IT Security Analyst

Farrer & Co is synonymous with the highest quality legal advice and service.

We advise individuals, families, businesses, financial services, educational and not-for-profit organisations on every aspect of the law, wherever the need arises. From our offices in London we work with trusted professionals around the world to deliver a seamless international service.

Our clients present us with complex and varied challenges. Whether that's a complicated family trust issue, a multinational corporate transaction, or an emerging threat to their reputation, they need clear thinkers who can advise on the best solutions, fast thinkers when speed is of the essence and agile thinkers who can produce a fresh approach to get the job done. That's why they choose us.

Our clients value our in-depth knowledge, technical excellence and diversity of disciplines. But what really binds our long-standing relationships with them is our approach: pragmatic, plain speaking and always steadfast in our values, which we hold dear. Values which mean we gain our clients' trust, always strive to do the right thing, and aim for the best results for them.

Superb client service sits at the heart of everything we do. We are modern lawyers with timeless values.

As a progressive technology team, Farrers IT have delivered a number of industry firsts. We lead on cloud based systems and mobility, delivering projects and managing systems which allow our staff to work regardless of their location. Technology is key to our business, so proactive and forward thinking IT staff are essential elements in our success.

The IT Security Analyst's role is to manage and maintain the firm's IT security systems and processes. This position is a technically focused role working within the IT Department. The role has responsibility for maintaining our core suite of security tools (including vulnerability scanning, patch management, anti-virus, intrusion detection/prevention) as well as advising on security aspects of all existing and incoming IT systems.

The IT Department's mission is to meet and exceed customer expectations and deliver outstanding service. We contribute to the success of the firm through the provision of timely and consistently high-quality service at every point of customer contact.

Key Responsibilities

• Continual improvement of the firm's IT Security posture through constant awareness of issues and threats, applying the appropriate controls in a timely and effective manner whilst maintaining productivity.
• Complete regular vulnerability scans across the firm’s network, working with colleagues to ensure remediation in line with industry standards and the firm’s SLAs.
• Fulfilling patch management, including the testing and application of security patches and updates to IT systems.
• Ensuring anti-virus compliance and regular management reporting.
• Analysing and reporting on anomalous behaviour.
• Recording and investigating potential security threats and escalating those findings to the IT Security Operations Manager and Information Security Manager as appropriate.
• Collaborate with relevant IT/IS colleagues and third parties to maintain and manage border security, including pathways into and out of our network.
• Advise on and implement server and desktop OS hardening techniques to reduce exposure.
• Contribute to the definition, development and reporting of IT Security policy and process.
• Maintain and refine end point security and data loss prevention methods.
• Work with the IT Projects team to ensure IT security requirements are considered and implemented for any incoming systems or IT services.
• Support the IT Security Operations Manager and Information Security Manager on compliance with strategic security certifications such as Cyber Essentials+, ISO27001, GDPR and specific client requirements.
• Contribution to the refinement and rehearsal of cyber response policies and protocols.
• Continual improvement of the firm's IT Security posture through constant awareness of issues and threats, applying the appropriate controls in a timely and effective manner whilst maintaining productivity.
• Act as a key contact and escalation point for MSSP services.
• Recording and investigating potential or suspected security threats and escalating those findings to the IT Security Operations Manager and/or Information Security Manager.
• Administer existing security tools (such as data loss prevention, email security), leveraging available capabilities alongside the IT Infrastructure and Applications teams.
• Advise and support colleagues around the firm on good IT security practice. Where necessary, work with them to find secure solutions to meet business requirements.
• Work with the IT Projects team to ensure IT security requirements are considered and implemented for any incoming systems or IT services, including testing and sign-off on their compliance.
• Keeping abreast of the latest IT security threats, measures, and controls.

Essential:

• Strong Windows operating system experience including server and desktop OS hardening.
• Cloud based services, in particular Microsoft Azure, Office 365/Exchange Online and cloud-based authentication services (AAD).
• Solid vulnerability scanning and patch management skills.
• Anti-virus and DLP management in an enterprise environment.
• Ability to identify security threats, trends, and anomalies.
• Logical thinker and creative problem solver.
• Excellent written and verbal communication skills.
• Self-motivated, proactive, and able to demonstrate ownership.

Desirable:

Experience in one or more of the following would also be advantageous:

• Formal security-related qualification, such as CEH or CISSP
• Degree or equivalent in cyber security, computer science or similar discipline.
• Management of SIEM/EDR/XDR tools (ideally Sentinel & Defender).
• Firewall management (ideally CheckPoint) including intrusion detection/prevention protocols.

• Our standard working hours are 09.30 to 17.30 but it is essential that the applicant is committed, flexible and prepared to work beyond these when necessary and in response to demand.
• Additional work out of hours/at weekends may be required from time-to-time to support specific work.

We expect the successful applicant to bring the experience, commitment, and passion to further define the job description and embed the principles of good IT Security in the culture of the firm.

Farrer & Co conducts a pre-employment screening which consists of a Criminal History Background and Credit Check for successful candidates.

Farrer & Co is open to flexible working by arrangement although this role is intended as a full-time position.

Open to talking flexibly.