Cyber Security Analyst

As a Cyber Security Analyst you will play a critical role in maintaining the security and integrity of our applications & environments. Your responsibilities will centre around monitoring, assessing, and remediating vulnerabilities, ensuring policy compliance, and supporting risk management efforts. You will help protect our services by working across teams to assess security risks in new features, automate review tasks, and document procedures to help build a secure, compliant ecosystem. Additionally, you will provide support to the Cyber Security Technical Manager, assisting in a range of security-related and operational tasks as needed.

Role Responsibilities:

• Triage and Prioritisation: Triage identified vulnerabilities, assess their potential impact, and prioritise them based on risk to ensure high-impact issues are addressed promptly.
• First-Line Review: Perform initial analysis and assessment of vulnerabilities, escalating issues as needed to higher-level security or development teams.
• Task Automation: Identify repetitive tasks within the security process and develop automation solutions to improve efficiency and reduce response times.
• Information Gathering: Collect relevant information and data to support security reviews and vulnerability assessments.
• Facilitation and Communication: Organise and lead discussions around security issues, working with development, operations and other stakeholders to foster a security-conscious culture.
• Research and Risk Analysis: Conduct research on emerging security threats and assess potential risks to applications and new features.
• Policy Compliance: Ensure all MO services comply with relevant security policies and standards, assisting in audits and compliance checks as necessary.
• Tracking and Follow-Up: Track security requests and remediation efforts, ensuring they are addressed within established timelines and follow up with teams as required.
• Risk Assessments: Conduct and document risk assessments on new applications or features to evaluate their potential security impact.
• Risk Remediation: Collaborate with relevant teams to follow up on and track the remediation of identified risks, documenting each stage of the remediation process.
• Documentation: Create and maintain comprehensive documentation for all security processes, assessments, and compliance activities, supporting future audits and reviews.

About You

You are detail-oriented, analytical, and proactive in identifying and addressing potential security threats. You have a foundation in cyber security principles and experience with vulnerability management, along with a proactive approach to automation and task optimization. Your excellent communication skills allow you to collaborate with various teams effectively and lead discussions around security requirements and risks. You are comfortable with the technical aspects of security but also possess the organisational skills to manage compliance documentation, track security requests, and ensure timely risk remediation. Your role will also involve collaborating with the Cyber Security Technical Manager on key coordination and project support tasks to enhance the team's overall efficiency and effectiveness.

Minimum criteria

You’ll need all of these.

• Experience in application security, vulnerability management, or a similar role.
• Familiarity with vulnerability monitoring tools and frameworks.
• Experience automating security tasks and processes.
• Understanding of risk assessment methodologies and compliance requirements.
• Strong analytical skills with the ability to prioritise security risks effectively.
• Excellent verbal and written communication skills for reporting and facilitating discussions.

Who you’ll be working with

The purpose of the Cyber Security team is to protect the organisation from levels of cyber risk that sit outside of our risk appetite and allow our customers to trust that we safeguard their data. We pride ourselves in providing value to our customers, our stakeholders and to projects. We take a risk-based approach and provide pragmatic and helpful advice. We deliver quality work, take a stand on our security principles and help others in adopting them. We work collaboratively and imaginatively.