Person Specification
Job Title: |
Cybersecurity Analyst |
School/Service: |
Digital Services |
The qualifications, experience, knowledge, skills and behaviours outlined above provide a summary of what is required to carry out this job effectively. They also form the selection criteria on which a decision to appointment will be made. Please ensure that you provide evidence of how you meet the criteria in your application.
| No | Selection Criteria Description | Essential [E] or Desirable [D] |
Assessed by * |
| Criteria | |||
| 1 | Qualifications: A Degree in a cybersecurity or computing based subjects or equivalent experience. | E | A |
| 2 | Cybersecurity Operation: Experience of obtaining/maintaining cybersecurity certifications such as ISO27001, Cyber Essentials or PCI. Experience in gathering operational evidence on the performance of cyber security using vulnerability assessment tools, assessments of the effectiveness of firewalls, knowledge of penetration testing tools and toolkits, using log analysis tools, monitoring use of privileges accounts, using SIEM tools. Experience in investigation, analysis and review following breaches of security controls, and managing cybersecurity incidents using an ITIL methodology. | E | A/I |
| 3 | Cybersecurity Awareness: A broad understanding of the current cybersecurity threat landscape, existing and emerging technologies. Awareness of security frameworks / best practices such as, MITRE ATT&CK, D3FEND, OWASP and the requirements of GDPR (General Data Protection Regulation) and PCI DSS | E | A/I |
| 4 | Cybersecurity Response: Experience in investigation, analysis and review following breaches of security controls. Managing cybersecurity incidents using a methodology such as ITIL. | E | A/I |
| 5 | Risk Management: An understanding of the methods and techniques for the assessment and management of business risk. Identifying threats to the confidentiality, integrity, availability, accountability and relevant compliance of information systems. Undertaking risk and vulnerability assessments of business applications and computer installations in the light of these threats and recommends appropriate action to management. | E | A/I |
| 6 | Analytical Thinking: Understanding a problem or situation by breaking it down systematically into its component parts and identifying the relationships between these parts, selecting the appropriate method/tool to resolve the problem, and reflecting critically on the result. | E | A/I |
| 7 | Infrastructure Architecture: An understanding the principles of physical, virtual and cloud architectures (IaaS, SaaS, PaaS) for systems and networks. | E | I |
| 8 | Networking and Communications: An understanding of networking and communications related concepts such as topological design, load balancing, firewalls, TCP/IP networking, TLS, DNS, DHCP. Including knowledge of the methods and techniques for the capture of traffic information (at the packet level) and the forensic analysis of this information | D | I |
| 9 | Access Control Systems: Knowledge and capability in the use of the tools and/or systems that provide access security control, monitoring and logging, and the prevention of unauthorised access to systems. e.g. Active Directory, Network Access Control, Multi-factor authentication, SIEM, syslog, Windows Event logs | D | A/I |
| 10 | Customer Focus: Self-motivated, well organised and positive approach to work with the ability to manage and prioritise a complex workload and experience of dealing with challenging and demanding customers; whilst understanding the needs of the internal or external customer needs/requirements and regularly checking with the customer when taking actions or making decisions. | E | I |
| 11 | Interpersonal, written and verbal communication skills: Effective negotiation and influencing skills with demonstrable strong facilitation skills, excellent interpersonal, written and verbal communication skills with the ability to translate often complex information into easy-to-understand messages for a range of audiences at different organisational levels and with 3rd parties. | E | A/I |
| 12 | Teamwork: Effective and committed team player that is able to work successfully with others and to build positive working relationships. | E | I |
| 13 | CISSP – Certified Information Systems Security Professional BCS - Data Protection (Practitioner) BCS - Certificate in Information Security Management Principles (Foundation) CESG - Certified Professional BCS - Chartered IT Professional (CITP) Or equivalent qualification or experience |
D | A |
| 14 | An understanding of the University’s strategy and values, with the ability to demonstrate behaviours that align to the values. | E | I |
* A - Application Form I - Interview