Our client, a customer communications company, is looking for a Technical Security Analyst to join their team on a permanent basis.
The role offers flexibility and remote working with occasional travel on-site in Tewkesbury.
The successful candidate will offer technical security expertise in the guidance, design, approval, assessment, and delivery of technical security controls for the business across the UK and EU.
- Act as the SME for technical security, offering advice on best technical security practice to stakeholders outside of – and partners inside of – the technology function
- Input into and design of security control strategy, selection, and implementation as needed, including those required by PCI-DSS, ISO27001, or through client contractual obligation
- Technical security audit of controls, such as segmentation testing, firewall rule analysis, and network scanning
- Delivery of internal web application & infrastructure penetration testing
- Knowledge and operational support as required of related technical security services, log monitoring & management, SIEM, SOC, firewall management, incident response, threat hunting, forensics, and intrusion detection/prevention as provided by peer teams within the technology function.
- Technical risk assessment/threat assessment, recording, tracking, and support for the mitigation and closure of technical security risks surfaced through audits, assessments, and reviews
- Documentation to support all of the required processes and procedures, audits, assessments and design outputs
- Review, analysis and approval of all technical security-related changes and participation in the Design Review Board.
Key skills required:
- Broad knowledge and experience of IT technologies across multiple vendors, applications, and infrastructures – including Microsoft and Linux operating systems, virtual technologies, enterprise email and collaboration, web services and applications, networking solutions, hardware, software, and cloud technology
- Experience of security controls and toolsets such as firewalls, web proxies, intrusion detection & prevention, vulnerability assessment, anti-malware, SAST/DAST, network monitoring & audit
- General information security (e.g. Security+, CISSP, SANS GSEC), specialist technical security domains (e.g. SANS GSNA, Certified Ethical Hacker) and vendor-specific certifications (e.g. Rapid7)
- Understanding and experience of application and infrastructure penetration testing techniques
- A successful track record of leading and delivering small projects from initiation, planning, execution, and closure
- Experienced and capable of generating good quality documentation, diagrams, and reports, from high-level Executive Summary to detailed technical analysis
Please note that due to the high volume of responses we receive, only successful applicants will be contacted.