Senior Information Security Analyst - Cloud Specialist
Salary: Competitive Plus Benefits
Location: Coventry Store Support Centre - Ansty Park and Home, Coventry, CV7 9RD
Contract type: Permanent
Business area: Sainsbury's Tech
Closing date: 01 October 2024
Requisition ID: 258373
We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.
Job Title / Role
Senior Information Security Analyst – Cloud Specialist
Reporting to
Information Security Manager – Sainsbury’s
Division/Dept
Data Governance and Information Security
Location
Coventry, Holborn, Manchester (Flexible)
In a nutshell
The Senior Information Security Analyst - Cloud Specialist is responsible for helping to manage the Sainsbury’s cloud estate.
Sainsbury’s has a multi-cloud strategy so familiarity with Azure and AWS is essential. You should hold either Speciality or Professional qualifications for at least one of these vendors.
You should have expertise and knowledge of cloud security architecture along with experience of recommending secure design patterns.
What you need to do
* Support the security, resilience and redundancy of the cloud environments
* Liaise with the Security Testing Team to ensure that Ethical Hacking, Code Reviews, Application Scanning and Infrastructure Scanning is conducted
* Provide Subject Management Expertise to colleagues and management
* Help identify, assess and manage strategic, operational and emerging risks affecting the Cloud and articulate, quantify and monitor risks according to risk appetite
* Build and maintain strong senior stakeholder relationships within technology and the business to understand security risk and drive robust risk-based decision making
* Effectively articulate technical issues to business units and engineering teams
* Define Security Non-Functional Requirements for each project and ensure that they are fulfilled prior to going into service, ensuring the relevant technology standards are applied to specific projects
* Liaise with third-party strategic partners and providers who support Sainsbury’s
What you need to know and show
* A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
* Appreciation of containerisation technologies such as Docker, Kubernetes etc.
* Experience with logging, monitoring, load balancing/proxies and API gateways
* Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet
* In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
* Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
* The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
* Strong understanding of the changing threat landscape and how this may affect our systems
* Nice to have knowledge of Oracle and SAP clouds
* The ability to challenge concerns and report through appropriate channels
* Self-drive, motivation and the ability to work independently to deliver expected outcomes
* In-depth understanding of data and security risks in a large enterprise
* Risk Management experience and understanding of Risk Management Frameworks
* Strong analytical and report writing skills
Desirable Qualifications
You will have two (or more) of the following (including Cloud):
* CSA CCSK / CCAK
* AWS Certified Security or Certified Solutions Architect
* Microsoft Certified Azure Solutions Architect Expert
* Microsoft Certified Cybersecurity Architect Expert
* GCP Professional Cloud Security Engineer
* GIAC Cloud Security Automation
* ISACA CISA / CISM / CRISC / CGEIT
* MSc. Information/Cyber Security
As well as lots of on-the-job training and endless opportunities, in return you’ll also enjoy :
* Flexible working – tailored approach to balance your working from home and collaboration in the office, sensible freedom to shape your week and day working hours, offices in different locations
* Colleague discount across our brands – Sainsbury’s, Argos and Habitat
* Health cover
* Pension plan
* Special offers on gym memberships, restaurants, holidays, retail vouchers and more
We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits.
#J-18808-Ljbffr