Attack Surface Reduction Analyst
| Dyddiad hysbysebu: | 11 June 2024 |
|---|---|
| Oriau: | Full time |
| Dyddiad cau: | 11 July 2024 |
| Lleoliad: | Manchester, M3 3AP |
| Cwmni: | NatWest Group |
| Math o swydd: | Permanent |
| Cyfeirnod swydd: | R-00235158-OTHLOC-GBR-5FMAN096 |
Crynodeb
Join us as an Attack Surface Reduction Analyst
- Take on a new challenge and use your specialist knowledge to support the wider organisation in building and operating secure services that protect both colleagues and customers
- You’ll act as a subject matter expert in a security related field, making sure that the security implications of the backlog are understood in the right way, building security early into design
- You’ll be joining an exciting and fast-paced area of the bank, where you can expect great exposure both for you and your work
What you'll do
As an Attack Surface Reduction Analyst , you’ll work at a domain level to understand and ensure robust security is continuously considered and incorporated at every stage, programme increment and feature team delivery throughout the development lifecycle and through to support.
You’ll collaborate with feature teams and participate in story refinement, sprint planning and retrospective sessions, establishing a culture of innovation and strategic thinking that makes sure that the bank has knowledge of, and opportunities to exploit, the latest developments in your area of specialism.
You’ll also be:
- Supporting with the identification of risks, while contributing to risk management strategies to achieve business objectives and customer outcomes
- Understanding and implementing Agile methodologies and actively contributing to finding opportunities to build security early into design
- Making sure that decisions made are based on robust data, return on investment and value measures that demonstrate thoughtful and intelligent cost management
- Actively contributing to your centre of excellence (CoE) specialism by cross sharing learnings and best practice with CoE and community of practice colleagues
- Building and leveraging relationships with key stakeholders across the bank to support them in understanding and managing risk effectively
- Identifying vulnerabilities in a range of environments across a complex technology estate
- Triaging vulnerabilities with a view to prioritising remediation activities
- Analysing and presenting data to management to guide tactical and strategic decision making
The skills you'll need
To be successful in this role, you’ll need knowledge of one or more security subject areas and experience of setting risk appetites. You’ll also demonstrate experience of, or a willingness to learn risk management frameworks.
Additionally, you’ll need:
- Good understanding of security principles and networks
- Experience of implementing security controls in cloud environments
- Strong people and stakeholder management skills
- Knowledge of vulnerability management processes and tooling
- The ability to communicate complex technical information in a clear and concise manner