Principal Security Analyst
Role Summary: The Principal Security Analyst will be responsible for guiding and handling the Vulnerability Management (VM) Plan, ensuring the coordination, monitoring, and support of activities related to VM, Cloud Security, Pen Testing, security patching, and remediation management. This role requires a strategic problem solver with advanced technical skills and the ability to mentor junior analysts while collaborating across various teams to enhance the organisation’s security posture.
Key Responsibilities:
* Vulnerability Management: In-depth knowledge of vulnerability management, the vulnerability life cycle stages.
* Technical Remediation: Through understanding of remediation concepts/frameworks pertaining to vulnerabilities.
* Vulnerability Exception: Solid grasp of vulnerability exception processes, exception assessment processes, and compensating security controls.
* Partner Engagement: Excellent partner leadership skills working with various levels of management/non-management colleagues within technology and business departments within LSEG.
* Roadmap Development: Provide input, prepare, and update the VM roadmap. Develop, maintain, and publish project plans and operation schedules.
* Reporting: Provide status reports to Cyber Security leadership on VM metrics, key risk indicators, trends, and compliance.
* Solution Proposals: Propose VM concepts and solutions, prepare presentations, and coordinate vendor demonstrations.
* Standard Operating Procedures (SOPs): Create and maintain SOPs for VM, providing technical knowledge to operations and production support teams.
* Configuration Control: Maintain configuration control of VM hardware, systems, and application software. Coordinate upgrades and maintenance activities on VM tools.
* Collaboration: Work closely with Vulnerability Assessment & Pen Testing teams to analyse results and threat feeds, reacting appropriately to security weaknesses or vulnerabilities.
* Technical Documentation: Prepare and maintain user documentation of the VM programme, including requirements, architecture designs, network topology, applications, and application security designs.
* Policy Collaboration: Collaborate on Information Security policies, standards, and baselines, contributing to compliance measurement efforts.
* Governance Reporting: Collaborate on and provide VM results and metrics for consistent reporting for governance purposes. Coordinate remediation plans and activities.
* Planning: Help develop a long-term VM strategy (3-5 years) addressing global information security needs, identifying current state, gaps, and opportunities.
* Mentorship: Mentor and guide junior analysts, providing technical leadership and encouraging a culture of continuous learning and improvement.
Technical Requirements:
* Advanced Knowledge: Deep understanding of VM tools and technologies, including but not limited to Nessus, Qualys, and Rapid7.
* Cloud Security: Extensive experience with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their security configurations.
* Pen Testing: Proficient in penetration testing methodologies and tools such as Metasploit, Burp Suite, and OWASP ZAP.
* Security Patching: Expertise in security patching processes and tools, including WSUS, SCCM, and automated patch management solutions.
* Scripting and Automation: Solid skills in scripting languages (e.g., Python, PowerShell) for automation of security tasks and processes.
* Network Security: In-depth knowledge of network security principles, including firewalls, IDS/IPS, and network segmentation.
* Compliance: Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST).
Qualifications:
* Bachelor’s degree in Computer Science, Information Security, or a related field.
* 5 years of experience in cybersecurity, with a focus on vulnerability management and cloud security.
* Relevant certifications such as CISSP, CISM, or CEH.
* Excellent analytical and problem-solving skills.
* Good communication and presentation skills.
* Ability to work closely with multi-functional teams.
Preferred Qualifications:
* Experience with advanced threat detection and response tools.
* Knowledge of secure software development practices and DevSecOps or equivalent experience.
* Experience in mentoring and developing junior team members.
#J-18808-Ljbffr