Security Analyst

Vacancy for Security Analyst / Specialist Solution Analyst - Contractor - hourly

Skill/Experience/Education

Mandatory Skills

• IT related degree / certificate or equivalent experience
• Relevant qualification e.g. CISSP/OSCP/CEH/Security+
• Min 5 years relevant experience
• Solid experience in information security

Technically focused security analyst as an embedded member of the CIB Security Engineering team 

Provide security analysis and design input as a member of the CIB Security Engineering team with a focus on establishing the security enablers required by the CIB product engineering community as well as tactical support for teams when needed.The CIB Security Engineering team needs a security analyst, much like an LSC, who can provide specialized input into the efforts of the team as we establish the enablers we need to improve our cyber security posture

Skills / Areas of Knowledge 

• · Cyber Risk management 
• · Security Architecture 
• · Strong understanding of SDLC Security 
• · Understanding of DevOps and DevSecOps 
• · Threat knowledge 
• · Business Continuity Planning 
• · Data Privacy regulations 
• · Strong written and verbal communication skills 

Security Engineering team job description:  

• · Participate in threat modelling exercises with product engineering teams. 
• · Document threat mitigation patterns that are feasible withing the current environment. 
• · Assist with establishing new mitigation patterns where required or where gaps are identified. 
• · Identity security misconfigurations in IT infrastructure e.g. databases, queues, web servers  
• · Establish secure default configurations for IT infrastructure. 
• · Develop guidance for product engineering teams to implement security controls 
• · Select security training material for the Security Champions and product engineering teams. 
• · Participate in security training, such as Capture The Flag exercises and walkthroughs  
• · Development of security code review guidelines 
• · Development of appropriate access governance controls within the development environment to promote uphold the principles of least privilege and segregation of duties. 

Existing job function description: 

• · Provide specialist advise and support to safeguard information systems and associated assets through the identification and management of security risks.  
• · Identify, diagnose and recommend improvements and provide specialist advice and support to ensure that solutions are appropriate and effective.  
• · Use practical knowledge and theoretical guidelines, to diagnose area of specialisation problems and generate workable solutions.  
• · Perform security audits and clean-ups to ensure accurate and up to date access within the organisation.  
• · Perform, advise and provide information on risk management impacts and mitigate risk in respect of system and application access.  
• · Analyse IT related access report/s to identify discrepancies and anomalies and recommend remedial action.  
• · Provide specialist advice and support in defining standard operating procedures (SOP's). Conduct research and gather data to provide input to operational reporting and decision making processes.  
• · Provide specialist advice to plan for value-added process improvements, initiatives and services to deliver on operational objectives.  
• · Provide expertise to identify and develop solutions to improve quality of processes and services.  

Client/Customer:  

• · Provide support and contribute to a culture of customer service excellence that meets and exceeds exceptional service.  
• · Build relationship with customers that contribute to a culture of customer service excellence. 
• · Conduct: Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards 
• · Finance: Contribute to the effective reduction of cost and financial wastage in line with organisational policies and procedures.  
• · Learning and Growth: Participate in forums that positively contributes to knowledge improvement.  
• · Provide advice and support in the management of change and offer operational support where required 

&n