Senior Cyber Security Specialist
Watford, England, United Kingdom
Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.
About us:
We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy. We have been officially awarded the Fourth Licence (10 year licence) to operate the National Lottery starting February 2024.
We’ve developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better. Our aim is to create one of the UK’s most inclusive organisations – where people can bring the best of themselves, to do their best work, every day, for the benefit of good causes.
Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace. All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications. Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.
While the main contribution of the National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime, large-scale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to good causes.
Purpose of Role:
The role is a key analyst to operate the review of security tools to enable the timely detection of potential incidents and work with the technical teams who remediate the threats and vulnerabilities detected. They will ensure review and analyse the reports from the security tools, and follow up findings with systems owners and assign remediation targets. They will also be responsible for:
- Responding to escalations and queries from the first & second line security operations teams
- Threat hunting
- Helping respond to security incidents
- Advanced troubleshooting and investigations
- Continuous improvement of SOC technology and processes
Team Description:
The Allwyn information security team’s vision is to be the leading information security function in the industry and we’ve won industry awards for our work. The purpose of the team is to protect the integrity of the National Lottery and to do so we work in a heavily regulated environment and have to secure one of the most visited websites in the UK, a very large retail channel and numerous back office systems spread across both on premise datacenters and AWS.
We are a predominately in house team, with a strong focus on learning and development. The team is split into a Security Operations Centre (SOC), Security Architecture function and Governance Risk and Compliance (GRC) team. The 24/7 SOC is split between Watford and Knowsley and works hard to detect and respond to any external or internal threat. The security architecture function help deliver change in a secure way, focusing on designing out risk. The GRC team help manage the security risk in our supply chain, work to enhance the security culture and keep us certified to a range of national and international security standards, some of which we also help develop.
Skills & Experience:
- A wealth of experience in a technically focused security role with ideally at least five working in an analyst or pen-tester role
- Key experiences in handling incidents and threat / vulnerability hunting
- Ability to write complex regular expressions.
- Alternative experience in either a Devops role with ability to write scripts in *nix and / or windows environments at an intermediate – advanced level and ability to code in python (or similar language) to an intermediate level
- Experience of other security technologies including but not limited to file integrity management, hardware security modules and malware detection and response tools
- Undertaking tasks in support of the security architecture function. Primarily conducting technical risk assessments of changes proposed by projects or as part of BAU.
- Confident skills running tools like Nmap, Nessus, Wireshark.
- Also confident reading and analysing netflow / pcaps or at least three years' experience in using a SIEM, experience configuring and tuning alerts and alarms and ingesting new log sources;
- Solid understanding of TCP/IP, Routing and DNS. Good understanding of network security including but not limited to firewalls and IPS. (The firewalls themselves are managed by a separate team).
- Understanding of cryptography theory mandatory with experience of cryptographic key management desirable;
- Experience in engaging with security vendors for fourth line support and planning and implementing upgrades.
- Demonstrable experience of troubleshooting and problem solving under pressure.
- Basic understanding of PCI-DSS and ISO27001
- At least one qualification or certification in information security
- Ability to work on an on-call basis
Highly Desirable:
- hands on experience with Microsoft security tooling
Here is our list of benefits:
- 34 days paid leave (This includes bank holidays)
- 2 x Life Days
- 4 x Salary of Life Insurance
- Pension: We’ll contribute 8.5%
- BUPA
- £500 wellness allowance
- Income Protection
As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.
Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.
All data will be handled in accordance with our data policies and treated with utmost confidentiality.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Compliance Cryptography DevOps DNS Firewalls Governance IPS ISO 27001 Malware Nessus Network security Nmap Python Risk assessment SIEM SOC TCP/IP Vulnerabilities Windows
Perks/benefits: Career development Insurance Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs