Group IT Security Vulnerability Analyst

Job Description

Join us on the Journey... National Express Group is a leading public transport operator with bus, coach and rail services in the UK, Continental Europe, North Africa, North America and the Middle East. Passengers made 939 million journeys on our services in 2019.The successful candidate will play a key role in the operation of IT security for National Express Group PLC. A hands-on role that is paramount to execute IT security services to the required standard at a Group level and liaising with multiple stakeholdersand division teams. The Group IT Security Vulnerability Analyst will bring a wealth of technical knowledge and apply it on a daily basis, be responsible for the correct execution of key security testing services and act as a key point of contact for GroupIT security matters associated with such services.What youll do:Operate key IT security services to support activities concerning IT security assessment to determine any gaps that require mitigation and communicate risks to the appropriate stakeholders including attack surface mapping and execution/processing of vulnerabilityscansFacilitate, organise and execute on a periodic basis the relevant IT security services (e.g. vulnerability and web application scanning)Verify output of automated security testing tools associated to the the relevant IT security servicesEnsure the compliance level of the Group divisions against the relevant security servicesProvide input to improve IT security governance, policies and procedures from observations made on a day-to-day basis in collaboration with the Group divisionsSupport the IT security assessment of prospective acquisitions of companies leveraging existing IT security servicesRespond to IT security incidents, suspicious activity or alerts reported by the Group divisions to support investigation, detection, containment or verification activities (including, but not limited, the usage of existing IT security services)Support IT security initiatives and efforts across the Group concerning the IT security servicesAdvise Group divisions on execution of the IT security servicesProduce operational Group IT security KPIs on a periodic basis associated to the IT security servicesAct as a Group point of contact for ad-hoc enquiries, troubleshooting issues and general support concerning the IT security servicesLiaise with the Group IT security representatives to exchange knowledge and promote Group wide strategic and tactical initiativesOwn and coordinate IT security service meetings held on a periodic basis with Group representativesAppraise IT security risks associated to the IT security services and provide input to the Group IT security risk registerCreate summaries, updates and reports with the relevant periodicity required for each of the IT security servicesCommunicate proactively and effectively with all stakeholders, internal teams, suppliers and any other involved party in the IT security servicesWhat youll have:Experience in corporate IT Security processes and technologyA recognised certification in IT security (e.g. CompTIA Security+)Knowledge and experience of penetration testing and vulnerability managementExperience of web application testing using a product such as Burp Suite or Zap ProxyKnowledge of the OWASP Web Application Security Risks (e.g. top 10, testing guide)Ability to define service descriptions, KPIs, service level agreements and other aspects of vulnerability management and penetration testing provisionAbility to support IT security incidents, IT security advisories and IT security issues collating technical and functional information to define mitigating actions leveraging the IT security servicesAbility to communicate technical findings and vulnerabilities in plain language to varied audiences across the organisationAbility to create, review or amend corporate documents related to vulnerability management including but not limited to policies, procedures and standardsAbility to support conversations with a broad set of stakeholders, including but not limited to, executive staff, third party suppliers, technical teams and functional teamsAbility to gather operational information to produce KPIs and/or balanced scorecards concerning penetration testing and vulnerability managementGeneral IT technical knowledge including but not limited to networks, operating systems, databases, application servers, web servers, cloud security (e.g. multi-tenancy, public/private implementations, SaaS, PaaS, IaaS), end-point security (e.g. hardening,anti-malware, EDR) and network security (e.g. IDS/IPS, SIEM, DDOS mitigation and WAF)Experience in multi-leveled organisations to identify IT security risksSelf-sufficient and dynamic individual who is able to hit the ground runningA passion to get involved with IT security challenges and broaden skills and abilitiesExcellent English verbal and written communication skillsExperience with Linux and BashExperience of a scripting language (e.g. Python, Ruby, Perl)Experience using nmap or similar port/service scanning toolsExperience using a commercial vulnerability scanner (e.g. Nessus, Qualys, Rapid7)Experience using a commercial automated web application scanner (e.g. AppCheck, Rapid7, Netsparker)Ideally but not necessarily required:Experience implementing, using or managing any of the following: EDR, PAM, Active Directory, IDS, IPS, SIEM or SOARSpanish verbal and written communication skillsA recognised certification in penetration testing (e.g. CompTIA PenTest+, CEH, GPEN, CREST, OSCP)What we offer:A core salary aligned with your professional experienceCompany pension schemeParticipation in the bonus programmePrivate medical insuranceHoliday allowanceFlexible and smart working (subject to business needs)Free travel for you and your partnerAccess to the NX Health BusEmployee Assistance ProgrammeVariety of deals and discounts available through the NX online portalThings to note... At National Express, we are really proud of our health and safety reco