University of Staffordshire

Person Specification

Job Title:

Security Analyst

School/Service:

Digital Services

The qualifications, experience, knowledge, skills and behaviours outlined above provide a summary of what is required to carry out this job effectively. They also form the selection criteria on which a decision to appointment will be made. Please ensure that you provide evidence of how you meet the criteria in your application.

No Selection Criteria Description Essential [E] or
Desirable [D]
Assessed
by *
1 CISSP – Certified Information Systems Security Professional
BCS - Data Protection (Practitioner)
BCS - Certificate in Information Security Management Principles (Foundation) CESG - Certified Professional
BCS - Chartered IT Professional (CITP) Or equivalent qualification or experience
D A
2 Security Operation - Experience in gathering operational evidence on the performance of cyber security with in one or more of the following areas: using vulnerability assessment tools, assessing the effectiveness of firewalls, undertaking of penetration testing, using log analysis tools, monitoring use of privileges accounts or using SIEM tools E A/I
3 Security Response - Experience in investigation, analysis and review following breaches of security controls. Managing security incidents using a methodology such as ITIL. D A/I
4 Security Awareness - A broad understanding of the current security threat landscape, existing and emerging technologies E A/I
5 Security Operation - Understanding of requirements for maintaining security certifications such as ISO27001, Cyber Essentials or PCI E A/I
6 Infrastructure Architecture - An understanding the principles of physical, virtual and cloud architectures (IaaS, SaaS, PaaS) for systems and networks. D A/I
7 Networking and Communications - An understanding of networking and communications related concepts such as TCP/IP networking, DNS, DHCP, load balancing, firewalls, application firewalls, IPS/IDS D A/I
8 Access Control Systems - Knowledge of authentication, monitoring and logging systems. Such as Active Directory, Azure Active Directory, Network Access Control, Multi-factor authentication systems, or SIEM tools. D A/I
9 Risk Management - An understanding of the methods and techniques for the assessment and management of business risk. Identifying threats to the confidentiality, integrity, availability, accountability and relevant compliance of information systems D A/I
10 Analytical Thinking: Understanding a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts, selecting the appropriate method/tool to resolve the problem and reflecting critically on the result E A/I
11 Customer Focus: Self-motivated, well organised and positive approach to work with the ability to manage and prioritise a complex workload and experience of dealing with challenging and demanding customers; whilst understanding the needs of the internal or external customer needs/requirements and regularly checking with the customer when taking actions or making decisions E A/I
12 Interpersonal, written and verbal communication skills: Effective negotiation and influencing skills with demonstrable strong facilitation skills, excellent interpersonal, written and verbal communication skills with the ability to translate often complex information into easy to understand messages for a range of audiences E A/I
13 Team Work: Effective and committed team player that is able to work successfully with others and to build positive working relationships E I

* A - Application Form   I - Interview