Negotiable
Undetermined
Undetermined
England, UK
Summary: A leading financial services firm is seeking an experienced Information Security Analyst SME to enhance their cybersecurity team. The role focuses on hands-on activities such as penetration testing, threat hunting, and incident response, requiring deep expertise in vulnerability assessment and strategic threat defense. The successful candidate will work to protect high-value assets by proactively identifying and mitigating evolving threats.
Key Responsibilities:
- Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).
- Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.
- Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.
- Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.
- Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.
- Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.
- Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.
- Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.
- Respond to security incidents, perform forensic investigations, and reduce downtime and impact.
- Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.
- Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.
Key Skills:
- Strong background in penetration testing, threat detection, and incident response
- Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus
- Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)
- Experience with SIEM implementation and analysis
- Comfortable working in fast-paced, cross-functional environments
- Excellent documentation and reporting skills for audit, compliance, and remediation tracking
Salary (Rate): undetermined
City: undetermined
Country: UK
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Job Description:
A leading [Financial Services/SaaS/Analytics/Enterprise] firm is seeking an experienced Information Security Analyst SME to join their growing cybersecurity team. This is a hands-on role for a candidate who excels in penetration testing, threat hunting, and incident response-bringing deep expertise in vulnerability assessment and strategic threat defence.
You'll work at the cutting edge of cybersecurity, helping to protect high-value assets through proactive identification and mitigation of evolving threats.
Key Responsibilities:Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).
Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.
Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.
Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.
Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.
Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.
Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.
Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.
Respond to security incidents, perform forensic investigations, and reduce downtime and impact.
Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.
Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.
Skills & Experience Required:
Strong background in penetration testing, threat detection, and incident response
Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus
Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)
Experience with SIEM implementation and analysis
Comfortable working in fast-paced, cross-functional environments
Excellent documentation and reporting skills for audit, compliance, and remediation tracking
Desirable Certifications:
CEH, OSCP, CISSP, GIAC, or equivalent (not mandatory but a strong plus)
GCS is acting as an Employment Business in relation to this vacancy.