IT Technical Security Applications Analyst
If ‘innovation’ and ‘drive’ strikes a chord, then Bupa UK IT Security is the answer you are seeking.
At Bupa, we’re here to help people live longer, healthier and happier lives. This means caring for and protecting our customers, colleagues, partners and Bupa.
The UK IT Security team is focused on protecting the confidentiality, integrity and availability of both information and the systems that process and store such information. Security by design is the cornerstone of our Prevent, Detect, Respond and Protect strategy.
If you are passionate about information security, living Bupa’s values and want a key role in defining and delivering Bupa UK’s IT Security strategy, then you are who we are looking for.
The IT Technical Applications Security Analyst will have a solid IT background covering end-to-end Application Security, Operating Systems, Networking, monitoring systems, in-depth knowledge of penetration testing (OWASP) and security coding (SAST and DAST) technologies, including security operation services coupled with excellent troubleshooting skills.
You will have experience of developing intelligence gathering systems and managing associated incident response processes for the UKMU Applications in collaboration with other support functions across UKIT and beyond.
This role will assist the Head of IT Security with Application security activities which include, but are not limited to:
- Collaborating very closely with the Head of IT Security, Senior Stakeholders within the UK Market Unit and beyond to understand the business relevance and impact of Application security risks and help to design and establish an effective intelligence capability using sound analytics to shape and drive the security agenda.
- Manage the end-to-end technical application security portfolio for the UKMU applications inclusive of: absolute clarity of the UK Application inventory, the infrastructure these applications are hosted on, their Security and IT risks, and associated remediation. (Note: on-premise infrastructure managed by Global Services & Transformation shall remain the responsibility of GS&T to inform UKIT of any security and IT risks, and associated remediation plans).
- Be the first point of call and lead for all UKMU technical application security matters such as threat assessments, building secure coding and testing into the SDLC (SAST, OWASP, CSC top 20, etc.), and assurance that security requirements are fully met prior to systems being transitioned into operations, and are maintained once in operation.
- Maintain an effective and secure UKMU application estate through appropriate planning and implementation of a continuous vulnerability and penetration testing regime.
- Active monitoring of the UKMU application estate to ensure potential or real exposures are identified and resolved with minimal impact to business operations.
- Active participation toward safeguarding the security, confidentiality, integrity and availability of Bupa UKMU information systems in compliance with the relevant legislation, regulations and standards.
You will also support the following:
- UK Cyber Incident Response
- Technical Security Management
- Security Supplier Management
- Stakeholder engagement
- Change initiatives
- Support cultural change
- Educated to Degree level or possesses the following qualifications: CISSP, CRISC, CGEIT, etc.
- Knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour.
- Proven capability and experience of investigating, managing and remediating cyber security incidents with an ability to make sound decisions and judgements.
- Experience in escalating and articulating security concepts to all levels of audience.
- Effective organisational, communication and documentation and administration skills with a good eye for detail.
- A good understanding of typical malware functionality and capabilities.
- A good understanding of the tools and techniques used by SOC and Incident Response teams.
- Experience producing security documentation and other technical analysis reports.
- Demonstrable experience in Intrusion Detection and analysis.
- Knowledge and understanding of SIEM toolsets and applications.
- Demonstrable experience with Data Leakage Prevention solutions.
- Experience working in a team-oriented, collaborative environment.
- Demonstrate very strong proven experience of Security systems, ideally some understanding of working within ITIL and PRINCE2 environments.
- Must be team and results focussed.
- Ability to make decisions on complex issues and communicate them effectively to technical and non-technical audiences
- Exposure to prevalent industry standards such as ISO27001, FCA, PRA, ICO, PCI-DSS, CSC top 20, ITIL, ISF, etc.
The following elements are considered as essential knowledge and one must be able to explain/demonstrate the configuration, management and maintenance of the following:
- Vulnerability Management
- Web Security
- Forward & Reverse Proxies
- Identity & Access Management
- Key Management Systems
- Citrix, Windows & UNIX/Linux operating systems (including hardening and patching of core OS as well as utilisation of command line tools)
In return you will be rewarded with excellent benefits – including 25 days holiday, free healthcare, an onsite gym and a subsidised canteen. You’ll also be supported in developing your skills with ongoing training and career opportunities.
Bupa is committed to an environment which will attract, retain and motivate its people. Bupa aims to ensure that every applicant to, or employee of is assessed for employment, promotion and development solely on the basis of personal merit and qualifications, regardless of gender, sexual orientation, pregnancy or maternity, marital or civil partner status, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
For further information on Bupa, our equal opportunities and your career with us, please visit www.bupa.co.uk