Hiring Manager: Jason Koh, Talent Acquisition contact: Levi Sherwin The opportunity to join our team We have an opportunity for a Cyber Security Design & Assurance Senior Analyst to join our talented Cyber Security team! We are looking for an individual that has experience in the Threat and Vulnerability Management to ensure the organisation maintains a strong security posture and minimises its exposure to potential Cyber attacks. In this role, you’ll have the opportunity to work with Threat and Vulnerability Management along with DevSecOps, Cloud Security, Office Security teams allowing you to deepen your expertise by supporting our team’s functions and Cyber security strategy. Key Responsibilities of this role include: Support the Vulnerability Management Operating Framework and the Continuous Threat and Exposure Management (CTEM) Strategy through establishing processes for vulnerability scanning, assessment, prioritisation, remediation, and reporting. Collaborate with technology owners and business stakeholders to develop and implement risk-based remediation plans for identified vulnerabilities. Balance the urgency of remediation activities with the potential impact of vulnerabilities and the feasibility of implementation. Track the progress of remediation efforts and ensure timely closure of vulnerabilities Support the active monitoring and analysis of threat intelligence from various sources to identify emerging threats, attacker tactics, and potential risks relevant to the organisation. Collaboration and Communication: Work effectively with various stakeholders, including project managers, technology teams, and other cyber security professionals. Communicate security risks, requirements, and recommendations clearly and concisely. Ability to context switch across various Security domains and engagements Documentation and Reporting: Lead the creation and maintenance of documentation related to Threat and Vulnerability Management. Prepare reports on security posture and compliance for stakeholders. Continuous Learning: Stay up-to-date on the latest cyber security threats, vulnerabilities, and technologies. Actively participate in training and development opportunities to enhance your skills and knowledge. What you will bring to this role We are looking for a seasoned analyst with a strong background in Threat and Vulnerability Management. To thrive in this role, you will need to have demonstrated technical proficiency in Vulnerability Management : Lead the execution of vulnerability assessments utilizing scanning tools such as Qualys (preferred), Rapid7, or Tenable. Expertise in various scanning methodologies including network scanning, port scanning, web application scanning, cloud assessments, and policy compliance. In-depth knowledge of vulnerability scoring system, vulnerability prioritization techniques and threat classification systems. Experience in threat analysis and ability to identify potential attack vectors. Skilled in identifying, analysing and mitigating common vulnerabilities such as Zero-day vulnerabilities. Familiar with the integration of scanning tools into vulnerability management workflows, such as those provided by ServiceNow or similar systems. Cloud Security: Experience with platforms such as Wiz, Cloud Conformity, or equivalent. Other key relevant areas of experience include: Scripting and Automation: Ability to write scripts using Python, Bash, or PowerShell. The ability to context switch and demonstrate analytical and problem-solving skills, to address complex security issues and develop effective solutions. Proven solid understanding of security principles and best practices related to network, cloud, application, and data security. Present excellent written and verbal communication skills, enabling effective collaboration with both technical and non-technical stakeholders. Be familiar with relevant industry standards and frameworks such as NIST, ISO 27001, and OWASP. Hold relevant cyber security certifications (e.g., AWS or GCP cloud certification, Security, CySA, CCSP, or similar). DevOps or DevSecOps Experience is desirable but not essential: DevSecOps: SAST: Experience with tools like SonarQube, Snyk, or Veracode. SCA: Proficiency in platforms like Nexus IQ/Lifecycle, Snyk, or equivalent. Container Security: Tools such as Trivy, Sysdig, Falco, or equivalent. DAST: Familiarity with OWASP Zap or similar solutions. DevOps Experience: Software Source Control: Tools like GitHub or GitLab. CI/CD: Platforms such as GitHub Actions, Jenkins, or equivalent. Infrastructure as Code (IaC): Proficiency with Terraform or AWS CloudFormation. Configuration Automation: Tools like Ansible, Puppet, or Chef. Join us and make a significant impact on our organisation's security landscape! To be considered for this role, you will need to: 1. Be meeting or exceeding expectations in your current position; and 2. Have discussed your application with your Manager prior to submitting it. How to Apply If you believe you're a good fit for this opportunity, please hit APPLY now! Have any questions regarding the role or have a general query? Please contact Levi Sherwin or Email our Talent Acquisition team on . Know someone that would be a great fit for Insignia Financial? Click here to find out how to refer a friend! We acknowledge and celebrate the richness that individual differences bring to our team. If you need assistance or an adjustment during the application process, please reach out and let us know.