Infrastructure Security Specialist

You are a specialist in cyber security focusing on cloud technologies to configure and maintain highly secure, cloud-based solutions for Audit Scotland. Working as part of a neurodiverse team or as necessary working on your own you can deliver on schedule, cyber resilient solutions that improve the quality and effectiveness of Audit Scotland’s role in ensuring public money is well spent to meet the needs of Scotland's people.

Overall purpose of the role

· You understand, articulate, and apply your deep knowledge of modern information security to make a positive difference for Audit Scotland colleagues and the work they deliver.

· You have an excellent understanding of cloud technologies, how they work across applications, their underlying infrastructure and connecting to local network environments.

· You can, at any time, make rapid fact-based decisions and take associated immediate action to swiftly counter a potential threat.

· You can communicate highly detailed technical issues with the digital services team as well as convey these concepts to other parts of the business in a way everyone can understand.

· You can draw upon research, experience, and evidence to proactively and continuously improve our digital workspace providing a safe and optimal environment.

· You take ownership of issues and commit to their resolution – you deliver on time, on budget and to a high quality.

· You enjoy the challenge of balancing multiple complex projects as well as resolving everyday incidents.

What you will be doing

· Migrating existing services to SaaS, IaaS and PaaS (Office365 and Azure)

· Design, configure, deploy and secure new IaaS and PaaS solutions.

· Design and implement secure network configurations and monitoring over a range of devices.

· Working with the Digital Services Team, you will focus on cloud security and incident management as well as improving our resilience.

· You will help with the day to day troubleshooting of colleague issues and help put processes and documentation in place to resolve common issues.

· Progressing our real-time monitoring capabilities, providing awareness of potential intrusions. Focusing on network security and threat reaction.

· Optimising our network, improving network security and will be a key contact for security and other incidents as they arise.

· Providing up to date education on specific security threats to the Digital Services Team. Co-ordinate with the National Cyber Security Centre and Scottish public sector on all security issues.

· Lead in responding to and investigating security incidents, develop local incident handling procedures, and report all incidents to the appropriate incident response authority.

· Research and provision new high-speed secure connections to the cloud.

· Support our Enterprise Mobility and Security to strengthen device security for company devices and BYOD.

· Providing forensic analysis of security incidents and implement remediation.

· Working to maintain and support the best practice we have established while becoming ISO:27001 certified.

· This is a hybrid working role where the successful candidate may choose to work from home. However, the role will require a minimum of two days a week in our Edinburgh office and datacentre for regular database maintenance tasks and, where necessary, to respond to Business Continuity and Cyber Incident Response events.

Knowledge and experience

· Expert understanding of cyber-security for local network and/or cloud environments with experience of working in a medium size company with a userbase of multiple hundreds of users supporting and delivering both on-premises and cloud Cyber resilience solutions services.

· Hands on experience of Azure and Hyper-V, web security and cloud connectivity.

· Strong understanding of networking and network technologies (e.g. firewalls, proxies, IDS/IPS, VPN)

· Experience in configuring, and delivering secure IaaS, SaaS and PaaS cloud solutions.

· Detailed knowledge of infrastructure and application security requirements

· Knowledge of Office 365 & Azure Cloud platform deployment

· Experience with Exchange/SQL/IIS/SharePoint

· Experience of ISO27001 information security management.

· Knowledge of parsing/normalisation of logs, rule engine, log storage, source device, log collection and event monitoring

· Self-motivated and driven, able to spend periods working on your own.

Person specification - specific knowledge and experience

Essential:

· You have a degree in a relevant topic or evidence of significant workplace experience in the relevant technologies is required. [S]

· You have previously supported cyber resilience/cyber security for a medium size organisation, managing both the technical and people-based defences as well as planning and reacting to a cyber incident, analysing the attack improving future protections. [S/I]

· You have significant experience of configuring and deploying cloud applications using best security practices [S/I]

· You have experience of supporting, configuring, and securing networks and client devices and applying the highest security practices [S/I]

· You have experience of supporting business wide projects where cyber security and business continuity are critical components. [S/I]

Desirable:

· You will have significant experience of Office 365 & Azure Cloud platforms [S/I]

· You are highly technical and relish the challenge of technical problems, you enjoy learning new skills and adapting existing skills to find effective solutions. [I]

· You are open and accepting of new ideas, able to listen to difficult feedback from colleagues and clients, however, you are also able to take a firm position explaining why some requests are not and will not be possible. [I]

· Some knowledge of data governance regulations and principals. [S/I]

· Some experience of ISO 27001 accreditation. [S/I]

*S = Shortlisting criteria I = Interview criteria A = Assessment / Exercise

Interested? Next Steps:

· Click the apply button to complete an application form. If you wish, you can also share your CV. We offer a range of benefits, please visit our careers page for more information at http://www.audit-scotland.gov.uk/careers.

· Our application deadline is Sunday 26th January 2025. Interviews are planned for 3rd- 5th February 2025 at our Edinburgh office.

Audit Scotland

Our vision is that public money is well spent to meet the needs of Scotland's people.

To achieve this, we support the Auditor General for Scotland and the Accounts Commission to provide clear, independent and objective assurance on how effectively public money is being managed and spent. Our work covers about £57bn of public spending, almost 300 public sector accounts, and the services and projects that affect all people and communities in Scotland.