Cyber Security Specialist

About the University

Welcome to the University of Oxford. We aim to lead the world in research and education for the benefit of society both in the UK and globally. Oxford’s researchers engage with academic, commercial and cultural partners across the world to stimulate high-quality research and enable innovation through a broad range of social, policy and economic impacts.

The Oxford University Information Security Operations, also known as OxCERT, is currently expanding, and looking for a Cyber Security Specialist with experience in Microsoft Technologies and threat hunting.

The individual will need to have operational experience in managing information security incidents, identifying threats, and understanding of actions needed to investigate and remediate those threats.

The University of Oxford operates one of the largest private networks in Europe and the responsibilities of IT Services encompass not only the operation of the core network and core services, but also the security of that network and the hosts connected to it. The OxCERT security team is responsible for identifying security incidents within the University network and taking appropriate remedial action.

The team also provides advice and assistance on all issues relating specifically to IT security and incident response. They are an integral part of the University’s information security function and work closely with information security personnel as part of ongoing University-wide information security initiatives, and in co-ordinating response to major security threats and incidents.

OxCERT operate various systems for network monitoring, incident analysis and response, and related internal services. The team is a strong believer in Free Software and Open Source technologies and actively supports several related project communities. Current projects include the enhancement of the existing Elastic based security information and event management system, the deployment of a new incident response tool, and development of an IT forensics capability. The team has achieved standing and recognition within the international community, and is a full member of FIRST (http://www.first.org/) – the world-wide body of security experts.

Responsibilities:

• Provide services as expert cyber security specialist for Microsoft and related technologies.
• Improve the incident management capability, provide incident response, determine threats and impact levels across the university.
• Perform detailed analysis and undertake an in-depth investigation into potential and confirmed security incidents.
• Develop and refine threat hunting techniques.
• Develop and implement new signature/rules for SIEM
• Collaborate with the wider InfoSec team to enrich threat detection, deploy new tooling, and improve automatic response capability.

Technical Strategy and Planning:

• Provide technical leadership in assigned areas commensurate with expertise, including developing technical strategy and roadmaps for the university
• Contribute to the formation of University IT policy and design systems to ensure their secure and resilient implementation.
• Contribute to security guidance documents based on industry good practice and own research to educate the University’s strategic approach to securing Windows based systems.
• Present work outcomes and represent OxCERT and the University of Oxford in relevant forums.

Engagement:

• Collaborate with the wider information security community to share threat intelligence and analytic techniques.
• Train IT staff in good security practices and develop security analytics dashboards.

Personal Development:

• Maintain in-depth technical knowledge of industry trends and other assigned areas, including developments, patterns, and emerging technologies; take advantage of appropriate development opportunities; and advise the University on changes to the technology landscape.

Other activities:

• Participate in the team’s various activities across the University in promoting security awareness and best practice;
• Assist with short-listing and technical interviews during the recruitment of new staff to the directorate;
• Conduct routine incident response duties where necessary; and
• Undertake such other duties as may be assigned in the light of the individuals knowledge and experience.

Skills and Experience: 

• Thorough understanding of the principles of end-to-end information security and practice.
• Demonstrable experience of programming in Python and PowerShell
• Knowledge, intellectual capacity, reasoning and analytical skills equivalent to those of a graduate;
• Thorough understanding of IP based networking (IPv6 and IPv4) and the OSI model;
• Knowledge of Windows system internals, active directory and group policies.
• Experience of deploying IaaS and Saas solutions on Azure
• Experience in training IT staff on security best practices and developing security analytics dashboards to provide data-driven insights.
• Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical,  non-technical, and VIP audiences; and
• High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity.
• Experience in a similar role (e.g. work experience in security operations)

Desirable Skills: 

• Familiarity with common techniques used by malware and threat actors and MITRE ATT&CK framework
• Understanding of config management system, preferably ansible
• Experience with a SIEM, preferably Elastic or Microsoft Sentinel
• Knowledge of Active directory threats
• Good understanding of Intrusion Detection Systems and Network Metadata (Netflow)
• Understanding of regulation relevant to incident response, network monitoring, investigations, and handling of illegal materials.
• Thorough understanding of the modern authentication, authorisation and audit systems including multi-factor authentication solutions.
• Knowledge of critical web application security issues such as those identified by the Open Web Application Security Project (OWASP top 10);

We will be conducting interviews throughout this period and hold the right to close applications should we find the suitable candidate