Some Highlights

This position is responsible for performing independent security assessments of clients’ information technology systems (including Internet, Intranet, Applications, Hosts, Firewalls, Mobile applications etc.). Communication in both written and verbal forms, including training courses, workshops, and consultations with clients and formal reports. 

These assessments are conducted on a by-project basis, ranging between one and three weeks per project, and will occasionally be conducted at the client site, in the UK, or abroad. 

The Security Analyst is also required to conduct on-going research in the IT security arena and regularly assist in the sales process.

Working as a Security Analyst

• Conduct security reviews of architecture, application designs and source code
• Perform mobile, complex application, infrastructure, social engineering assessments and penetration testing
• Exploit vulnerabilities to gain access, and expand access, to remote systems
• Document technical issues identified during security assessments
• Research cutting edge security topics and new attack vectors
• Be a second trainer for delivery of training courses
• Communication of findings/innovations internally, to team colleagues (via blog)
• Assist with building, hardening, and maintaining systems used for penetration testing
• Assist with improvements for security services, including the continuous enhancement of existing methodology and reporting formats, as well as training collateral
• Demonstrate the skills and knowledge to be an industry expert
• Work independently on projects
• Work with the wider team, mentor fellow team members and assist pre-sales

What we expect of you

• IT related degree / certificate or equivalent experience
• Industry leading qualification such as OSCP, CISSP, CREST, OSCE or equivalent
• Solid experience in information security in a dev/admin/engineer role
• Development experience in C/C++, C#, .NET, PHP, Java, Python, Ruby
• Strong Unix, Windows and networking security skills
• Familiarity with general application and network security concepts
• Manual penetration testing experience above and beyond running automated tools
• Experience developing custom scripts or tools used for vulnerability scanning and identification
• In depth networking knowledge (MPLS, BGP, OSPF, IPv6, TOR)
• Understanding of development frameworks
• Broad understanding of hosting /cloud environment, SIEM & defensive technologies, security auditing tools
• Ethical hacking and intrusion prevention experience
• Report writing experience and presentation skills
• Scripting/coding, sys admin or networking experience