What’s the role about?

The John Lewis Partnership’s Cyber Security strategy is bold and ambitious. We provide a collection of security services, delivered through people, processes and technology. Working collaboratively, these services ensure that customers can shop with us efficiently, safely and securely, every single day.

As the Cyber Security Analyst, you will be responsible for the day-to-day response to cyber security incidents - mitigating and defending against malicious cyber activity and adapting to an ever-changing threat landscape. It’s a fantastic opportunity to get hands-on with market leading next-generation cyber security tools, where you’ll be empowered to innovate within a supportive, collaborative and social team environment and agile culture.

If you’re passionate about cyber security, if you thrive and perform in fast-paced, high-demand scenarios, and if you want to make a real difference at the UK’s largest co-owned retailer, then this role is for you.

Please note, internally this role is known as 'Information Security Analyst'.

For more information about our Partnership Information Security team, please watch this short video here.

To view the job outline: 

External candidates - please view via the attachment

Internal candidates - please view the job outline in this folder here using your internal email address only

What will you be doing?

As the Partnership’s Cyber Security Analyst for our Incident Response Service you will be highly technical and a subject matter expert, providing expertise for all types of cyber security incidents and will be investigating complex incidents that have been escalated to you. You will assist with the development of use cases, playbooks, policies and custom tooling to improve our security maturity, recommend improvements or new features where the service is deemed to be lacking and help to define ways of working or process amendments that allow the team to meet the objectives of confidentiality, integrity and availability. 

Please note that as part of this role there will be a requirement to join an on call rota, supporting the business as and when needed outside of normal business hours.

What you'll have:

- Demonstrable experience performing an operational role in a SOC environment or similar, with a focus on cyber security incident detection, response and resolution.

- Proven ability to work under pressure in a fast-paced environment and to succeed in ambiguity.

- Strong attention to detail with an analytical mind and outstanding problem-solving skills, especially in performing tasks such as log analysis.

- Great awareness of cybersecurity trends, internal and external risks and a familiarity with tools such as Kali Linux, Burp Suite and Nmap.

- Excellent verbal and written communication skills with demonstrable experience of communicating with both internal and external stakeholders / service providers, along with the ability to write or present actionable intelligence derived from raw data.
 

What else could you bring?

- Expertise across a number of the following tools: Google Scripts, ServiceNow, JIRA and Splunk. 

- Knowledge of reverse engineering processes, digital forensics, or working with law enforcement.

- Experience in the use of security frameworks such as Mitre ATT&CK / Shield, NIST and the ISF’s Standard of good practice.
- Formal accreditation in Information Security such as a related degree, ISC2 CISSP, Certified Ethical Hacker, CompTIA Security+, CompTIA Pentest+ or similar.

- Experience in creating BAU runbooks, use-case definitions and operating procedures.

The six Assessment Criteria for Resourcing most relevant to this role are:

Planning & Delivering Excellence

Customer & Performance Focus

Agility & Resilience

Empowered Partner

Collaborating & Supporting

Applying Insight & Analytics