Job Description

Senior Security Analyst

What you’ll do:

Supporting the security team to ensure that appropriate technologies and processes are in place to defend CIG infrastructure from cyber threats

Key duties include:

• Security review of external facing web apps and systems

• Security review of internal web apps and systems

• Security review of 3rd party applications where sensitive data is to be stored

• Regular review of the CIG security estate

• Document security testing, gaps and enhancements

• Provide support and necessary advice on secure development practices to defend against all currently exploited threats

• Code reviews of developments prior to release to production

• Provide advice and support on network level changes that could have an impact on security (Firewall, file permissions, changes to web servers etc.)

• Support 3rd party security testing and verify the implementation of suggested remediation’s

• Promote and support security awareness and responsibilities throughout the business

• Provide advice on secure configuration of web, application servers, internet facing systems and desktop protections

• Monitor and prioritise the remediation of security alerts/notifications (CVEs)

• Recommend, support and oversee, introduction of current security technologies and obsoleting of insecure technologies

• Provide security training presentations to staff in order to maximise the level of the human cyber defence

• Develop and support the team in implementing security policies, protocols and procedures 

• Attend meetings with other managers to determine operational needs

• Review and create reports on incidents and breaches

What you’ll need to succeed:

• Demonstrable experience in a cyber security role

• Experience in a development role or Infrastructure Role

• An understanding of the OWASP Top 10 and Mitre Top 25

• Some experience with security testing tools including HTTP intercept proxies

• A track record of identifying security issues and providing remediation advice

• Strong interpersonal and communication skills

• Some ability to understand how a business functions and to balance security needs with organisational goals

• Understanding of Cyber Essentials, NIST and ISO accreditations

• Problem-solving and analytical ability

• A collaborative work style

• Commitment to continuous development and continuing education, to stay on top of IT and cybersecurity trends