Cyber Security Analyst

About Us

Having started in 2006 with just three team members, we've evolved into a multi-brand, ecommerce giant with offices worldwide and a passionate team of over 4,000. In the past year alone, we've achieved remarkable milestones including automating our Sheffield distribution centre, launching our US warehouse, and initiating our tech re-platforming.

In Tech, we’re proud to support every function. We’re a digital-first company that is totally cloud native. We embrace change and future-proof the business, delivering critical customer-facing and internal stakeholder-facing systems. Everything from colleague tech to frontend websites and apps, buying and merchandising tooling, and all that’s in-between, we take care of it. Our ideas support and drive the Group’s agenda.

The Role

As a Cyber Security Analyst at boohoo group, you will play a crucial role in safeguarding our systems, infrastructure, and data against potential cyber threats. You will join a leading online fashion retailer and have an opportunity to work in a dynamic and fast-paced environment where your skills and expertise will make a difference.

In this role, your goal is to minimise cyber-attacks and their impact on Boohoo. You will be evaluated based on metrics such as reduced attacks, shorter response times, and compliance. Your efforts lead to a secure Tech environment with minimal disruptions and a strong defence against cyber threats. This ensures the protection of Boohoo's data, assets, and reputation, which ultimately contributes to the success of the company.

Your Team

At Boohoo, our team is committed to safeguarding the integrity, confidentiality, and availability of our systems and data. We take pride in implementing robust security measures to protect against cyber threats, ensuring secure customer transactions and maintaining trust in our brand. With a diverse and pragmatic approach to problem-solving, we align with Boohoo's family and values to achieve success.

Over the last 12 months, our team has made significant progress in reducing email attacks and preventing data breaches. By implementing an AI-based approach to email security and protection, we have achieved outstanding results. We have also centralised security solutions across our 13 brands, which has improved our organisation's security posture.

As we move forward, our team has a clear roadmap for the future, and we are excited to continue making a difference. We welcome anyone who shares our passion for information security and values to join us on this inspiring journey.

Responsibilities

• Respond promptly to security incidents, conduct thorough investigations, and implement corrective measures.
• Responsible for monitoring our technology stack, VMDR, XDR, CSPM, MSFT Security.
• Manage security tools and software, ensuring they are up to date and effectively protecting the organisations assets.
• Conduct regular system and network security assessments to identify vulnerabilities and mitigate them.
• Penetration testing analysis and remediation activities.
• Monitor security access and access control to prevent unauthorised access, data breaches, and cyber-attacks.
• Create technical documentation to assist colleagues in root cause analysis.
• Create and improve incident playbooks and runbooks.
• Stay up to date with the threat landscape.

Requirements

• Proven experience in a cybersecurity role, preferably in a large organization.

• Strong knowledge of cybersecurity principles, best practices, and technologies.
• CompTIA SEC +, CySA, Network+, ISC CC.
• Experience or demonstrable knowledge in log analysis and PCAP analysis.
• A solid understanding in the approach threat actors take to attacking a network, phishing, port scanning, web application attacks, DDoS, lateral movement.
• Demonstrable knowledge in network fundamentals, for example, OSI Stack, TCP/IP, DNS, HTTP(S), SMTP.
• Experience with security monitoring, incident response, and vulnerability management.
• Knowledge of network protocols, architecture, and security controls.
• Understanding of malware analysis, intrusion detection/prevention systems, and endpoint security solutions.
• Ability to analyze and interpret security logs and data.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Ability to work effectively in a fast-paced, dynamic environment.
• Experience with cloud security and DevSecOps practices is a plus.

Benefits

We offer them some amazing benefits:

• 25 days holiday
• Free on-site gym with daily classes (due to current restrictions, live PT sessions)
• Discretionary Bonus Scheme
• Company shares schemes - including a ' Save As You Earn' scheme
• Up to 40% staff discount (including PLT, Boohoo, Boohoo MAN, Nasty Gal, Coast, Warehouse, Misspap)
• Social events (including pay day drinks, Employee Appreciation Day etc.)
• Salary sacrifice pension scheme with employer contribution
• Flexible working hours
• Cycle to work scheme
• Childcare support through the Government
• Health cash plan
• Personal development opportunities to learn and grow at work

#LI-GS1 #LI-ONSITE