Cyber Security Specialist - Windows Specialist
About the University
Welcome to the University of Oxford. We aim to lead the world in research and
education for the benefit of society both in the UK and globally. Oxford's
researchers engage with academic, commercial and cultural partners across the
world to stimulate high-quality research and enable innovation through a broad
range of social, policy and economic impacts.
The Oxford University Information Security Operations, also known as OxCERT,
is currently expanding, and looking for a Cyber Security Specialist with
experience in Microsoft Technologies and threat hunting.
The post holder will need to have operational experience in managing
information security incidents, identifying threats, and understanding of
actions needed to investigate and remediate those threats.
The University of Oxford operates one of the largest private networks in
Europe and the responsibilities of IT Services encompass not only the
operation of the core network and core services, but also the security of that
network and the hosts connected to it. The OxCERT security team is responsible
for identifying security incidents within the University network and taking
appropriate remedial action.
The team also provides advice and assistance on all issues relating
specifically to IT security and incident response. They are an integral part
of the University's information security function and work closely with
information security personnel as part of ongoing University-wide information
security initiatives, and in co-ordinating response to major security threats
OxCERT operate various systems for network monitoring, incident analysis and
response, and related internal services. The team is a strong believer in Free
Software and Open Source technologies and actively supports several related
project communities. Current projects include the enhancement of the existing
Elastic based security information and event management system, the deployment
of a new incident response tool, and development of an IT forensics
capability. The team has achieved standing and recognition within the
international community, and is a full member of FIRST
(https:// www. first.org/) – the world-wide body of security experts.
Provide services as expert cyber security specialist for Microsoft and
Improve the incident management capability, provide incident response,
determine threats and impact levels across the university.
Perform detailed analysis and undertake an in-depth investigation into
potential and confirmed security incidents.
Develop and refine threat hunting techniques.
Develop and implement new signature/rules for SIEM
Collaborate with the wider InfoSec team to enrich threat detection, deploy
new tooling, and improve automatic response capability.
Technical Strategy and Planning:
Provide technical leadership in assigned areas commensurate with
expertise, including developing technical strategy and roadmaps for the
Contribute to the formation of University IT policy and design systems to
ensure their secure and resilient implementation.
Contribute to security guidance documents based on industry good practice
and own research to educate the University's strategic approach to
securing Windows based systems.
Present work outcomes and represent OxCERT and the University of Oxford in
Collaborate with the wider information security community to share threat
intelligence and analytic techniques.
Train IT staff in good security practices and develop security analytics
Maintain in-depth technical knowledge of industry trends and other
assigned areas, including developments, patterns, and emerging
technologies; take advantage of appropriate development opportunities; and
advise the University on changes to the technology landscape.
Participate in the team's various activities across the University in
promoting security awareness and best practice;
Assist with short-listing and technical interviews during the recruitment
of new staff to the directorate;
Conduct routine incident response duties where necessary; and
Undertake such other duties as may be assigned in the light of the post-
holder's knowledge and experience.
Skills and Experience:
Thorough understanding of the principles of end-to-end information
security and practice.
Demonstrable experience of programming in Python and PowerShell
Knowledge, intellectual capacity, reasoning and analytical skills
equivalent to those of a graduate;
Thorough understanding of IP based networking (IPv6 and IPv4) and the
Knowledge of Windows system internals, active directory and group
Experience of deploying IaaS and Saas solutions on Azure
Experience in training IT staff on security best practices and developing
security analytics dashboards to provide data-driven insights.
Excellent written and oral communication skills, interpersonal and
collaborative skills, and the ability to communicate information security
and risk-related concepts to technical, non-technical, and VIP audiences;
High level of personal integrity, as well as the ability to handle
confidential matters, and show an appropriate level of judgment and
Experience in a similar role (e.g. work experience in security
Familiarity with common techniques used by malware and threat actors and
MITRE ATT&CK framework
Understanding of config management system, preferably ansible
Experience with a SIEM, preferably Elastic or Microsoft Sentinel
Knowledge of Active directory threats
Good understanding of Intrusion Detection Systems and Network Metadata
Understanding of regulation relevant to incident response, network
monitoring, investigations, and handling of illegal materials.
Thorough understanding of the modern authentication, authorisation and
audit systems including multi-factor authentication solutions.
Knowledge of critical web application security issues such as those
identified by the Open Web Application Security Project (OWASP top 10);
Contact Person : Chris Marshall Vacancy ID : 169377
Contact Phone : Closing Date & Time : 13-Dec-2023 12:00
Pay Scale : STANDARD GRADE 8 Contact Email :
Salary (£) : 45585 - 54395