As a valued member of the RAC Security Team, the purpose of the Information & Cyber Security Analyst is to carry out day-to-day cyber security threat monitoring, detection and response activity; Measure vulnerability and corrective action effectiveness and oversee access control reviews throughout the RAC technology ecosystem.
- Lead security incident response activities, ensuring the IR policy, plan and playbooks are kept up to date, integrated with IT, IR Response Partners, Managed Service Providers, and the wider RAC business and regularly tested.
- Develop and maintain a regular security testing regime to continually test and optimize security controls across the business.
- Design and develop operational plans, playbooks and runbooks that streamline, enhance, and where practical, automate processes, ensuring they operate effectively reporting key SecOps metrics.
- Establish and run proactive operating processes to identify and address security issues/weaknesses before they present a material risk to the business.
- Prepare reports and management information regarding the state and effectiveness of those security controls and processes across the RAC group to inform senior management and facilitate effective decision-making.
- Conduct regular threat assessments and threat modelling exercises and maintain an integrated threat and risk led approach to security monitoring.
- Enhance and develop targeted threat hunting exercises, ensuring this feedback into the Security Operations action plan.
- Work closely with key managed services partners to maintain, develop, and enhance red and purple team exercises, continually measuring and improving our controls.
- Ensure good working practices are communicated across the team, and documentation is kept up to date.
- Establish and run “Access Control” governance processes, maintain records of system account approval and carryout periodic reviews.
- Follow up with suppliers on remediation actions.
- Be a point of liaison on network & security matters with suppliers.
The role holder will work both independently and as a key part of the Information Security team. They will be expected to make both proactive and reactive tactical and operational decisions in real-time to ensure RAC’s security posture is always maintained, and often work with autonomy. Where appropriate actions will be dictated by pre-defined processes and playbooks although this type of role will also require out-of-the-box thinking, with those decisions being made confidently based on prior experience and sound judgement.
Personal Attributes:
- Demonstrable comprehension of cyber security concerns including attacker tactics, techniques, and procedures; Ransomware; emerging threats; technology vulnerability.
- Demonstrable experience of security incident response leadership.
- Experience in utilizing MITRE ATT&CK framework in an operational Detect and Respond environment.
- Demonstrable experience of monitoring and analysing modern technology models such as Azure, cloud (SAAS) services, containers, Infrastructure-as-code and CI/CD Continuous software delivery pipelines.
- Experienced in determining SOC Toolset requirements and establishing SecOps processes.
- Experienced in SOC concepts including but not limited to: Cyber Incident Response Coordination, Malware and Ransomware control, Email security, CASB, Endpoint protection XDR, MDR & AV, Quarantine and Containment, Abuse Response, Forensics, MDM, SIEM, SOAR, Azure and Cloud Security controls, Vulnerability Management, data Loss Prevention.
- Good grasp of coding/scripts, with experience of writing queries in reporting tools
- Experience of DevSecOps methodologies and practices.
- Understanding of other information security domains such as Architecture, AppSec Business Continuity/DR and Risk Management.
- Knowledge of common information security management frameworks, such as NIST CSF, ISO/IEC 27001.
- Knowledge and understanding of relevant UK legal and regulatory cyber requirements and guidelines.
- Objective, analytical and decisive in nature.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Qualifications/FCA:
Possession of a professional security qualification in good standing (such as GCIA, GCIH, GCTI, GMON, CISSP).
The RAC is on a journey to revolutionise the way we provide our differentiated range of driving services to our 13m personal and business members, so we’re looking for problem-solvers and passionate engineers to build digital products with cutting-edge technology.
In partnership with our new shareholder Silver Lake, the global leader in tech investing which has unparalleled technology expertise, we’re executing an organisation-wide digital transformation focusing on adoption of modern tech and tools, customer-led product development and data-driven decision-making. This opportunity may involve working on an app with millions of users, an ecomm platform that processes tens of millions of revenue per year, or technology that supports our patrols to attend 2.3m call-outs each year.