Information Security Analyst

Information Security Analyst – GSF Car Parts

Join to apply for the Information Security Analyst role at GSF Car Parts
.

To support and enhance GSF’s cyber security operations through proactive monitoring, threat analysis, and control improvement. The Information Security Analyst is a technically capable and detail‑driven individual who ensures that controls, monitoring, and response mechanisms are both effective and continuously improved. This role requires precision, integrity, and the drive to do what is right, not what is easy.

• Operational Security Monitoring – Monitor daily cyber security operations, including KnowBe4/Phish
  
  ER, XDR incidents, Forti Analyser, and associated support tickets; maintain effective tracking and monitoring formats, ensuring all activity and incidents are accurately logged in the ticketing system; assist with the operation and analysis of alerts from SIEM, XDR, and related detection platforms; support security monitoring of firewalls, web filtering, and IPS/IDS controls; conduct vulnerability scanning using tools such as Tenable or Manage Engine, escalating or resolving findings as appropriate;
  
  ensure the GSF estate remains patched against vulnerabilities and aligned with best practice standards and accreditation; maintain and improve log ingestion pipelines, including syslog, custom parsers, and API integrations to enhance visibility and automation.
• Incident Response & Risk Management – Support the management of security incidents in coordination with relevant stakeholders; assist with the development of automation playbooks and webhooks to improve response efficiency and consistency; help document and implement mitigation measures, contributing to post‑incident reviews and lessons learned; participate in penetration test preparation, remediation tracking, and validation activities.
• Microsoft 365 Security & Cloud Platforms – Support administration and policy management within Microsoft 365, including Purview, Entra, and Intune; contribute to Active Directory security reviews, access control improvements, and privileged account auditing.
• Governance, Compliance & Audit – Assist with compliance activities, internal audits, and participation in third‑party or client security assessments; support vendor due diligence and maintain supplier risk documentation; maintain awareness of and alignment with frameworks including Cyber Essentials+, ISO 27001, and related standards; ensure documentation, evidence, and audit trails are maintained to demonstrate control effectiveness and compliance; contribute to the secure design and review of systems and applications by applying Secure Development Lifecycle principles throughout change and deployment processes.
• Awareness & Training – Support education through phishing simulations and awareness campaigns; contribute to the development and delivery of clear, engaging security materials for both technical and non‑technical audiences; promote positive cyber behaviours and act as an ambassador for information security across the business.
• Technical Development & Automation – Apply Power Shell or Python scripting to improve automation, reporting, and response processes; support Privileged Access Management (PAM) and Identity Access Management (IAM) activities; develop hands‑on experience in endpoint detection and response (EDR/XDR) platform tuning and maintenance.

• Proven understanding of security best practices and implementation across enterprise environments.
• Hands‑on experience with SIEM, XDR, and log ingestion (syslog, APIs, parsers); mail gateways and phishing protection (KnowBe4, Phish
  
  ER, Mimecast); privileged remote access and VPN solutions; firewall and web filtering solutions, with an understanding of networking and infrastructure.
• Vulnerability management tools (Tenable, Manage Engine);
  Microsoft 365 stack, as well as Active Directory and Group Policy; penetration test engagement and remediation processes.
• Awareness of Cyber Essentials+, ISO 27001, GDPR, and data protection requirements.

• Precise and articulate communicator with strong documentation standards.
• Analyt…