Information Security Analyst

London, UK /
Kraken Technologies 📈 – Platform /
/ Hybrid
Kraken is the technology behind Octopus Energy. 

As an Information Security Analyst you’ll form part of a small but growing security team with a wide range of active and planned projects across the entire Octopus Energy Group.

You’ll work with all parts of the Group to improve our security posture. This will include observing our security certification controls, ensuring new infrastructure meets appropriate security standards, being hands-on with security tooling, and generally working with the security team to offer guidance, define strategy and provide oversight on all InfoSec matters.

This is a varied role and would suite someone with an interest in multiple areas and doesn’t mind context switching. There will be plenty of opportunity to leverage your experience and expertise, and also learn new things.

Ideally, you’ll have worked in a similar role for at least 2 years and you’ll need to be based somewhere in Europe that Octopus Energy operate in, currently: UK, Germany, Spain or Italy.

What you'll do

    • Obtaining and Maintaining certifications (e.g. ISO 27001, SOC 1 and 2)
    • Growing and developing our security monitoring
    • Responding to security alerts from various sources
    • Performing security risk assessments
    • Promoting a positive security culture
    • Supporting the implementation of security processes and requirements
    • Providing security advice and guidance to the wider technical team
    • Analysing security reports from internal tools and external security providers, recommending and prioritising any remedial actions
    • Liaising with stakeholders in relation to security issues and provide future recommendations
    • Configuring security specific services and tools (e.g. AWS security services, endpoint protection products, email security services)

What you'll need

    • Good experience in at least some of the areas mentioned above (we’re not expecting any candidate to be an expert in all areas)
    • Good information security and technology background
    • Previous experience working in certified organisations where you’ve performed security risk assessments
    • Experience analysing data from security logs
    • Experience using or knowledge of AWS services

What will help

    • Security certifications (any of the famous abbreviations) 
    • Certifications from cloud providers’ certification paths
    • Security qualifications (e.g. apprenticeships or degrees)
    • Experience with preparing high quality documentation
    • Experience using logging tools (whether this was a SIEM system or not) to generate alerts and reports
    • Knowledge of the MITRE ATT&CK framework

What you'll love about us

    • Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it's something we always cover as we genuinely want to match your experience with the correct salary. The reason why we don't advertise is because we honestly have a degree of flexibility and would never want salary to be a reason why someone doesn't apply to Octopus - what's more important to us is finding the right octofit!
    • Octopus Energy is a unique culture. An organisation where people learn, decide, and build quicker. Where people work with autonomy, alongside a wide range of amazing co-owners, on projects that break new ground. We want your hard work to be rewarded with perks you actually care about! We won best company to work for in 2022, on Glassdoor we we're voted 50 best places to work in 2022 and our Group CEO, Greg has recorded a podcast about our culture and how we empower our people 
    • Visit our perks hub - Octopus Employee Benefits
Note: this is not a SOC analyst role. It will be a mix of GRC, hands-on with security tooling and information security strategy. It will suite someone with an interest in multiple areas and doesn't mind context switching.

If this sounds like you then we'd love to hear from you.

Studies have shown that some groups of people, like women, are less likely to apply to a role unless they meet 100% of the job requirements. Whoever you are, if you like one of our jobs, we encourage you to apply as you might just be the candidate we hire. Across Octopus, we're looking for genuinely decent people who are honest and empathetic. Our people are our strongest asset and the unique skills and perspectives people bring to the team are the driving force of our success. As an equal opportunity employer, we do not discriminate on the basis of any protected attribute. Our commitment is to provide equal opportunities, an inclusive work environment, and fairness for everyone.