Senior Security Operations Analyst
  • United Kingdom Oxford
  • Oxbotica
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

Who are we?

Based in Oxford and with offices in Canada and the US, Oxbotica is an international startup founded in 2014 and scaling up rapidly (300+ Oxbots and growing).

As the global leader in our industry, we’re fuelled by a bold purpose: to make the Earth move better. From passenger shuttles to industrial vehicles, our operating system for Universal Autonomy™ is transforming the way people and goods are transported by enabling any vehicle, in any environment, to operate autonomously — safely, securely and efficiently.

Our technology is capturing investors’ imagination. To date we’ve raised $140 million in our Series C investment round. Accommodating growing demand from new and current shareholders, this funding is driving our expansion in North America and EMEA, and accelerating the deployment of our technology in domains where there is both urgent need and potential to scale.

Your Team

You will join our Security team, where we secure our product, protect our business from threats and enable adoption of autonomy technology through security assurance.

Your Role

As our Senior Security Operations Analyst, you will be responsible for measuring, driving and communicating our security posture and driving organisation wide continuous security improvement initiatives.

Key to this role is engaging our engineering and operations teams to build security practices by design and default. Through pragmatic guidance, thought leadership and data driven initiatives you will drive continuous security improvement to support the confident adoption of our autonomy products. You will:

Develop a best practice security framework that supports our engineering teams with guidance and practical steps to delivery security by design and default
Support and enable engineering teams with processes to enable them to develop threat models, vulnerability assessment, countermeasures and security requirements
Distil security frameworks such as CIS Top18 and NIST CSF into actionable insight for our technology teams
Operate and develop our cyber security management system using data driven evidence to demonstrate product security posture to clients and stakeholders
Develop processes and metrics that allow our teams to quickly identify and respond to security vulnerabilities and events through SIEM/SOAR
Benchmark our security maturity across technology teams to identify opportunities and measure our security capability

Requirements

What you need to succeed:

A broad understanding of information and cyber security risks and technologies
An appreciation of cloud security such as Google Cloud, AWS or Azure including cloud networking and DevSecOps processes
Knowledge of key security systems including IDS/IDR, data loss protection and log management
An understanding of infrastructure security threats
Experience of leading security continuous improvement projects in a technology focus organisation using data driven risk management
Experience of security standards such as ISO 27001, CIS and NIST

Extra kudos:

Experience of engaging and and gaining buy-in across diverse agile teams
Security related certifications such as CySA+
Managed client security requirements
Automotive security knowledge such as UN R155/156 or ISO 21434
Proven agility in fast-changing environments. As a scale-up, we’re constantly evolving so our people need to evolve too for us to succeed together.
A customer-centric outlook. Chances are you won’t be directly customer facing, but we value people who anticipate and prioritise the needs of our customers. We call it ‘inventing on their behalf.’

The Candidate Journey: Multi-Step and Two-Way

No-one wants to feel like a square peg in a round hole, so this process is designed to give you every chance to get the measure of us, and us of you. The various stages give you every opportunity to show your unique strengths and qualities, and enables each of us to establish if we’re a good fit for the other. If the fit is good and you’re selected, you’re then in a position to do great work and thrive, which is what everyone wants.

Benefits

We provide:

Competitive salary, benchmarked against the market and reviewed annually
Company share programme
Hybrid and/or flexible work arrangements
An outstanding £3,000 flexible benefits including private medical insurance, critical illness coverage, life assurance, EAP, group income protection
Funded relocation support
Fully funded Visa sponsorship if required
A salary exchange pension plan
25 days’ annual leave plus bank holidays
A pet-friendly office environment
Safe assigned spaces for team members with individual and diverse needs

Our Culture

We believe that diversity of thought and experience is a key driver of innovation. It also makes life, and work, more interesting. So ours is a culture that celebrates humanity in all its diversity and richness, and uses difference as fuel to grow and succeed together. Everyone is welcome, everyone has a voice, everyone is valued. And our work and people are all the better for it.

Learn more about our culture here.

Why become an Oxbot?

Our team of experts in computer science, AI, robotics and machine learning is world-class, and together they’re solving the most exciting and important technological challenges of our times.

But as well as smarts, Oxbots have heart. Our diverse, multi-cultural crew is guided by a shared vision to bring the myriad benefits of autonomy to our customers and partners. And in a company that celebrates uniqueness as much as skill and experience, they do it with energy, conviction and a healthy dose of excitement, too.

If you are bold, creative and hyper skilled, come and create the future of autonomy with us at Oxbotica.


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0046   Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions.
  • K0065   Knowledge of policy-based and risk adaptive access controls.
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0297   Knowledge of countermeasure design for identified security risks.
  • K0324   Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications.
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Required Skills
  • S0025   Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0128  Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies.