Security Big Data Lead

The Security Big Data Lead will be the University’s recognised authority on big data analysis with a strong focus on the information security domain covering all aspects including collection, normalisation and enrichment, storage and retention, analysis and visualisation. You will have extensive knowledge in information systems security, lead and undertake independent analysis and research in the field, provide strategic guidance to the organisation, and educate stakeholders in technical roles and senior executive level in the field of security big data analysis with the aim of incident detection and prevention.

You bring extensive operational experience in operating heterogeneous system landscapes to the OxCERT security team; take a leadership role in the architecture, development and operation of internal systems; and offer expert consultancy across a wide range of University departments, projects, and initiatives.

You will take a leading role in the information security incident response activities to identify threats and respond with the appropriate actions to investigate and remediate.

A key component of the work will be the ownership of the security big data analytics toolchain. The post holder will be responsible for the infrastructure and systems supporting OxCERT’s security analytics function. You will continuously improve the toolchain and further automate the workflow in collaboration with the Head of Information Security Operations and the OxCERT team. For this purpose, the post holder is expected to bring prior experience in incident response, profound knowledge in managing and configuring an industry standard security information and event management (SIEM) tool preferably based on the Elastic stack, and excellent programming and automation skills.

Essential selection criteria

  • Thorough understanding of the principles of end-to-end information security and practical experience in incident response activities
  • Thorough understanding of the Linux platform (preferably Debian GNU/Linux) and configuration management
  • Thorough understanding of IP based networking (IPv6 and IPv4) and the OSI model
  • Demonstrable experience developing software in at least two higher order programming languages
  • Ability to lead or contribute to the development and delivery of technical and information security designs from requirements through to final architecture within the team and in collaboration with relevant stakeholders
  • Demonstrable experience of playing a leading role in the technical delivery and operation of enterprise-level systems comprising Linux system security as well as network security, together with the skills and knowledge to ensure conformance with agreed levels of availability
  • Proven track record of delivering a security information and event management system (SIEM) as security analytics platform and systems automation
  • Excellent analytical, decision-making and communications skills, with the ability to evaluate, recommend and present complex technical options at senior management level
  • Demonstrable experience of organising a busy and varied workload requiring self-motivation and excellent time management skills
  • Excellent written and oral communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences
  • High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity
  • Be a role model with a high work ethic, strong professionalism, and the ability to quickly become an effective member of a team