Cyber Security Analyst
giffgaff is mobile network operator unlike any other. Through close online collaboration and a generous reward scheme, its members help to run and grow the business doing things like answer other member`s queries and distributing SIM cards.
Over the last 7 years giffgaff has grown from a small company employing 15 people to become the 3rd largest virtual network operator in the UK- it has millions of members and now has over 200 employees.
giffgaff is regularly recognised for its excellence in member satisfaction - it`s been a Which? Magazine recommended supplier 5 years in a row and has won their Best Telecoms Operator award twice. It has also ranked in the top 10 of all UK companies for offering best customer service.
Although the business is owned by Telefonica UK (and uses the O2 network) it is operated as an independent entity and is responsible for its own IT and billing systems.
The Cyber Security Analyst will report into the Application Security Lead at giffgaff which will help to provide infrastructure and application security services including secure coding education and awareness, process and tools, security testing support and guidance for internal software development projects and third parties’ integrations.
The Cyber Security Analyst will be in charge of:
- Continued compliance with internal and external stakeholders;
- Identify application security risks and security requirements for new projects;
- Perform security testing and advise on remediation of identified vulnerabilities;
- Conducting security incident and event investigation and analysis.
- Ensuring that necessary controls and processes exist to appropriately correlate and assess security events;
- Maintaining awareness of cyber trends, threats, and vulnerabilities;
- Prepare and monitor operational security metrics and trends;
- Research/evaluate emerging cyber security threats and ways to manage them;
- Monitor for attacks, intrusions and unusual, unauthorised or illegal activity both for networks and applications;
- Liaise with third party hosting providers and domain registrars in order to reduce the impact on our members of 'phishing' emails and 'smishing' activities.
Experience and Skills Required:
- A background in software engineering, application development, penetration testing or security architecture.
- Knowledge of application security vulnerabilities (OWASP TOP10) and security testing techniques;
- Understanding of secure web application development, Java, Java development frameworks, PHP, web services, SOAP, Angular;
- Have an understanding of Secure Development Lifecycles and their application in an agile environment;
- Understanding or familiarity with common code review methods, tools and standards;
- Knowledge of common scanning tools (Qualys/Nessus/Burpsuite);
- Knowledge of scripting languages (Eg: Python /Bash);
- Network security and vulnerabilities, scanning techniques and security remediation.
- Passionate about problem-solving with strong analytical skills;
- A self-motivated team player who can work with minimal supervision;
- Fluent in English (written and spoken)
Experience and Skills Desired:
- CISSP qualified or any relevant certification, the candidate will be assessed on the knowledge and experience;
- iOS / Android application security assessment;
- Exposure to CI/CD in an agile environments and security implementations;
- Understanding of Cloud technologies and deployments both private or public;
- Exposure or basic knowledge of container environment (LXC, Docker, Kubernetes) a plus if knowledge of security implication around these;
- React Native/ Reactjs development experience or secure code review experience.
This is a chance to work for one of the most sought after UK companies highly regarded for its innovative online collaborative model and recognised numerous times including uSwitch Which? and Mobile Industry awards. In return for your outstanding efforts, you’ll be rewarded with a competitive salary and excellent benefits. At giffgaff, we believe that hard work should be supported and recognised.