Cyber Vulnerability Analyst

Job Description

Job title: Cyber Vulnerability Analyst

Company: Direct Line Group

Job description: At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we’re a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day.

We’re evolving, to be a more digitally-focused data-driven insurance company of the future – and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That’s why we’re embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution.

We have an exciting opportunity for a Cyber Vulnerability Analyst to join our Cyber Defence Centre! Reporting into the Vulnerability & Testing Manager, you’ll be a key member of our Cyber Defence ‘Assure’ function and perform identification, contextualisation, and analysis of posture weaknesses across the Direct Line Group technology estate. You’ll be responsible for ensuring service owners are aware of weaknesses in their security posture and are empowered with the right information to take the necessary actions.

What you’ll be doing:

This role, as part of the wider team, will focus on running an effective vulnerability management and cloud security posture management (CSPM) service. You’ll be responsible for:

• Managing aspects of the vulnerability and CSPM lifecycle excluding patch management.
• Identifying, alongside your peers, vulnerability & CSPM improvement opportunities.
• Improving and maintaining documentation that defines DLG’s vulnerability and posture weakness identification, contextualisation, prioritisation, and tracking framework.
• Relationship management with key technology stakeholders to ensure vulnerability (including cloud configuration weakness) priorities are understood and tracked appropriately.
• Collaborating with the wider Cyber Defence and CISO teams to ensure appropriate mitigation actions are considered within our security capabilities; putting automation at the heart of everything we do.

What you’ll need:

This role is suited to an analyst with a strong stakeholder management & risk background, who understands how to effectively influence a wide range of stakeholders, and effectively communicate and prioritise risks across a wide group technology estate. We are looking for individuals with:

• Proven track record being part of a security team or function where you have demonstrated strong stakeholder management skills across stakeholders with differing levels of technical security competency.
• Understanding of core vulnerability and cloud security posture management concepts.
• Pragmatism is a must for this role. Understanding risk, resource availability and business objectives at a group level is key. Putting our customers interests at the heart of everything we do must always come first.
• Experience applying contextualisation to identified posture weaknesses, both from a threat intelligence and internal technology architecture perspective.
• Understanding of how automation must play a role in all stages of vulnerability identification and prioritisation.
• Very strong ability to communicate with both technical and non-technical audiences, both written and verbal.

It’s desirable if you have:

• Experience with vulnerability and cloud security posture management tools across multi-cloud estates.
• Best practice understanding of Azure, AWS & GCP environments setup.
• Understanding of wider Cyber Defence areas, such as threat intelligence, operations and engineering and how these areas influence posture improvements opportunities.
• Experience working in environments undergoing change programs.
• Cloud Security Administrator or Auditor certifications (or equivalent based on cloud platform).

Ways of Working

Our mixed model way of working offers a ‘best of both worlds’ approach combining the best parts of home and office-working, offering flexibility for everyone. How much you’ll be in the office depends on your role, and we’ll consider the flexible working options that work best for you.

Read our flexible working approach .

This is a hybrid opportunity with the expectation to be in our London Bridge office c. 2 times per week.

Benefits

We wouldn’t be where we are today without our people and the wide variety of perspectives and life experiences they bring. That’s why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include:

• 9% employer contributed pension
• 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover
• Additional optional Health and Dental insurance
• Up to 10% bonus
• EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.
• 25 days annual leave, increasing each year up to a maximum of 28
• Buy as you earn share scheme
• Employee discounts and cashback
• Plus many more!

Being yourself

Difference makes us who we are. We believe everyone should feel comfortable to bring their whole selves to work – that’s why we champion diverse voices, build workplaces that work for people, and invest in the things that matter. From senior leadership to inclusivity networks, adaptive working to inclusion training, we’ve made it our mission to give you everything you need to be authentically you. Discover more at

Together we’re one of a kind.

#LI-BB1

#LI-HYBRID

Expected salary:

Location: London

Job date: Fri, 12 Jan 2024 04:05:48 GMT

Apply for the job now!