SSE has big ambitions to be a leading energy company in a low carbon world. Following our commitment to invest £12.5 billion in low carbon projects over the next 5 years, we have significant growth plans and are well on our way to achieving our ambition to build a world that's more sustainable and inclusive for you, your family, the community you live in and for generations to come.
Join us on our journey to net zero and help us power change.
About the Role
Base Location: Glasgow or Perth
Salary: £37,600- £56,400 + performance-related bonus and a range of benefits to support your finances, wellbeing and family.
Working Pattern: Permanent| Full Time | Flexible First options available
This position is for an OT Security Analyst within the Renewables OT Security team responsible for detecting, analysing and responding to security incidents through to resolution. The successful candidate will also be involved in providing support on baseline security analysis in OT projects, and working closely with the OT Security team across other projects.
- Manage and coordinate operational components of incident management, including detection, response and reporting.
- Review audit trails, system logs and other monitoring data sources periodically and ensure that they are in compliance with policies and audit requirements.
- Participate in investigations and compliance reviews, to include identification, collection, preservation and processing of relevant data.
- Monitor reports and security logs for unusual events.
- Monitor system logs, SIEM tools and network traffic for unusual or suspicious activity. Interpret such activity and make recommendations for resolution.
- Investigate and resolve security violations by providing post-mortem analysis to illuminate the issues and possible solutions.
- Liaising with external stakeholder teams to thoroughly understand the nature of security events.
Baseline Security Analysis
- Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
- Coordinate, measure and report on security management.
- Contribute to a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
- Contribute to security processes and procedures, and support service-level agreements (SLAs) to ensure that security controls are managed and maintained.
- Contribute to a common set of security tools. Define operational parameters for their use, and conduct reviews of tool output.
- Contribute to security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
- Analyse and report baseline security configurations for operating systems, applications, and networking and telecommunications equipment.
- Collaborate with business unit staff, external business partners and key stakeholders for the purpose of planning, directing, controlling and maintaining effective security reporting.
- Maintain the OT Business Continuity capability.
- Contribute to program update communications to internal management regarding the status of the OT disaster recovery program.
- Develop and update network security diagrams.
- Contribute to existing BAU of security tooling and the transition from projects to BAU.
What do I need?
- A Degree in Information Technology, Information Systems, Engineering or equivalent with an exposure to cyber security.
- We would like you to have an entry level qualification such as CCNA, Cyber Essentials, COMPTIA Security+, AWS Cloud Practitioner, or any relevant cyber security certification.
- IT/OT and security work experience, with a broad exposure to infrastructure/network and multiplatform environments. Experience with common information security management frameworks, such as International Standards Organisation (ISO) 17799/27001 and the IT Infrastructure Library (ITIL) and National Institute of Standards and Technology (NIST) frameworks.
- Demonstrable knowledge and experience in information and IT security and its business relevance.
- Energy sector and utility knowledge and experience.
- Knowledge of security issues, techniques and implications across all existing computer platforms.
- Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
About our Business
SSE IT underpins the technology needs of all the different businesses that make up the SSE group. From emerging technologies to data and analytics to cyber security - we power SSE's growth and enable it to generate value, while keeping it secure. As a trusted business partner that helps SSE lead in a low carbon world, we are proud of our service. Working for SSE IT is all about equipping SSE for now and the future.
What's in it for you?
We offer an excellent package with 34 days annual leave entitlement. Enhanced maternity/paternity leave, discounted healthcare, salary sacrifice car leasing and much more, view our full benefits package on our careers site.
As an equal opportunity employer we encourage diversity and are committed to creating an inclusive environment for all employees. We encourage applicants from all protected characteristics and commit to providing any reasonable adjustments you need during the application, assessment and upon joining SSE. Search for 'Inclusion & Diversity at SSE' to find out more.
What happens next?
All applications should be made online, and I'll be back in touch after the vacancy closing date to let you know the outcome.
If you would like to discuss any working flexibly requirements or adjustments you may require throughout the recruitment and selection process, please contact 01738 275846 or
Before commencing your role with SSE, you'll need to complete our pre-employment screening process. This will consist of a criminality and credit check.