Aston Martin is built upon the passion, skill and creativity of the people who dedicate their working lives to the most iconic brand in the world. Every intricate stitch beautifully expressed line, and the stirring noise of our engines is a manifestation of the desire and collective spirit to create the most beautiful cars: the soul of Aston Martin made real.
The IT Security Operations Engineer has overall responsibility to safeguard the network infrastructure, information assets of the business and any privileged or proprietary information that the business possesses
● You will plan and carry out security measures to protect Aston Martin’s networks and systems, and to make sure the appropriate controls are in place to protect business information and data from unauthorised access, deliberate attack, theft and corruption.
● You will carry out audits, and work closely with key stakeholders from the business and IT teams to assess risks, to investigate security breaches, and to plan for disaster recovery in the event of security breaches.
● You will play a role in assisting managers to raise awareness of approved policies, procedures and standards and in providing employees with guidance on how to safeguard information and Aston Martin’s IT infrastructure
Key Duties & Responsibilities:
This is a wide mandate that begins with responsibility for servers, storage, backup, networks and extends to security architecture.
• Operate monitoring systems to pro-actively monitor the server, storage, backup and network related environment and relevant IT security controls
• React to Infrastructure and IT security issues as they occur to minimise disruption to end user services
• Implement and maintain the enterprise infrastructure strategy
• Implement and maintain the enterprise security strategy
• Implement technology to meet the cyber resilience and information security policies, standards, baselines, guidelines and procedures
• Lead development of the IT Disaster Recovery Plan and support the Business Continuity Plan
• Ensure the promotion of cyber resilience and information security policy and ensure that the organization meets all mandated security and compliance requirements
• Coordinate work with all suppliers, contractors and consultants to maintain and enhance information security and cyber resilience.
• Manage and be responsible for Aston Martin’s Firewall, IDS, SIEM, IPS and AV estate
Qualification & Experience:
Information security is a knowledge-intensive activity. You will need to stay abreast of trends and developments, and be able to share information in this fast-changing security field. You’ll also need strong communication and analysis skills.
You will need skills and abilities in the following areas:
Information Security Management
• Implement information Security policy
• Perform security audits
• Record and escalate non compliance
• Investigate minor security incidents and instigate remedial measures to address security breaches.
• Systematically scan the environment to identify and define vulnerabilities and threats.
Staff Awareness and Development
• Provide briefing/training sessions to individuals and groups
• Use specialist knowledge to advise, coach and guide individuals
• Apply analytical methods to identify trends, risks and opportunities
• Report information using a variety of presentational techniques to convey key metrics and findings and make them meaningful to the target audience.
Communication and Knowledge Sharing
• Actively listen to others to understand their point of view
• Confidently present messages in a clear and precise manner
• Structure written and oral communication to ensure clarity.
Leadership and Team Work
• Share information with team members to help them be effective
• Support colleagues to help them achieve goals
• Foster team spirit and promote team goals
• Take the lead in areas of specialism and personal strength.
Cyber Resilience Strategy – have the skills and abilities to:
• Implement the organization’s cyber resilience strategy
• Define high-level goals and critical success factors for cyber resilience
• Balance cost of prevention against security risk for the organization
• Seek agreement to strategy with organization stakeholders.
Technology Trend Monitoring – have the skills and abilities to:
• Investigate latest Network and InfoSec technological developments to establish understanding of evolving technologies
• Devise innovative solutions for integration of new technology into existing products, applications or services or for the creation of new solutions
• Provide expert guidance and advice to the leadership team to support strategic decision-making.
Continuity Management – have the skills and abilities to:
• Define disaster scenarios and assesses impact on business processes
• Work with specialists and business owners to identify and priorities critical business processes for recovery
• Coordinate assessment of risk to the IT services that support critical business processes, to identify the threats and vulnerabilities for each service, and develop counter-measures
• Evaluate the options for recovery
• Produce the contingency plan, and documents procedures
• Coordinate regular testing of the plan, analyses the results and implements improvements
• Ensure compliance with relevant government regulations.
Information Risk Management – have the skills and abilities to:
• Tailor corporate risk assessment processes to meet specific business requirements
• Develop risk acceptance criteria that identify acceptable level of risk
• Maintain consistency in information risk management across an organisation
• Prioritise the allocation of information risk management resources across an organisation
• Apply knowledge of industry standard frameworks (e.g. RESILIA, NISM27005) to improve information risk management frameworks.
Architecture Design – have the skills and abilities to:
• Provide expertise to help solve complex technical problems and ensure best architecture solutions are selected and implemented
• Collaborate with system developers and users to select and implement technology compliant with business need
• Ensure all definition and architecture activities (system lifecycle support plans, concept of operations, operational procedures, and maintenance training materials, etc.) are properly documented and updated as necessary
• Maintain alignment between business evolution and technology developments.
• Manage Aston Martin’s Palo Alto Firewall estate
• Ensure Policies are applied correctly
• Ensure Policies are appropriate and fit for purpose
• Upgrade firewall code following vendors best practise
• Work within the Change Management process to enable any work on the firewalls