Position: Threat and Vulnerability Analyst
Reporting to: Red Team Leader (Cyber Fusion Centre)
Location: York (UK) or Lisbon (Portugal)
Type: Permanent
Band: I
Company description:
Hiscox is a diversified international insurance group with a powerful brand, strong balance sheet and plenty of room to grow. Listed on the London Stock Exchange and headquartered in Bermuda (with the bulk of group leadership sitting in London), Hiscox has over 3,000 staff across 14 countries and 34 offices.
The Role:
The Threat and Vulnerability Analyst works in our Cyber Fusion Centre, which is responsible for the protection, detection and response capabilities used to safeguard our business from cyber threats. You will be responsible for the proactive identification of threats to our systems and networks, together with potential vulnerabilities that could be exploited by malicious threat actors. Your work will be essential in enhancing our security posture by providing insights into potential attack vectors and security weaknesses. You will be responsible for emulating the threats we face, by mimicking the Tactics, Techniques and Procedures (TTPs) used by real-world hackers.
Key Responsibilities:
1. Manage the daily operations and maintenance of our TVM platforms, ensuring we have the latest scan libraries and threat intelligence to support detailed scans of our infrastructure.
2. Analyse and prioritise the outputs from TVM platforms and translate into mitigation actions for our Fusion Centre CI/CD pipelines.
3. Perform routine vulnerability assessments of our infrastructure and applications, document your findings and recommendations for remediation.
4. Perform network reconnaissance to gather information about potential high value targets in our network.
5. Track open security vulnerabilities in our estate and manage them through the lifecycle to closure.
6. Escalate more complex issues to our Ethical Hackers for further investigation.
7. Collaborate with our Blue Team to validate their detection and response capabilities.
8. Support the coordination of Penetration Tests performed by our external third parties.
9. Support the planning and delivery of Red and Blue Team exercises as required.
10. Support in-flight security incidents by providing insight into our vulnerability exposure.
11. Prepare detailed reports and briefings for various stakeholders outlining the nature of our threats, their potential impact and recommended mitigation approach.
12. Maintain an up-to-date knowledge of the latest threat actors and their TTPs.
Candidate Profile:
1. 0 to 3+ years experience in a cyber analyst role, preferably with a focus on TVM technologies.
2. Excellent working knowledge of the vulnerability management lifecycle.
3. Excellent analytical skills with the ability to work under own initiative.
4. Comprehensive knowledge of common hacking techniques and the latest cyber threats.
5. Good working knowledge of using cyber threat intelligence and attack modelling frameworks.
6. Desire to pursue a career in Ethical Hacking, and be willing to undertake further training.
7. Be highly curious and demonstrate lateral thinking and problem solving.
8. Good presentation and report writing skills.
9. BSc or MSc in Cybersecurity is essential if you have no formal experience.
10. Industry recognised qualifications such as CompTIA PenTest+ and GIAC GPEN are desirable.
Diversity & Benefits:
At Hiscox we care about our people. We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success. Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years’ worth of service, private medical for all the family and much more.
#J-18808-Ljbffr