Job
Description
A security analyst role within the Global Technology Transversal Application Services (TAS) function, supporting the provision of a robust and consistent security scanning, remediation and guidance service within the TAS Application Operations team. The team provides a global, centralized Operations, Governance, Audit, Risk & Security service across Application Delivery. DISCOVER your opportunity What will your essential responsibilities include? Support the Application Operations (Security) team in all security related activities, forums and discussions Perform application scanning across the Application Delivery estate using tools such as SonarQube, Checkmarx, JFrog Xray, CAST Highlight, Defender and Qualys Assist in setting up Jenkins pipeline integration to CI/CD lifecycle Perform Static Application Security Testing (SAST) and Software Composition Analysis (SCA), including analysis of components in applications to detect vulnerabilities and compliance issues Work with Application Delivery teams to communicate the outcome of scanning and analysis, and agree remediation actions including target dates for completion, in alignment with Information Security Policy requirements Assist in Risk Assessments, evaluating the severity of identified vulnerabilities and prioritizing remediation efforts based on potential impact to the organization Assist in Policy development, contributing to the development and implementation of vulnerability management policies and procedures Manage the production of reporting and metrics to both internal and external stakeholders You will report to the Operations Lead (under Head of Application Operations) SHARE your talent Were looking for someone who has these abilities and skills: Required Skills and Abilities: Security First mindset Understanding of vulnerability analysis, scanning and remediation processes Understanding of CVEs, CVSS Understanding of security industry compliancy benchmarks and standards i.e. CIS Understanding of security best practices/standards i.e. OWASP, NIST Preferable experience with at least 2 coding languages i.e. Java, .NET, C++, Python etc. Strong analytical, critical thinking and organizational skills, ability to multitask and work to deadlines Proficiency in Power BI, MS Work and MS Excel: We maintain and continually develop a number of Power BI Dashboards to support provision of critical data and use Excel to support our data capture and analysis and reporting Excellent communication, interpersonal and relationship building skills (verbal and written)
