Cyber Security Analyst

at  RealVNC Limited

RealVNC® is the remote access platform for engineers looking for the most reliable and the most secure solution built by the creators of VNC® technology. Over the last 25 years, as the inventors of VNC®, we’ve enabled a global workforce to work wherever works and created the remote access market. Our software is used by hundreds of millions of users worldwide including IT professionals from global companies, such as Intel, IBM, NASA, Shell, DreamWorks and Philips.
Our lead product, VNC Connect, allows users to connect securely to a remote device anywhere in the world, see its screen in real-time, and take control as though sitting in front of it. The product has been deployed across a myriad of use cases, from remote support through to deploying the software onto connected devices such as medical ventilators, set-top boxes, heavy industrial machinery and more.
Backed by leading mid-market private equity firm, Livingbridge since 2021, we are investing in our people to support our highly ambitious growth plans. As part of our people strategy to develop our next generation organisation, we are looking to add new team members that are integral to the success of the business, committed to delivering high quality results, collaboration and innovation to help accelerate company growth.

POSITION:

We are seeking a highly skilled and motivated Cyber Security Analyst to join our Cyber Security team. This role is crucial in maintaining the security of our systems, networks, and data. The successful candidate will implement security measures, monitor for vulnerabilities, respond to incidents, and ensure compliance with RealVNC policies and industry standards and regulations.
Key responsibilities include;

Security Monitoring and Incident Response:

• Working SOC to continuously monitor systems for security breaches and anomalies.
• Respond promptly to security incidents, conduct thorough investigations, and document findings.
• Implement and maintain an incident response plan.
• Work with key stakeholders internally and externally as applicable.

Vulnerability Management and Microsoft Defender Portal analysis:

• Continuously monitor, analyse and investigate security alerts and incidents within the Microsoft Defender Portal.
• Evaluate assets within the estate to ensure compliance.
• Perform regular vulnerability assessments and penetration tests.
• Work with IT and development teams to remediate identified vulnerabilities.
• Track and manage the resolution of security issues.

Security Policies and Compliance:

• Work with the Security Team to review and enforce internal security policies and procedures.
• Ensure compliance with relevant laws, regulations, and standards (e.g., GDPR, ISO 27001, NIST).

Security Architecture and Implementation:

• Working with the Security Team, IT Team and CIO on the RealVNC cybersecurity roadmap
• Evaluate and recommend security solutions to enhance internal security posture
• Oversee the deployment and configuration of security tools (e.g., firewalls, antivirus).

Threat Intelligence and Risk Management:

• Utilise third-party threat intelligence to identify emerging threats and vulnerabilities.
• Assess and prioritize risks, providing recommendations for risk mitigation strategies.
• Work with stakeholders to implement security controls and countermeasures to reduce identified risks.

Reporting and Communication:

• Prepare detailed reports and dashboards on security metrics, trends, and incidents using Microsoft Defender.
• Communicate security status, risks, and issues to senior management and relevant stakeholders.
• Provide regular updates on the progress of security initiatives and the overall security posture of the organization.

REQUIREMENTS:

You;

• Have proficiency in scripting languages (Python ideally), Powershell and Bash
• Are familiar with common Operating Systems - Windows, Linux, MacOS, Android and iOS
• Have a good working knowledge of threat landscapes, including common attack vectors and emerging threats
• Have a good understanding of EDR tools (Microsoft Defender) and SIEM Tools (Microsoft Sentinel)
• Are able to identify, analyse and respond to cybersecurity threats and incidents
• Can easily explain complex security concepts to non-technical stakeholders and write clear security reports
• Work well with a wide-range of stakeholders as part of a cross-functional team, including developers, network engineers and compliance officers

We would also like to know about any of the following;

• Experience using the Microsoft Defender Portal
• Experience working with an external SOC
• Knowledge and understanding of Cyber Security frameworks such as NIST Cybersecurity Framework, ISO-27001 and SOC2
• Regulatory compliance - knowledge of GDPR
• Knowledge of encryption methods and best practices for protecting sensitive data
• Previous experience in a security-based role
• Details of any security-based qualifications

Please refer the Job description for details