Infrastructure Security Specialist

You are a specialist in cyber security focusing on cloud technologies to configure and maintain highly secure, cloud-based solutions for Audit Scotland. Working as part of a neurodiverse team or as necessary working on your own you can deliver on schedule, cyber resilient solutions that improve the quality and effectiveness of Audit Scotland’s role in ensuring public money is well spent to meet the needs of Scotland's people.

Overall purpose of the role

• You understand, articulate, and apply your deep knowledge of modern information security to make a positive difference for Audit Scotland colleagues and the work they deliver.
• You have an excellent understanding of cloud technologies, how they work across applications, their underlying infrastructure and connecting to local network environments.
• You can, at any time, make rapid fact-based decisions and take associated immediate action to swiftly counter a potential threat.
• You can communicate highly detailed technical issues with the digital services team as well as convey these concepts to other parts of the business in a way everyone can understand.
• You can draw upon research, experience, and evidence to proactively and continuously improve our digital workspace providing a safe and optimal environment.
• You take ownership of issues and commit to their resolution – you deliver on time, on budget and to a high quality.
• You enjoy the challenge of balancing multiple complex projects as well as resolving everyday incidents.

What you will be doing

• Migrating existing services to SaaS, IaaS and PaaS (Office365 and Azure)
• Design, configure, deploy and secure new IaaS and PaaS solutions.
• Design and implement secure network configurations and monitoring over a range of devices.
• Working with the Digital Services Team, you will focus on cloud security and incident management as well as improving our resilience.
• You will help with the day to day troubleshooting of colleague issues and help put processes and documentation in place to resolve common issues.
• Progressing our real-time monitoring capabilities, providing awareness of potential intrusions. Focusing on network security and threat reaction.
• Optimising our network, improving network security and will be a key contact for security and other incidents as they arise.
• Providing up to date education on specific security threats to the Digital Services Team. Co-ordinate with the National Cyber Security Centre and Scottish public sector on all security issues.
• Lead in responding to and investigating security incidents, develop local incident handling procedures, and report all incidents to the appropriate incident response authority.
• Research and provision new high-speed secure connections to the cloud.
• Support our Enterprise Mobility and Security to strengthen device security for company devices and BYOD.
• Providing forensic analysis of security incidents and implement remediation.
• Working to maintain and support the best practice we have established while becoming ISO:27001 certified.
• This is a hybrid working role where the successful candidate may choose to work from home. However, the role will require a minimum of two days a week in our Edinburgh office and datacentre for regular database maintenance tasks and, where necessary, to respond to Business Continuity and Cyber Incident Response events.

Knowledge and experience

• Expert understanding of cyber-security for local network and/or cloud environments with experience of working in a medium size company with a userbase of multiple hundreds of users supporting and delivering both on-premises and cloud Cyber resilience solutions services.
• Hands on experience of Azure and Hyper-V, web security and cloud connectivity.
• Strong understanding of networking and network technologies (e.g. firewalls, proxies, IDS/IPS, VPN)
• Experience in configuring, and delivering secure IaaS, SaaS and PaaS cloud solutions.
• Detailed knowledge of infrastructure and application security requirements
• Knowledge of Office 365 & Azure Cloud platform deployment
• Experience with Exchange/SQL/IIS/SharePoint
• Experience of ISO27001 information security management.
• Knowledge of parsing/normalisation of logs, rule engine, log storage, source device, log collection and event monitoring
• Self-motivated and driven, able to spend periods working on your own.

Person specification - specific knowledge and experience

Essential:

• You have a degree in a relevant topic or evidence of significant workplace experience in the relevant technologies is required. [S]

• You have previously supported cyber resilience/cyber security for a medium size organisation, managing both the technical and people-based defences as well as planning and reacting to a cyber incident, analysing the attack improving future protections. [S/I]

• You have significant experience of configuring and deploying cloud applications using best security practices [S/I]

• You have experience of supporting, configuring, and securing networks and client devices and applying the highest security practices [S/I]

• You have experience of supporting business wide projects where cyber security and business continuity are critical components. [S/I]

Desirable:

• You will have significant experience of Office 365 & Azure Cloud platforms [S/I]

• You are highly technical and relish the challenge of technical problems, you enjoy learning new skills and adapting existing skills to find effective solutions. [I]

• You are open and accepting of new ideas, able to listen to difficult feedback from colleagues and clients, however, you are also able to take a firm position explaining why some requests are not and will not be possible. [I]

• Some knowledge of data governance regulations and principals. [S/I]

• Some experience of ISO 27001 accreditation. [S/I]

*S = Shortlisting criteria I = Interview criteria A = Assessment / Exercise

Interested? Next Steps:

• Click the apply button to complete an application form. If you wish, you can also share your CV. We offer a range of benefits, please visit our careers page for more information at http://www.audit-scotland.gov.uk/careers.
• Our application deadline is Sunday 15th September 2024.

Audit Scotland

Our vision is that public money is well spent to meet the needs of Scotland's people.

To achieve this, we support the Auditor General for Scotland and the Accounts Commission to provide clear, independent and objective assurance on how effectively public money is being managed and spent. Our work covers about £57bn of public spending, almost 300 public sector accounts, and the services and projects that affect all people and communities in Scotland.

As well as what we do, how we do it is integral to delivering our vision and critical to our wellbeing and our organisational success. We put our organisational values of equality, independence, innovation, integrity and respect at the heart of everything we do.

We employ around 340 staff in a wide variety of roles, working from our main offices in Edinburgh and Glasgow, and through a network of regional offices across Scotland.

There has never been a more interesting or important time to join us. We offer a rewarding place to work, a supportive and open culture and a wide range of professional development opportunities. Benefits include 42 days of annual leave including public holidays, an attractive local government pension scheme with 19.4% employer contributions, personal development allowances and flexible working hours. We’ve also been named one of the top 25 workplaces in Scotland and the UK’s tenth best accountancy workplace in the 2023 Best Companies awards.

Diversity and Inclusion

We value the unique perspective a diverse workforce brings to what we do. Therefore, we’re keen to increase representation in our workforce and support progression of minority ethnic groups. We are also a proud disability confident employer.

Reasonable Adjustments

Audit Scotland’s recruitment process may include various stages and activities including application forms, online assessments, and interviews, to assess whether you meet the requirements of the role.

As a Disability Confident employer, we are committed to providing inclusive and accessible recruitment where everyone is supported to perform at their best.

When applying for a job with Audit Scotland, you will be asked in the application form if you need an adjustment at any stage of the recruitment process. Please include the reason you require an adjustment and details of what adjustment/s might help.

Some examples of adjustments that have been given to candidates include changing the time, location or format of interviews and providing additional time in any assessments and interviews. This is not an exhaustive list, and we will consider any adjustments that you might need.

As part of our commitment to equality and diversity, our equality network groups would be delighted to offer an insight into Audit Scotland’s culture of inclusivity. If you consider yourself to have a visible or hidden disability and wish to hear more about life at Audit Scotland or wish to speak with someone about the possibility of any adjustments, please contact Careers@audit-scotland.gov.uk or call 0131 625 1500 for further information and a member of the HR team will be in touch.

How we work

We employ around 340 staff in a wide variety of roles. They work flexibly at home and in the office as well as from audit sites across Scotland. This isn’t your typical work from home or work from office type job. We’re flexible about working patterns and we’ve transformed how we deliver high-quality public audit. We support you to work in the ways that achieve the best results for you, your team and the business, including your physical location and how you manage your hours. Put simply, we trust you to do your job, and want you to have the ability to have a rewarding work-life balance and best support your individual circumstances, be that childcare, adult carer responsibilities or managing disabilities.

We welcome applications from across the UK. Some travel to our offices or client sites will be necessary at times, but you don’t need to live in Scotland to work for us.

Other conditions

Audit Scotland is committed to ensuring that:

• We minimise our impact on the environment in accordance with Government policy affecting public sector organisations.
• We uphold the principles of equality, fairness and diversity.
• We all work within a safe environment and adhere to good standards of health and safety.
• All information is protected and managed appropriately.
• We maintain independence and political neutrality.