarding corporate systems and data taking account of security and confidentiality requirements. Also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC). | Aware of |
| Cloud/Virtualisation | The principles and application of cloud/ virtualisation (including ownership, responsibilities and security implications). Use of tools and systems to manage virtualised environments. | Aware of |
| Configuration Management | The discipline that gives precise control over IT assets and components by recording and maintaining information about the 'configuration items', including hardware devices, computer programs, software licences, documentation, network devices, and data centre facilities (virtualised and static). | Aware of |
| Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Aware of |
| Cyber Security Concepts | The understanding of cyber security concepts and ability to effectively translate and accurately communicate security and risk implications across technical and non-technical stakeholders so that they are understood and applied. | Familiar with |
| Infrastructure Configuration | Knowledge and understanding of infrastructure configurations. | Aware of |
| Infrastructure/System Security | The security threats and vulnerabilities that impact and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. | Familiar with |
| IT Environment | The IT environment relating to own sphere of work (own organisation and/or closely associated organisations, such as customers, suppliers, partners), in particular own organisation's technical platforms and those that interface to them through the specialism, including those in closely-related organisations. | Aware of |
| Middleware | Software which forms part of the operating platform infrastructure. | Aware of |
| National/International Standards | Current and emerging standards associated with IT practice nationally and internationally, published by authorities such as IEEE, IEC, BSI, ISO. | Aware of |
| Network Data Security | Network security and threat mitigation, including physical, electronic, firewalling, encryption, access, and authorisation; protecting data at rest and in transit; defending against viruses and malware; the impact of Big Data; and the integration of robust security controls into enterprise services and policies. | Familiar with |
| Network Traffic Analysis | Methods and techniques for the capture of traffic information (packet level) and the forensic analysis of this information into its constituent elements. | Aware of |
| Networking and Communications | The planning and management of the interaction between two or more networking systems, computers or other intelligent devices. | Aware of |
| Operating Systems | System software that controls activities such as input, output, dynamic resource allocation, and error reporting, within the operation of a computer configuration. | Aware of |
| Operational/Service Architecture | Knowledge of the IT/IS infrastructure and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. | Aware of |
| Own Organisation's IT Products and Services | The IT products and/or services supplied to internal and external customers by own organisation. | Aware of |
| Security Software, Tools and Techniques | Specialist tools and techniques used in the pursuit of vulnerability management, penetration testing , digital forensics and other security management disciplines for bug-hunting, abstract interpretation and program analysis, binary analysis and reverse-engineering, exploit development, source code analysis, and static and dynamic application security testing (SAST/DAST) etc. | Aware of |
| Third Party IT Products and Services | The IT products and/or services supplied to own organisation by external suppliers. | Aware of |
Other Skills
| Title | Details | Depth |
|---|---|---|
| Document Management Techniques | Methods and techniques for the organisation, storage and version control of information in both paper and electronic formats. | Aware of |
| Information Elicitation Techniques | The selection and application of information elicitation methods, tools and techniques that are appropriate to the information required and the sources available. | Aware of |
| Legislation | Relevant national and international legislation. | Familiar with |
| Literature Search | Methods, techniques and tools for searching and obtaining relevant knowledge from published literature. | Aware of |
| Network Data Gathering Techniques | The selection, implementation and application of network data gathering methods, tools and techniques that are appropriate to the information required and the sources available. | Familiar with |
| Research Techniques | Methods, techniques and tools for the systematic discovery, analysis, and reporting of knowledge about all aspects of information systems. | Aware of |
| Risk Management | Methods and techniques for the assessment and management of business risk. | Aware of |
| Threat Landscape | Knowledge and understanding of the threat landscape, regulatory and legislative requirements and awareness of industry good practice relating to information governance, privacy and security. | Aware of |
Training
| Title | Details |
|---|---|
| Information Security Management | Frameworks and standards for information security management, such as the international standard ISO/IEC 27001 for Information Security. |
| Investigation Techniques | Investigation and elicitation techniques (such as interviews, workshops, observation, statistical analysis) to obtain complete and accurate information about business areas and systems of interest. |
| Security Software | Understanding the security threats and vulnerabilities that impact and/or emanate from system hardware, software and other infrastructure components and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents. For example access control software like Active Directory (AD). |
| Software Configuration | Installation, configuration and tuning of applications or systems software. |
Professional Development Activity (PDA)
| Title | Details | PDA Group |
|---|---|---|
| Deputising | Standing in for supervisor or manager on a temporary basis during periods of absence. | Broadening Activities |
| Gaining Knowledge of Employing Organisation | Gaining basic knowledge of the employing organisation, its business, structure, culture, policies, products/services, operations and terminology. | Increasing Knowledge |
| Gaining Knowledge of the Technical Environment | Gaining knowledge of IT activities in the employing organisation. | Increasing Knowledge |
| Involvement in Professional Body Activities | Attending meetings, seminars and workshops organised by professional body and reading published material, such as journals and web content. | Participation in Professional Activities |
| Job Shadowing and Special Assignments | Undertaking temporary periods or secondments in other roles, particularly those that offer a new perspective on own function or exposure to other environments and cultures. | Broadening Activities |
| Research Assignments | Exploring a topic which is not part of own normal responsibilities and presenting findings to colleagues and/or management | Increasing Knowledge |
Qualification Components
| Title | Awarding Bodies |
|---|---|
| FEDIP Practitioner | The Federation for Informatics Professionals |
| SSCP Systems Security Certified Practitioner | (ISC)2 International Information Systems Security Certification Consortium |
| BCS Certificate in Information Security Management Principles (CISMP) | BCS The Chartered Institute for IT |
The Professional Body Responsible for this job family is BCS. This job role profile was created in collaboration with BCS, using Role Model Plus.