Principal Security Analyst (UK REMOTE)

Company Description

UNITED KINGDOM CANDIDATES ONLY (REMOTE)

When you join Turnitin, you'll be welcomed into a company that is a recognized innovator in the global education space. For more than 20 years, Turnitin has partnered with educational institutions to promote honesty, consistency, and fairness across all subject areas and assessment types. Over 16,000 academic institutions, publishers, and corporations use our services: Gradescope by Turnitin, iThenticate, Turnitin Feedback Studio, Turnitin Originality, Turnitin Similarity, ExamSoft, and ProctorExam.

Turnitin has offices in Australia, India, Indonesia, Japan, Korea, Mexico, the Netherlands, the Philippines, Ukraine, the United Kingdom, and the United States. Our diverse community of colleagues are all unified by a shared desire to make a difference in education. Come join us, and let's make change together.

Job Description

We are looking for someone who brings passion, security experience, attention to detail, and the willingness to continuously learn. You will work within the Information Security & Compliance team and report directly to the Information Security Manager where you will have an opportunity to shape the security operations function for the global leader in educational technology. If you are passionate about security and have the desire to work for a mission-based company we would love to hear from you.  

The Principal Security Analyst position is a hands-on role that requires a high level of technical expertise. Responsible for a broad range of tasks including a mix of daily operational tasks as well as strategic planning, engineering, and operational functions. This position requires being well-versed in technical security engineering, operations, and management of information security tools and processes such as Incident Response (IR), Security Information and Event Management (SIEM), Intrusion Detection System (IDS), Cloud Security Configuration, Data Loss Prevention (DLP), Vulnerability Management,  Identity and Access Management (IAM), Privileged Access Management (PAM), Endpoint Security, file integrity monitoring, vulnerability and risk assessment, penetration testing, malware analysis, digital forensics, and encryption. 

As a Principal Security Analyst, you will provide support to protect Turnitin’s digital networks and information, your duties and responsibilities will include:

• Act as an escalation point to investigate sensitive and complex security events and incidents from a wide variety of cybersecurity technologies, including; Endpoint Detection and Response (EDR), Email Protection, and Security Information and Event Management (SIEM)
• Assist with the development and implementation of our security operations strategy, ensuring that it aligns with our business goals and objectives
• Evaluate new security technologies and tools, recommending the adoption of those that align with our security objectives and goals
• Develop and maintain metrics and reports that demonstrate the effectiveness of our security operations and identify areas for improvement
• Proactively identifying and mitigating potential cyber threats to our systems and data
• Use threat intelligence to identify potential attacks and develop strategies to prevent them
• Act as an SME for security requirements and solutions on infrastructure and application projects.
• Provide support in obtaining and maintaining compliance with CIS and NIST standards 
• Support the maintenance of incident response documentation including the Incident Response Plan, Incident Response Playbooks, etc. 
• Work closely with the IT leaders, engineering, and DevOps teams to ensure network and application design decisions comply with organizational policies, and appropriately mitigate security risk.
• Provide information security expertise to influence the interpretation, development, acquisition, or implementation of complex technical solutions, including security products.
• Develop, define, and communicate security requirements for cloud architecture, enterprise software, IT services, and product design.
• Provide expertise on security requirements in system development activities, vulnerability management, policies, standards, and procedures.
• Using your strong security knowledge you will help shape the security strategy for the business.
• Work to define security requirements for baseline system configurations.
• Research and recommend security solutions, products, and security controls.
• Provide mentoring and training to junior security staff members.

Qualifications

• 5-7 years experience in IT and information security, 3 of which must be in information security.
• Strong experience in securing cloud platforms (AWS, GCP, or Azure)
• Expert knowledge of endpoint security best practices (Windows and/or MacOS)
• Strong experience in configuring and using a variety of security tools (IAM solutions, IDS/IPS, Vulnerability Scanners, SIEM, EDR / XDR solutions, Secure Email Gateways, and Log Management Systems) and understanding of best practices relating to their use.
• Strong relationship management experience in influencing and motivating internal functions with minimal direction.
• Proven track record building productive relationships with key business leaders and senior stakeholders in technology and the business.
• Ability to provide a balance of strategic planning and tactical execution.
• Experience assisting/leading security incidents with demonstrable experience across the full lifecycle of an incident
• Experience automating manual processes to improve the efficiency of day-to-day tasks and provide metrics to demonstrate success 
• Retains up-to-date knowledge of security architecture and security risk trends.
• Knowledge of CIS and/or NIST frameworks 
• Understanding of security principles with the ability to communicate security concepts to non-technical and technical audiences with ease. 
• Working knowledge of industry security standards (SOC2, FedRamp / StateRamp, ISO 27001)
• Working knowledge of networking and firewall concepts 

Desirable Experience

• Experience with serverless technologies
• Threat Hunting experience
• Experience programming in languages such as Go, Java, Ruby or Python
• Experience in delivering security awareness training across an organization
• Hands-on experience with deployment tools such as Chef, Puppet, or Ansible.
• Excellent communication, facilitation, writing, and public speaking skills.
• Project management skills and experience.
• Previous experience coordinating penetration tests

Core Experience

• Relevant industry security certifications (Certified Ethical Hacker (CEH), GIAC Certified Detection Analyst (GCDA),  CompTIA Security+, GIAC Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), AWS Certified Security Professional, Certified Cloud Security Professional (CCSP))

Additional Information

Our Mission is to ensure the integrity of global education and meaningfully improve learning outcomes. 

Our Values underpin everything we do.

• Customer Centric - We realize our mission to ensure integrity and improve learning outcomes by  putting educators and learners at the center of everything we do.
• Passion for Learning - We seek out teammates that are constantly learning and growing and build a workplace which enables them to do so.
• Integrity - We believe integrity is the heartbeat of Turnitin. It shapes our products, the way we treat each other, and how we work with our customers and vendors.
• Action & Ownership - We have a bias toward action and empower teammates to make decisions.
• One Team - We strive to break down silos, collaborate effectively, and celebrate each other’s successes.
• Global Mindset - We respect local cultures and embrace diversity. We think globally and act locally to maximize our impact on education.

Seeing Beyond the Job Ad

At Turnitin, we recognize it’s unrealistic for candidates to fulfill 100% of the criteria in a job ad.  We encourage you to apply if you meet the majority of the requirements because we know that skills evolve over time. If you’re willing to learn and evolve alongside us, join our team!  

Turnitin, LLC is committed to the policy that all persons have equal access to its programs, facilities and employment. We strongly encourage applications from people of color, persons with disabilities, women, and the LGBTQ+ community, regardless of age, gender, religion, marital or veterans status.