Our client within the banking sector is looking for a Specialist Solution Analyst.
As a result you will provide security analysis and design input as a member of the Security Engineering team with a focus on establishing the security enablers required by the product engineering community as well as tactical support for teams when needed. The Security Engineering team needs a security analyst, much like an LSC, who can provide specialized input into the efforts of the team as we establish the enablers we need to improve our cyber security posture.
- Participate in threat modelling exercises with product engineering teams.
- Document threat mitigation patterns that are feasible within the current environment.
- Design of new mitigation patterns where gaps are identified.
- Identity security misconfigurations in IT infrastructure e.g. databases, queues, web servers
- Establish secure default configurations for IT infrastructure.
- Select security training material for the Security Champions and product engineering teams.
- Participate in security training, such as Capture The Flag exercises and walkthroughs
- Development of security code review guidelines.
- Development of appropriate access governance controls within the development environment to promote uphold the principles of least privilege and segregation of duties.
- Input into the evolution of clients security standards.
- Provide support and contribute to a culture of customer service excellence that meets and exceeds exceptional service.
- Build relationship with customers that contribute to a culture of customer service excellence.
- Conduct: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards
- Finance: Contribute to the effective reduction of cost and financial wastage in line with organisational policies and procedures.
- Learning and Growth: Participate in forums that positively contributes to knowledge improvement.
- Provide advice and support in the management of change and offer operational support where required
- IT related degree / certificate or equivalent experience
- Relevant qualification e.g. CISSP/OSCP/CEH/Security+
- Min 5 years relevant experience
- Solid experience in information security
- Familiarity with application and network security concepts
- Broad understanding of hosting and cloud environments
- Understanding of development frameworks
- Broad understanding of SIEM & Defensive Technologies
- Strong Unix, Windows and networking security skills
- Experience developing custom scripts or tools used for vulnerability scanning and identification
- Excellent communication skills
- System hardening to eliminate vulnerabilities and reduce attack surface area
- Threat modeling with development teams
- Security testing using offensive security testing / ethical hacking techniques
- Programming / software development
Desired Work Experience:
- 5 to 10 years