In order to comply with regulatory and client requirements, Ashurst will undertake appropriate vetting of staff. When applicants accept a job offer, Ashurst, alongside a specialist provider, will undertake professional verification and background checks. These checks are only undertaken with consent, and in accordance with our legal and regulatory obligations
Business Area – Information Technology
Role: Security Configuration and Compliance Analyst
Location: Based at Ashurst’s Glasgow office . Occasional travel to London office may be required from time to time
Reporting to: Head of Information Security
Hours of work - Monday to Friday, 09:00 - 17:30. You may be required to work additional hours from time to time
The primary role of the Security Configuration and Compliance Analyst (SCCA) is to provide technical input and business as usual operational management of the Firms security configuration management plan , operational processes, procedures and associated baseline security configuration profiles & tooling in line with best practice requirements
Security Configuration Management (SecCM) Plan , Policy and Procedures Design and Development :
As a subject matter expert ensure the Secure Configuration Management Policy , supporting processes , procedures and assurance toolset operational guidelines are adequately documented , specifically -:
- Assist the Systems Security Accreditor with maintaining the SecCM plan , policy and supporting processes.
- Development and maintenance of the SecCM process flowcharts
- Operate and maintain security configuration management tools , SCM Library and associated records .
Baseline Security Configuration Management profile design.
Programmatically define appropriate baseline security configurations for all IT equipment types Work with internal and external stakeholders to develop , define and maintain:
- Secure configuration management baselines.
- IT system specific security configuration management baselines and procedures.
- SecCM design templates.
- Security impact analysis templates and worksheets.
Security Configuration Management profile change management.
Undertake Security Impact Analysis of SecCM change proposals and present findings to configuration change board for consideration.
Security Configuration Management monitoring and reporting.
Undertake regular SecCM monitoring activities using SecCM tools. Reviewing findings and reporting non-conformities using SCAP Common Configuration Scoring System criteria.
Risk and Control: Ensure that all activities and duties are carried out in full compliance with our regulatory requirements and internal policies.
Essential skills and experience:
- Thorough understanding and demonstrated experience implementing the requirements of a secure configuration management plan
- Microsoft Windows Server certification (MCSA).
- VMWare Certified Professional.
Two years operational experience of the following technical concepts -:
- Common secure settings configurations e.g. CIS Benchmarks , National Checklist programs and SCAP-enabled tools.
- Centralised AD group policy.
iii. Tailoring secure configurations according to system / device role.
- Strong password policies.
- Endpoint Protection Platforms e.g. Anti-malware , desktop firewall, host-based intrusion detection, restrict mobile code.
vii. Technical vulnerability and patch management
- Excellent analytical skills.
- Excellent written and communication skills.
- Able to understand, interpret and respond to client requirements.
- Able to operate effectively and independently or as a member of a wider project team.
- Advanced knowledge of using MS office applications including MS Word , MS Excel and PowerPoint.
- Able to manage own workload and handle multiple tasks simultaneously.
- Detail oriented with an ability to work accurately and efficiently even when under pressure.
- Ability to complete set tasks with minimal supervision
- Uses initiative - 'can do' approach.
Desired skills and experience
Previous experience of working for a professional services organisation or within the legal sector
- Familiar with ITIL, Prince 2, Agile
- Previous experience of implementing and working with NIST SP800-128; Guide for security focused configuration management of information systems.
- Certified Information Systems Security professional – CISSP
- Tenable Certified implementation Engineer
- Ivanti Certified Application Control Administrator
- Trend Micro Certified Professional Deep Security