Senior Information Security Analyst

258364

FULL_TIME

Other

Permanent

Coventry Store Support Centre - Ansty Park and Home, Sainsbury's Store Support Centre Draken Drive Ansty Park, Coventry West Midlands, CV7 9RD

Competitive Plus Benefits

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

Job Title / Role Senior Information Security Analyst – Product Assurance   Reporting to Information Security Manager – Sainsbury’s   Division/Dept Data Governance and Information Security   Location` Holborn, Coventry, Manchester (Flexible)   In a nutshell   As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.   You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.   The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. You will be asked to provide recent, industry-respect certificates if successful at interview to demonstrate your ongoing education.    Whilst this role isn’t ‘hands-on’ candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.   What you need to do   <ul> <li>As a Senior Information Security Analyst, you will have good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.</li> <li>Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail </li> <li>Review requests to ensure they comply with company policy and best security practice prior to approval </li> <li>Conduct in-depth risk assessments and threat modelling alongside producing detailed documentation </li> <li>Present findings to management alongside recommendations on how to secure our systems </li> <li>Advocate for innovative security solutions through persuasive quantitative evidence and presentation </li> <li>Mentor, engage and help educate junior colleagues across the InfoSec family </li> <li>Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business </li> <li>Ensure that risks have been raised and being able to comprehensively explain the issues </li> <li>Provide subject matter expertise on the InfoSec domain that the candidate is expert at </li> <li>Evaluate requests from our suppliers to ensure they are fit for purpose </li> <li>Deliver weekly reporting to management and other stakeholders</li> <li>Co-ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues</li> <li>Provide support to the Information Security Manager </li> </ul>   What you need to know and show   <ul> <li>A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture</li> <li>Familiarity with common Mobile Device and Endpoint Management solutions</li> <li>An understanding of the Microsoft Defender suite of products</li> <li>Awareness of Email & Web Security Gateway technologies</li> <li>Ability to understanding the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi-site deployments (inc. international)</li> <li>Consideration on how to assess the security of purchased Software-as-a-Service products</li> <li>Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.</li> <li>Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite</li> <li>Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing</li> <li>Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds</li> <li>Risk Management experience and understanding of Risk Management Frameworks</li> <li>Strong analytical and report writing skills</li> <li>Appreciation of containerisation technologies such as Docker, Kubernetes etc.</li> <li>Experience with logging, monitoring, load balancing/proxies and API gateways</li> <li>Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet</li> <li>In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain</li> <li>Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies</li> <li>The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing</li> <li>Strong understanding of the changing threat landscape and how this may affect our systems</li> <li>The ability to challenge concerns and report through appropriate channels</li> <li>Self-drive, motivation and the ability to work independently to deliver expected outcomes</li> <li>Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements</li> <li>In-depth understanding of data and security risks in a large enterprise</li> </ul>   Desirable Qualifications   You will have two (or more) of the following:   <ul> <li>CompTIA CASP+, Cloud+, Security+, Network+, Linux+</li> <li>CSA CCSK / CCAK</li> <li>(ISC)² CISSP / CCSP / SSCP</li> <li>ISACA CISA / CISM / CRISC / CGEIT</li> <li>AWS Certified Security or Certified Solutions Architect</li> <li>GCP Professional Cloud Security Engineer</li> <li>GIAC Cloud Security Automation</li> <li>Microsoft Certified Azure Solutions Architect Expert</li> <li>Microsoft Certified Cybersecurity Architect Expert</li> <li>MSc. Information/Cyber Security (not essential)</li> </ul>   As well as lots of on-the-job training and endless opportunities, you'll get: <ul> <li>Colleague discount across our multi-brands - Sainsbury's, Argos, TU Clothing and Habitat</li> <li>Holiday allowance</li> <li>Bonus scheme</li> <li>Pension plan</li> <li>Special offers on gym memberships, restaurants, holidays, retail vouchers and more</li> </ul> Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:    Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.      Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too. Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.     Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

2024-09-17 16:51:13

https://hdhe.fa.em3.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/requisitions/preview/258364/apply/email?mode=location

Back to search

Senior Information Security Analyst

Salary: Competitive Plus Benefits
Location: Coventry Store Support Centre - Ansty Park and Home, Coventry, CV7 9RD
Contract type: Permanent
Business area: Sainsbury's Tech
Closing date: 01 October 2024
Requisition ID: 258364

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

Job Title / Role

Senior Information Security Analyst – Product Assurance

Reporting to

Information Security Manager – Sainsbury’s

Division/Dept

Data Governance and Information Security

Location`

Holborn, Coventry, Manchester (Flexible)

In a nutshell

As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.

You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.

The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. You will be asked to provide recent, industry-respect certificates if successful at interview to demonstrate your ongoing education.

Whilst this role isn’t ‘hands-on’ candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

What you need to do

As a Senior Information Security Analyst, you will have good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail
Review requests to ensure they comply with company policy and best security practice prior to approval
Conduct in-depth risk assessments and threat modelling alongside producing detailed documentation
Present findings to management alongside recommendations on how to secure our systems
Advocate for innovative security solutions through persuasive quantitative evidence and presentation
Mentor, engage and help educate junior colleagues across the InfoSec family
Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business
Ensure that risks have been raised and being able to comprehensively explain the issues
Provide subject matter expertise on the InfoSec domain that the candidate is expert at
Evaluate requests from our suppliers to ensure they are fit for purpose
Deliver weekly reporting to management and other stakeholders
Co-ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues
Provide support to the Information Security Manager

What you need to know and show

A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
Familiarity with common Mobile Device and Endpoint Management solutions
An understanding of the Microsoft Defender suite of products
Awareness of Email & Web Security Gateway technologies
Ability to understanding the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi-site deployments (inc. international)
Consideration on how to assess the security of purchased Software-as-a-Service products
Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.
Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite
Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing
Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds
Risk Management experience and understanding of Risk Management Frameworks
Strong analytical and report writing skills
Appreciation of containerisation technologies such as Docker, Kubernetes etc.
Experience with logging, monitoring, load balancing/proxies and API gateways
Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet
In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
Strong understanding of the changing threat landscape and how this may affect our systems
The ability to challenge concerns and report through appropriate channels
Self-drive, motivation and the ability to work independently to deliver expected outcomes
Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements
In-depth understanding of data and security risks in a large enterprise

Desirable Qualifications

You will have two (or more) of the following:

CompTIA CASP+, Cloud+, Security+, Network+, Linux+
CSA CCSK / CCAK
(ISC)² CISSP / CCSP / SSCP
ISACA CISA / CISM / CRISC / CGEIT
AWS Certified Security or Certified Solutions Architect
GCP Professional Cloud Security Engineer
GIAC Cloud Security Automation
Microsoft Certified Azure Solutions Architect Expert
Microsoft Certified Cybersecurity Architect Expert
MSc. Information/Cyber Security (not essential)

As well as lots of on-the-job training and endless opportunities, you'll get:

Colleague discount across our multi-brands - Sainsbury's, Argos, TU Clothing and Habitat
Holiday allowance
Bonus scheme
Pension plan
Special offers on gym memberships, restaurants, holidays, retail vouchers and more

Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:

Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.

Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave.

Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Senior Information Security Analyst

Salary: Competitive Plus Benefits Location: Coventry Store Support Centre - Ansty Park and Home, Coventry, CV7 9RD Contract type: Permanent Business area: Sainsbury's Tech Closing date: 01 October 2024 Requisition ID: 258364

Want to learn more about our teams?

Salary: Competitive Plus Benefits
Location: Coventry Store Support Centre - Ansty Park and Home, Coventry, CV7 9RD
Contract type: Permanent
Business area: Sainsbury's Tech
Closing date: 01 October 2024
Requisition ID: 258364