|Job description||Security Analyst
Type of contract: Full Time, Permanent
Salary: £ 37,427- £47,649
nationals of Commonwealth countries who have the right to work in the UK
nationals from the EU, EEA or Switzerland with (or eligible for) status under the European Union Settlement Scheme (EUSS)
Please note, we are not able to sponsor work visas. Please contact us at firstname.lastname@example.org should you have any questions on your nationality eligibility.
Why are we recruiting for this role?
The NAO is expanding its Information Security team to support the evolving needs of the business and enable continuous improvement in response to an ever-changing threat landscape.
The continued adoption of cloud services introduces an enhanced set of advanced security tools, telemetry and signals that support our security operations and enable the business to proactively protect, detect, respond and recover from security related events.
These additional capabilities require a specialist to work in collaboration with the wider team to own, manage and develop security operations processes and maintain the NAO’s security posture.
Who are the team?
The Security Analyst is an integral role in supporting the NAO’s ability to proactively detect and respond to security related incidents, maintaining and continuously improving our security posture and enabling the business to reduce risk.
The Security Analyst role sits within our Information Security function; a diverse, inclusive, respectful and agile team of information security professionals; responsible for enabling the business to better understand, identify and manage the threats and risks that impact the NAO’s ability to deliver on its vision and strategy.
What are the main responsibilities of this role?
You will need to respond to both security incidents and events logged by staff members, monitoring tools and security partners. You should have had a good knowledge of security concepts and an understanding of how to analyse and respond to appropriate incidents. You need to be able to communicate effectively with all levels of users both orally and in writing. Delivering a high level of customer service to agreed standards.
As part of the daily schedule you will be collating information from monitoring tools as well as third parties to provide an accurate view of the current security position of the organisation. You will also need to educate and advise team members on the handling of suspicious emails.
You will be required to use your initiative, research and problem-solving skills to resolve problems and issues and create written documentation where required. The role requires a good grounding in computer systems and network security, and requires the ability to adapt to new technologies, learn new procedures, determine the source of problems, come up with both tactical and strategic solutions.
Additionally, there are opportunities to grow and develop in areas such as security testing, audit, assurance and ISO27001.
About the National Audit Office
The National Audit Office (NAO) is the UK’s main public sector audit body. Independent of government, we have responsibility for auditing the accounts of various public sector bodies, examining the propriety of government spending, assessing risks to financial control and accountability, and reviewing the economy, efficiency and effectiveness of programmes, projects and activities. We report directly to Parliament, through the Committee of Public Accounts of the House of Commons which uses our reports as the basis of its own investigations. We employ some 800 staff, most of whom are qualified accountants, trainees or technicians. They work in one of two main areas, financial audit or value for money (VFM) audit.
The NAO welcomes applications from everyone. We value diversity in all its forms and the difference it makes to our organisation. By removing barriers and creating an inclusive culture all our people have the opportunity to develop and maximise their full potential. As members of the Business Disability Forum and the Disability Confident Scheme we guarantee to interview all disabled applicants who meet the minimum criteria.
The NAO supports flexible working and is happy to discuss this with you at application stage.
• Reporting to: Head of Information Security
• Internal relationships: Critical relationships with Information Security peers, Digital Services, IT Operations and
• External: Suppliers, vendors, and peers in similar organisations.
• Resources Managed: None
|Responsibilities||• Information Assurance
o Collaborate with the Information Security team in order to ensure compliance with Information Security
standards and controls.
o Identify systems and services that require further assessment and/or verification in accordance with the NAO
Information Security Manual.
o Clear concise reporting on the security of IT systems.
• Risk Management
o Identify and assess risk in accordance with the NAO Risk Management Framework.
o Collaborate with the NAO team(s) to identify and deploy tactics/techniques for mitigating risk.
• Horizon Scanning
o Leverage Threat Intelligence feeds to maintain awareness of global security threats, vulnerabilities and
collaborate with Digital Services team(s) to mitigate risk and maintain/improve the organisational security
o Maintain awareness of security industry best practice in order to drive continuous improvement within the
organisation, particularly in the area of cyber security.
o Maintain awareness of technology landscape and provide guidance on opportunities to improve in the context
of the business.
• Security Operations
o The delivery and day-to-day management of key technical security controls across the organisation to ensure
that security posture is effectively managed in line with enterprise risk appetite.
o Maintain vigilant security monitoring of the IT estate and the execution of agreed upon protocols and
processes in a consistent and timely manner when security issues arise.
o Provide subject matter expertise to the Digital Services team(s) in response to Security Incidents
o Report on SecOps status in the monthly Service Management Meeting
• Continuous Improvement
o Assist with the continuous development and continuous improvement of the security policy, process, standards
o Provide technical expertise in support of internal security designs, projects and activities.
o Assure technology implementations against organisational security controls
o As the Security Operations SME, recommend opportunities and initiatives to continuously improve the NAO
SecOps function in the context of the NAO business.
• Stakeholder Engagement
o Collaborate with and build relationships with key stakeholder groups (such as Information Security,
Compliance and Digital Services)
o Build strong relationships with stakeholder groups outside of Digital Services in order to establish a strong
understanding of the business and their needs.
• Demonstrable, technical background working in an IT security, cyber security, security operations, security
analyst or security engineering role within a fast paced and dynamic environment
• Demonstrable experience contributing to the delivery of and continuous improvement of technical security
• Demonstrable experience working with cloud technology – including IaaS, PaaS, SaaS and hybrid cloud
• Customer First: Apply a customer first mindset in the engagement, enablement and support of internal
• Develop and Apply Knowledge: Build on your existing technical and security expertise by being curious,
continuously developing and seeking to learn new skills.
• Deliver High Performance: Be bold in delivering and driving through improvements and innovative solutions
• Collaborative: Be an effective and flexible contributor to the success of the team.
• Communication: Apply your strong verbal and written communication skills to clearly articulate the threats and
risks that impact the business to different audiences (both technical and non-technical.)
• Strong background in the identification, triage and containment of security related incidents
• Experience in the identification, prioritisation and remediation of technical vulnerabilities
• Experience in the analysis of existing security controls and making recommendations on how to drive
• Experience working to industry standards such as ISO/IEC 27001, NCSC, NIST, CREST and/or the HMG Security
Policy Framework (HMG SPF)
• Experience with risk assessment and threat modelling techniques such as ISO31000, ISO27005, the Diamond
Model or MITRE ATT&CK
• Able to work under pressure and to challenging timescales
• Able to provide expertise from both a cyber security and technical perspective on projects
• Ability to be self-sufficient and make independent decisions on problem resolution that align to departmental
and functional strategy
• Must have a strong technical background in the securing and operation of cloud services (such as Microsoft
365 and Azure)
• Strong experience in three or more of the following security domains:
o Identity & Access Management
o Network Security (e.g. Firewalls, IDS/IPS, Proxy, Internet Filtering etc)
o Email Security
o Endpoint Security
o Encryption & Cryptography
o Application Security
o Vulnerability Management
o Open source intelligence
o Digital Forensics
o Incident handling
• Strong experience with two or more of the following toolsets:
o Identity & Access Management platforms (such as Azure Active Directory)
o Threat Protection tools (such as Defender ATP, Office 365 ATP and Cloud App Security)
o Enterprise firewall technologies (such as Fortinet, Cisco, Checkpoint)
o Vulnerability Management tools (such as Tenable, Qualys or Rapid7)
o Data Loss Prevention (DLP)
o Intrusion Detection / Prevention Systems (IDS/IPS)
o Security Incident & Event Management (SIEM) platforms (such as Azure Sentinel)
Whilst not essential for being successful in this role, the following key skills/competencies would be desirable:
• Understanding of agile, DevOps or DevSecOps principles and practices
• Hold one or more of the following accreditations:
o CSA CCSK
o Certified Ethical Hacker (CEH)
o SANS GIAC
o CCNA Security
o Comptia Security+
o IAPP CIPT
o Microsoft 365 Certified: Fundamentals
o Microsoft 365 Certified: Security Administrator
o Microsoft Azure Certified: Fundamentals
o Microsoft Azure Certified: Administration Associate
o Microsoft Azure Certified: Security Administrator