IT Applications Security Analyst – 45k-50k - Staines
The client funds healthcare around the world and run clinics, hospitals, dental centres, care homes and retirement villages in a number of countries.
The Security Applications Analyst is part of the team responsible for the security of IT applications. The focus of the role is to contribute to the change initiatives ensuring that security is embedded in the design, delivery, and operation of applications and services.
You will have a solid IT background and experience in Information Security, Secure Development Lifecycles and practical experience of applying the CSC 20 Controls.
This role will assist the Head of IT Security with application security activities which include but are not limited to:
- Undertaking end to end application security risk reviews of business critical applications and infrastructure
- Work with the development and testing community, providing SME advice to understand and remediate coding vulnerabilities
- Co-ordinating security testing
- Support the development teams in identifying false positives in code scanning reports and maintaining static testing rulesets
- Provide specialist IT Application Security services and advice to meet business need
- Take ownership and responsibility for managing provisioning and de-provisioning of access to all applications for the UKMU in line with local security and enterprise policies.
- Collaborate with the business to define and ensure roles and associated entitlements follow the UKMU strategy for access control centering on ‘Role-Based-Access-Control’.
- Conduct regular reviews of access rights in accordance to security policy and agreed service level agreements ensuring roles and entitlements are consistent with business needs and effected in a timely manner.
The candidate will ideally have in depth knowledge of some or all of the following domains: Active Directory, Provisioning and De-provisioning of access across a range of off –the-shelf and in-house applications, networking, infrastructure, cloud hosting, and monitoring and alerting systems.
- Ideally educated to Degree level
- Relevant security qualifications (CISSP , SSCP, CEH, CASP, MCSE, CRISC, etc.)
- Knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour.
- Experience in escalating and articulating security concepts to all levels of audience.
- Extremely good organisational, communication and documentation and administration skills with a good eye for detail.
- A good understanding of typical software vulnerabilities and exploits.
- Demonstrable experience in application security testing tools and applications.
- Experience producing security documentation and other technical analysis reports.
- Knowledge and understanding of relevant industry frameworks and best practices such as OWASP, NIST
- Experience working in a team-oriented, collaborative environment.
- Demonstrate very strong proven experience of Security systems, ideally some understanding of working within ITIL and PRINCE2 environments.
- Ability to make decisions on complex issues and communicate them effectively to technical and non-technical audience
- Proven record in co-ordinating the successful delivery of security/ technology -based deliverables.
- Experience working with resources across multiple teams within Health Service delivery projects or equivalent.
- Experience in creating, monitoring and managing key objectives.
- 5+ years professional experience in Healthcare markets or equivalent & IT Industry experience.
- Exposure to prevalent industry standards such as ISO27001, FCA, PRA, ICO, PCI-DSS, CIS, ITIL etc.
In return you will be rewarded with excellent benefits – including 25 days holiday, free healthcare, an onsite gym and a subsidised canteen. You’ll also be supported in developing your skills with ongoing training and career opportunities.
For immediate consideration please contact Teo Rusu on 01908 886030 or email firstname.lastname@example.org