Our client within the banking sector is looking for a Specialist Solution Analyst.

As a result you will provide security analysis and design input as a member of the Security Engineering team with a focus on establishing the security enablers required by the product engineering community as well as tactical support for teams when needed. The Security Engineering team needs a security analyst, much like an LSC, who can provide specialized input into the efforts of the team as we establish the enablers we need to improve our cyber security posture.

Requirements

Participate in threat modelling exercises with product engineering teams.

Document threat mitigation patterns that are feasible within the current environment.

Design of new mitigation patterns where gaps are identified.

Identity security misconfigurations in IT infrastructure e.g. databases, queues, web servers

Establish secure default configurations for IT infrastructure.

Select security training material for the Security Champions and product engineering teams.

Participate in security training, such as Capture The Flag exercises and walkthroughs

Development of security code review guidelines.

Development of appropriate access governance controls within the development environment to promote uphold the principles of least privilege and segregation of duties.

Input into the evolution of clients security standards.

Client/Customer:

Provide support and contribute to a culture of customer service excellence that meets and exceeds exceptional service.

Build relationship with customers that contribute to a culture of customer service excellence.

Conduct: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards

Finance: Contribute to the effective reduction of cost and financial wastage in line with organisational policies and procedures.

Learning and Growth: Participate in forums that positively contributes to knowledge improvement.

Provide advice and support in the management of change and offer operational support where required

Qualifications

IT related degree / certificate or equivalent experience

Relevant qualification e.g. CISSP/OSCP/CEH/Security+

Min 5 years relevant experience

Solid experience in information security

Familiarity with application and network security concepts

Broad understanding of hosting and cloud environments

Understanding of development frameworks

Broad understanding of SIEM & Defensive Technologies

Strong Unix, Windows and networking security skills

Experience developing custom scripts or tools used for vulnerability scanning and identification

Excellent communication skills

System hardening to eliminate vulnerabilities and reduce attack surface area

Threat modeling with development teams

Security testing using offensive security testing / ethical hacking techniques

Programming / software development

Desired Skills:

CISSP

SIEM

Desired Work Experience:

5 to 10 years

