Cyber Security Analyst – 12 Months – Full Time – Edinburgh (Remote)
About the Company
The Crown Office and Procurator Fiscal Service (COPFS) is Scotland’s prosecution service. We receive reports about crimes from the police and other reporting agencies and then decide what action to take, including whether to prosecute someone. We also look into deaths that need further explanation and investigate allegations of criminal conduct against police officers.
COPFS plays a pivotal part in the justice system, working with others to make Scotland safe from crime, disorder and danger. The public interest is at the heart of all we do as independent prosecutors. We take into account the diverse needs of victims, witnesses, communities and the rights of those accused of crime. We support the Strategy for Justice in Scotland and, in particular, its priorities of:
· Reducing crime, particularly violent and serious organised crime
· Tackling hate crime and sectarianism
· Supporting victims and witnesses
· Increasing public confidence and reducing fear of crime
Our values are:
· Being professional
· Showing respect
Our aim is to meet the Law Officers’ strategic priority of achieving operational effectiveness in all cases.
The main roles and responsibilities of COPFS are to:
· investigate, prosecute and disrupt crime, including seizing the proceeds of crime
· establish the cause of sudden, unexplained or suspicious deaths
· investigate allegations of criminal conduct against police officers.
Our Key Objectives are:
· to secure the confidence of our diverse communities by improving the delivery of justice through the timely, efficient and effective prosecution of crime;
· to give priority to the prosecution of serious crime, including drugs trafficking and persistent offenders;
· to provide services that meet the information needs of victims, witnesses and next-of-kin, in co-operation with other agencies;
· to ensure that all deaths reported to the Procurator Fiscal are investigated appropriately and speedily.
About the role
Based within the Information Services Division (ISD) which delivers and supports an enterprise portfolio of efficient, resilient, innovative and secure IT services to meet COPFS’ business needs. ISD will play a crucial role in implementing COPFS’ digital strategy by developing sustainable digital and information solutions that modernise, innovate and transform the delivery of user focused services and to improve the way our organisation works.
A key objective of the team is to support the wider Digital strategy in the deployment of new technologies to deliver business opportunities and benefit allowing us to work productively without the disruption of cyber incidents or threats.
We ensure compliance with national and government security standards and accreditations such as PSN, PSN/P, Cyber Essentials + and ISO2700.
We currently have a requirement for Cybersecurity Analyst role, a mid-level security position within a small team which manages the operational security systems through the whole lifecycle of deployment, continuing management, event handling, and improvement.
The role assists in the provision of an end-to-end security response, including triage, response, escalation, and coordination of events and incidents. This is a proactive role, anticipating and identify security events, incidents and trends that could adversely impact COPFS, colleagues or assets.
The Cyber Security Analyst will be required to assess, triage and respond proactively and effectively to security related threats, incidents, requests and events to defend assets, information, and systems from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.
The role will require collaborating with internal and external colleagues, specialists and stakeholders to make sure activities relating to incident response, user access, alert monitoring, root cause analysis and scenario planning are completed in line with standard operating procedures and to Government standards.
Key Responsibilities will include but not be limited to:
- Assist in the monitoring IT Security applications, identifying actual or potential breaches in security.
- To develop and maintain key security performance indicators to determine and improve the effectiveness of security posture.
- Assist with first line incident response/management in logging, assessing and collaborating with technical teams to ensure that all identified breaches are promptly and thoroughly investigated.
- Assist in managing cloud-based security monitoring systems and maintaining the COPFS security posture.
- Contribute to the impact analyses of threat advisories
- Contribute to threat modelling assessments using MITRE ATT&CK framework to improve operational security efficacy and efficiency.
- Contribute to proactive threat hunting exercises to uncover the presence of any tactics, techniques, and procedures (TTP) within the COPFS environment.
- Assist with regular cyber simulation exercises within COPFS IT estate.
- Compile monthly vulnerability management remediation reports and follow up on any identified vulnerabilities with the appropriate technical teams to track remediation.
- To be aware of and support compliance with relevant legislation and standards in cyber security, not limited to GDPR, DPA, PSN, PSN/P, PCI-DSS and the Scottish Cyber Resilience Public Sector Action Plan.
- To support the drafting and reviewing of the IT Security Policy Framework and related procedures and guidance documents, in conjunction with colleagues from across COPFS.
- To support submitting responses regulatory and accrediting bodies.
Successful applicants are expected to have some experience and/or knowledge in deploying and managing operational technical security controls/systems, security event handling, security incident management and a good awareness of threats and their mitigations.
Ability to produce concise understandable written work on complex technical subjects.
To contribute effectively to regular team meetings by generating ideas sharing knowledge and providing feedback on activities and developments.
Identify and plan personal development and learning needs to ensure technical skills and knowledge are kept up to date.
The successful candidate will have strong technical knowledge and skills in the following areas are essential:
- TCP/IP Stack
- Operating Systems – Windows, Unix, Linux
- Well known networking protocols and services (FTP, HTTP, SSH, SMB, LDAP)
- Experience of Deep Packet Inspection
- Familiarity with Packet Analysis Tools (e.g. Wireshark, tcpdump)
- Working knowledge of IT Security tools such as SIEM, WAF, IDS, Firewalls
- Cloud security knowledge/experience
- Familiar with common exploits, vulnerabilities, network attacks and malware
- Familiarity of Vulnerability Scanning Toolsets (Nessus, Qualys, Rapid 7, Nmap)
Knowledge of or previous experience with the following would also be advantageous.
- Office 365 security toolsets (Defender, MCAS, Identity Protection, PIM, Secure Score)
- Experience in using SIEM platforms
- Experience in Endpoint Detection and Response (EDR)
- Malware analysis and sandboxing techniques
- Threat Modeling methodologies (e.g. Mitre ATT&CK)
- Experience in Incident Management/Incident Response
- Regular expressions (RegEx)
- Kusto Query Language (KQL)
- Structured Query Language (SQL)
The successful candidate will be subject to the appropriate UK national security vetting processes to obtain the necessary security clearances required for this role in COPFS.
Please note that COPFS has exemptions from the Rehabilitation of Offenders Act (1974). COPFS must also adhere to strict Civil Service and Cabinet Office Baseline Personnel Security Standards regarding nationality, identity and history verification rules.
Apply online now with your CV and cover letter to start your e-Placement Scotland Journey with The Crown Office and Procurator Fiscal Service