IT Security Analyst

The role

Our vision is to lead the fashion e-commerce market globally, in a way that delivers for our customers, people, suppliers and stakeholders. Our brands operate along the same principles today as when boohoo was founded in 2006: through a test and repeat model that brings the latest trends and fashion inspiration in a matter of weeks to our customers across the world.

We have developed a unique platform, through years of investment in technology and processes, supply chain relationships and with the know-how of a great team of people. This platform enables us to penetrate markets and expand rapidly, operating multiple brands as we progress with our ambition to lead the online fashion market.

With the growth of the business boohoo have invested in developing and enhancing its IT security function, this has given rise for the creation of the role for a security analyst to work within the IT department and dealing with every aspect of security monitoring and testing across all the business areas.

This is a very exciting opportunity to work for a very progressive company alongside a close-knit family of colleagues in a fantastic environment.

We are in the early stages of creating our security operations centre, and work with a world leading managed security services provider (MssP) partner.

Your team

We started out as one brand with only three team members in 2006, today we are now made up of 13 amazing brands and counting, we have offices all over the world and we've grown to a 6,000+ strong team we call our boohoo family - and we don’t plan on stopping yet. We have big ambitions, huge potential and a clear strategy to continually evolve and grow the business. It’s a seriously exciting time to join us and influence the next chapter of our success.

In Tech, we’re proud to support every brand and every function. We’re a digital-first company that is totally cloud-native. We embrace change and future-proof the business, delivering critical customer-facing and internal stakeholder facing systems. Everything from colleague tech to front-end websites and apps, buying and merchandising tooling and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

What you'll be doing

• Day to day monitoring and administration of security controls around tooling solutions and Cloud based systems such as Office 365, AWS, Azure.
• Day to day monitoring of SIEM, Brand Protection, Vulnerability Scanning, Threat Detection, and Intelligence, working in conjunction with partnered MssP
• Monitor the boohoo security services to ensure that patching, security controls and mechanisms are operating effectively – investigate issues and escalate to providers where appropriate.
• Assist in developing, maturing, and managing the existing operational processes for run books to be created or automated where possible
• Assist in delivering security reviews and management metrics to ensure the integrity, confidentiality, and availability.
• Proposes improvements within the scope of the Security Operations that will lead to automation, standardisation, and consolidation for ease of support and maintenance
• Create working relationships with business owners to deliver and enhance the service.
• Takes ownership in obtaining information, evidence and data required to diagnose and resolve complex problems
• Proactively analyses trends and reports to highlight potential problems, maintain and enhance service.
• Flexible member of the security operations team to provide knowledge, assistance, and advice with other members
• Maintains awareness of technical and service developments, taking the initiative to extend own knowledge to learn about products, technologies, and techniques to deliver enhanced service.
• Monitoring of events and alerts from multiple technologies to detect potential malicious activity.
• Responsible for carrying out analysis and triage of Cyber Security events.
• Taking ownership to identify and assess the appropriate outcome and response to an event.
• Clear and concise communication and collaboration when responding to events through to remediation.
• To identify, escalate and debate all risks to the business, by analysing events/metrics and escalation data, identify patterns and trends on high-risk controls and proactively suggest, develop, and implement enhancements to reduce risk.

Working with us

To succeed here, you have to love working at pace. It’s relentless, but we love it. Change is a certainty – you need to adapt and be agile. We want you to challenge the status quo, innovate and be open to trying new things. We’re always pushing boundaries. We empower our people, giving them freedom and autonomy to learn and grow in their roles. We’re passionate, agile, creative and one team.

More about you

• Minimum of 2+ years working in a SOC function

• Strong knowledge of common operation systems (Windows, Linux, etc.) and endpoint security principles.

• Previous experience in Cyber Security, Incident Response, or a related field.

• Prior experience detecting and analysing security events and/or responding to security incidents.

• Demonstrated ability to analysing and correlating information from a variety of enterprise technologies.

• Hands-on experience with common security technologies (IDS, Firewall, SIEM, etc.).

• Strong knowledge of common security analysis tools & techniques.

• Understanding of common security threats, attack vectors, vulnerabilities, and exploits.

• Strong knowledge of common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.).

• Malware Analysis (Analysis of documents/ malicious binaries/ understanding and interpreting results of Sandbox output)

• Contain service attacks i.e. lateral movement privilege escalation and APT

• Network Based Attacks/ Incidents (DDoS/ IDS Alerts)

• Containment (Understanding of containment of security incidents both at the network and host layer)

• Good verbal and written communication skills

• Good analytical and problem-solving skills

• Knowledge using Vulnerability Assessment tools like Nessus, Qualys etc.

• Good understanding of IT security principles

• Creation of use cases and Mitre ATT&CK framework

Desirable Skills

• Digital Forensics (Basic understanding of key concepts)

• Experience of common information security management frameworks and standards, such as ISO27K, ITIL, COBIT, PCI-DSS and National Institute of Standards and Technology (NIST

• Exposure to standards and policies relating to ISO27001/2 controls

• Ability to read and understand architectural design and implement security controls

• Experience with Security design testing in accordance with the OWASP security testing methodology

• Experience with Threat identification and remediation including penetration testing

• Familiarity with relevant legislation including DPA and GDPR.

• Exposure to risk assessments of products and services.

• Exposure to treatment plans for risks and management of risk models.

• Exposure to audits from external sources, i.e. PCI-DSS

• Exposure to cloud technologies layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment

• Working towards or have obtained a GIAC, CEH qualification

Why join us

We’ve set our sights on dominating the global e-commerce fashion market, and because we’re 13 brands (and counting), there are plenty of opportunities to grow your career. Our mission is to create a workplace where everyone is respected, their individual differences are valued, and they can be themselves at work without exception.

• You’ll get the opportunity to take part in our various share schemes

• Core hours enable you to flex your working times around your needs on an ad hoc basis

• Benefits that support your health and wellbeing

• There’s up to 40% discount off our all our brands

• Our social calendar? Next level

• With HQs in Manchester and London and offices across the globe (some are dog friendly!), we offer a buzzing atmosphere and the boohoo family culture wherever you work!

Find out more about us here: https://careers.boohoogroup.com/