Automated Security Scanning Analyst

Automated Security Scanning Analyst

 

Location: Cracow

Contract Type: B2B

Salary: 170PLN/hour - 200 PLN/hour 

Work Model: Remote

 

Big Bank Funding. FinTech Thinking.

Our Technology teams collaborate closely with global businesses to help design and build digital services that allow millions of customers worldwide to bank quickly, simply, and securely. We also manage and run our IT infrastructure, data centers, and core banking systems that power one of the world’s leading international banks.

Our multi-disciplined Technology teams include, among others: DevSecOps engineers, IT architects, front and back-end developers, infrastructure specialists, cybersecurity experts, and delivery, project, and program managers.

Following extensive investment across our Technology and Digital domains, and with plans for continued expansion throughout 2023 and beyond, we are currently seeking a Secure Development Control Governance and Security Scanning Senior Manager to join our Cybersecurity team within Technology.

Brief Overview of the Business Areas:

Global Cybersecurity is responsible for enabling businesses and functions to manage their information, technology, and cybersecurity risks by ensuring these are well understood, and that controls to manage such events are defined, assessed, and implemented appropriately. Cybersecurity delivers this via objective, independent, professional, and specialized subject matter experts. The role forms part of the First Line of Defense (1LoD) in relation to the risk management framework.

The Cybersecurity Assessment and Testing (CSAT) function, part of Global Cybersecurity, is accountable for Vulnerability Management, Secure Development, Threat and Controls Assessment (threat modeling), Cloud Security, and Third-Party Cybersecurity Assessment. This function drives the identification, capture, assessment, testing, and ultimately the remediation of security defects, gaps, and vulnerabilities across the estate in concert with business and technology teams – on-premise, within the Cloud, and resulting from third-party engagements.

The Automated Security Scanning Analyst will be a key part of the Secure Development team, reporting to the Global Head of Cloud and Container Security. They will closely collaborate with peers across Cybersecurity and business development teams to enable the rapid build of secure technology products and services, thereby reducing risk by enabling early identification and remediation of security vulnerabilities.

Key Responsibilities:

• Defining and driving scanning product vision, strategy/roadmap, and metrics; balancing requirements around usability, productivity, security, and scale to create optimal experiences for engineering application teams.
• Performing continuous capability assessment and driving improvements of the security scanning product efficacy, coverage, quality, false-positive ratio, service processes, and procedures.
• Defining and maintaining scanning tool configuration, ruleset, and policy, and revising as required to minimize the false-positive ratio.
• Leading and executing the creation, review, and maintenance of security scanning quality assurance approach and related documentation.
• Planning and executing project roadmaps to enhance functionality and/or remediate identified security scanning product gaps.
• Monitoring new product and technology trends, risk, and threat intelligence feeds to advance security capabilities while balancing an excellent user experience.
• Driving development work to integrate systems.
• Data analysis to identify patterns and trends in security-related findings.
• Partnering with key stakeholders including engineering application teams, SDLC Federated Control Owners, Operational & Resilience Risk, CCO Technology, Cybersecurity Risk & Control Strategy, and Cybersecurity Business Engagement.

What You Will Bring to the Role:

To be successful in this role, you should have proven experience within the Technology sector with knowledge of the following skills:

• Experience in DevSecOps, including Agile and Waterfall Software Development Life Cycle.
• Experience in Cloud and/or Container Security review and Vulnerability assessment.
• General experience in Cloud and Kubernetes.
• Experience with the integration & automation of various security technologies, preferably Container Security Scanning (CONT), including Infrastructure scanning (INFRA), and tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc.).
• Experience in cybersecurity principles, assessment, and triage for security flaws and common vulnerabilities for web and mobile applications.
• Ability to understand and assess both threats and vulnerabilities, articulating these to both technical and business stakeholders.
• Some experience in development work utilizing a programming language, preferably Python.
• Professional IT Security qualifications and/or certifications.
• An inquisitive approach, always asking how to achieve goals in a smarter and more effective way.
• An ability and interest in learning and experimenting with new approaches to vulnerability management in different contexts, across the organization's scale.
• Experience working in international and diverse environments.
• Experience engaging with business, technology, regional, and regulatory stakeholders.
• Ability to communicate to executive leadership – effectively translating technical gaps into business risk.
• Ability to prepare concise presentations and updates for senior management.
• Influential, credible, and persuasive, active listener, and shows good judgment and high levels of communication skills to achieve effective stakeholder management.
• Experience/understanding of threat modeling and third-party security assessments would be beneficial.
• Good spoken and written communication and the ability to adapt style based on the audience (Fluent in spoken/written English).

Location:

The role-holder is expected to engage with stakeholders and their teams within the office; however, we operate a highly flexible working arrangement for the right candidate, whereby much of their time can be remote.

Come Power a Business that Defines How to Power the World

As a business operating in markets around the world, we believe diversity brings benefits for our customers, business, and people. We are committed to being an inclusive employer and encourage applications from all suitably qualified applicants irrespective of background, circumstances, age, disability, gender identity, ethnicity, religion or belief, and sexual orientation.

We want everyone to be able to fulfill their potential, which is why we provide a range of flexible working arrangements and family-friendly policies.

You will have access to tailored professional development opportunities and a competitive pay and benefits package.

Personal data relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.