Senior Security Analyst
Role details
Job location
Tech stack
Job description
-
Optimise vulnerability scanning profiles, dashboards, and reports to ensure comprehensive coverage and actionable insights, while analysing data to prioritise risks and provide clear remediation guidance.
-
Contribute to the continuous improvement of vulnerability management processes, policies, and procedures, including supporting incident response activities and aligning with industry best practices.
-
Identify potential security risks and document clear, actionable remediation options or mitigating controls aligned with industry best practices.
-
Contribute to other cybersecurity initiatives, utilizing our standards and procedures while adhering to industry best practices.
-
Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures.
-
Ensure that security controls in both new and existing computer systems comply with established security policies and guidelines.
-
Assist in incorporating regulatory compliance requirements, such as SOX and GLBA, into the organization's security roadmap.
-
Conduct thorough security incident investigations, including maintaining chain of custody, implementing containment measures, performing root cause analysis, and identifying preventive strategies.
-
Supporting incident response with vulnerability intelligence during security events.
-
Participate in the Information Security on-call rotation
Requirements
-
3+ years in an Information Security role with proven experience in Vulnerability Management
-
Proven hands-on experience with vulnerability management platforms and in a vulnerability management role
-
Experience in information security incident response
-
Knowledge of vulnerability management (remediation and configuration) and other security scanner tools.
-
Strong understanding of vulnerability assessment methodologies and risk scoring
-
Strong collaboration skills working with application and infrastructure teams within a security context
-
In-depth working knowledge of security best practices and frameworks (e.g., MITRE ATT&CK, OWASP Top 10, NIST)
-
Excellent verbal and written communication skills
-
Ability to manage multiple projects and tasks.
-
Analytical ability to capture and summarise information, find solutions to various tactical and strategic problems and prioritise work
-
Exposure to public cloud infrastructure (SaaS, IaaS, and PaaS)
-
Familiarity with patch management processes and tools
Nice to have skills
-
5+ years of experience within Incident Response and Vulnerability Management
-
Knowledge of Tenable.sc and/or Tenable.io
-
Knowledge of cloud security vulnerabilities and associated scanning techniques
-
Experience with scripting or automation to enhance vulnerability management processes (e.g. Python) and to drive efficiency and innovation
-
Relevant Information Security certifications (e.g. CompTIA Security+, CySA+, CEH, SANS, Cloud Certifications).
Benefits & conditions
-
Hybrid working and reasonable accommodations
-
Generous Holiday policies
-
Excellent Health and Wellbeing benefits including corporate membership to ClassPass
-
Paid volunteer time to step away from your desk and into the community
-
Support to grow through professional development courses, tuition/qualification reimbursement and more
-
All-inclusive approach to Diversity, Equity and Inclusion
-
Maternal/paternal leave benefits and family services
-
Complimentary subscription to Headspace - the mindfulness app
-
All employee events including networking opportunities and social activities
-
Lunch allowance for use within our subsidized onsite canteen
