Cyber Security Analyst (US-based)

At IFS you will work in a growing, global enterprise software company built upon committed and empowered colleagues who come to work knowing they are making a difference. We work everyday with customers who continue to challenge their markets and competitors. As a challenger ourselves, we partner with our customers to guide them through their digital transformations and extract the most value out of our software solutions. We take pride in ensuring that our employees are able to achieve the company goals as well as develop their career. We believe empowered autonomy, committed colleagues and being part of a winning team are the keys to our success and what makes us great! We are #ForTheChallengers and if that resonates with you, we would love to hear from you!

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.

Corporate Services (CoS) is responsible for the information security of all information systems across the global IFS organisation.  The Cyber Security Analyst position complements the existing CoS security team by bringing deep technical security skills to help protect our IT infrastructure, systems and services from a range of security threats.  The intention is to appoint two Cyber Security Analysts, one in the US and one in Europe and who, in combination with the existing security team and IFS SOC, will support a “follow the sun” model and help ensure a comprehensive security service coverage across our core business operating hours.  Working hours will normally conform to local office hours, but limited periods of working outside this time frame may be necessary in response to specific projects or events.  Appropriate compensation will be included within the offer of employment should the candidate be successful.

As a Cyber Security Analyst you will help protect IFS’ IT infrastructure and Information Systems/Services (including company networks, hardware and software hosted both within IFS’ own Data Centres and in private and public Cloud services) from a range of cyber risks.  The candidate must have strong experience in Microsoft technologies and their security controls and potential weaknesses, both as deployed on-premise and within Microsoft Azure.  Reporting to the Vice President, Cyber Security and working with the Head of IT Security and IFS Security Operations Centre (SOC), you will be involved with the following primary activities:

• Perform threat analysis utilising threat intelligence sources and identify potential security risks, based upon the nature and operation of IFS infrastructure, information systems/services, and identify ways to mitigate them;
• Evaluate and test IFS information systems/services and networks including third party Cloud systems and integrations where applicable, in order to identify potential security weakness and vulnerabilities including conducting “ethical hacking” and running security breach simulations;
• Advise on technical security best practices, working with the Head of IT Security and CoS IT Project teams and architects in developing new, and amending existing, IT infrastructure, systems and services in accordance within information security best practice;
• Support security incident management and investigations, conducting technical activities, including forensics, to investigate, contain, recover and prevent recurrences of similar events;
• Support the IFS SOC with the technical investigation of specific security events and alerts, including phishing attacks, malware outbreaks and system compromises and help determine corrective and preventative actions plans;
• Support IFS internal security audit in identifying weakness in existing security practices and identiying corrective actions to address them;
• Support Business continuity and disaster recovery planning and testing activities, with a focus on ensuting information security is maintained when operaing in a business continuity mode;
• Support the maintenance of the IFS Information Security Risk Register and help identify risk mitigation actions;
• Assist with responding to IFS customers’ and prospects’ concerns, questions, RFIs and RFPs regarding IFS information security;
• Assist with security training, providing guidance and promoiting awareness regarding security risks and ways to mitigate them;
• Promote IFS information security across the IFS organisation, using engaging ways to capture employee interest and help develop a healthy information security culture and behaviour;
• Keep up to date with the latest emerging security threats, hacking techniques, security remediations, mitigations and toolsets.

Technical Competencies:

• Excellent IT skills including knowledge of computer networks, operating systems, software, harware, and information security, especially involving Mircosoft technologies including Azure;
• A deep understanding of cyber security risks and exploits associated with various commonly used technologies and platforms (e.g. Microsoft on premise, Cloud (especially Azure), Oracle, VMWare, Citrix, private and public networks, etc.);
• A deep working knowledge of security technoclogies and solutions including network and application firewalls, host intrusion prevention, data loss prevention, etc.;
• Extensive hands on experience of information security testing (Red Team, Blue Team and Black Box) including penetration testing, ethical hacking and other security evaluation techniques using a wide range of security testing tools;
• Excellent verbal and written communications and presentation skills, with an ability to explain complex issues in an easy to understand way to people of varying degrees of seniority and technical competence.

Behavioural Attributes:

• A passion for cyber security and a keen interest in IT;
• Serve as an ambassador for IFS information security practice, promoting best practice and helping develop a healthy, engaged information security culture arcoss the organisation
• Excellent analytical and problem solvings skills, with an ability to think like an adversary whilst operating meticulously in accordnace with IFS policies and code of conduct;
• Strong organisational skills and an ability to manage time efficiently;
• Excellent at priotising and focusing on that which matters most within a particular task or set of tasks;
• An ability to work under pressure, particualrly when dealing with threats, security incidents and other situations of high demand.

Required Education & Experience

Essential:

At least 3 years’ experience working in a similar role:

• System, infrastructure and Cloud based security testing (Red Team, Blue Team and Black Box testing;
• Extensive experience of using multiple security test tools;
• Threat intelligence and threat hunting;
• Security risk assessment;
• Information security forensics;
• Security engineering;
• Security Incident Management.

Desirable:

• Related security professional memberships including Certified Ethical Hacker (CEH);
• Strong information security professional network;
• Formal training in security testing (e.g. CREST – CPSA)

IFS develops and delivers enterprise software for customers around the world who manufacture and distribute goods, maintain assets, and manage service-focused operations. The industry expertise of our people and solutions, together with commitment to our customers, has made us a recognised leader and the most recommended supplier in our sector. Our team of 4,000 employees supports more than 10,000 customers worldwide from a network of local offices and through our growing ecosystem of partners. For more information, visit: IFS.com.