Information Security Analyst
Job Description
Job title: Information Security Analyst
Company: Sainsbury’s
Job description: Job Description:
Job Title / Role
Information Security Analyst – Product Assurance
Reporting to
Information Security Manager – Sainsbury’s
Division/Dept
Data Governance and Information Security (Corporate Services)
Location
Holborn, Coventry, Manchester (Flexible)
In a nutshell
As an Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.
You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.
What you’ll do
As a tech professional at Sainsbury’s, you will be part of an exciting journey of transformation, where we are changing the way we operate and embracing agility to push boundaries and create amazing systems and technologies. In this role, you will support the delivery of management information and key performance indicators, assisting our security product teams in refining technology and process requirements, and contributing to the delivery of objectives. You will play an integral role in security monitoring and incident response tasks, ensuring the protection of our systems and data. Additionally, you will actively engage in research to stay updated on threat actor tactics, protective controls, detective capabilities, and incident response processes. Your expertise will be utilised in leveraging best-in-class incident response and automation tools to enhance our response capabilities and automate repetitive tasks. Collaborating with your colleagues, you will support the development of security operations activities and contribute to accurate incident response reports. This is an opportunity for continuous learning and personal development in a supportive and inclusive environment. Join us at Sainsbury’s Tech and be a part of our journey to create incredible experiences for our colleagues and customers.
What you need to do
As an Information Security Analyst, you will have good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
- Work in a flexible, agile manner within Engineering Families, whilst maintaining appropriate levels of challenge and governance
- Ensure security is built in by design, products are delivered securely with client and employee data appropriately protected
- Define Security Non-Functional Requirements for each project and ensure that they are fulfilled prior to going into service, ensuring the relevant technology standards are applied to specific projects
- Liaise with the Information Security Testing Team to ensure that Ethical Hacking, Code Reviews, Application Scanning, and Infrastructure Scanning is conducted.
- Provide end to end assurance of IT products across the Group, throughout its lifecycle, providing approvals where appropriate
- Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike
- Help identify, assess, and manage strategic, operational and emerging risks affecting the Cloud and Data, and articulate, quantify and monitor risks according to risk appetite.
- Build and maintain strong senior stakeholder relationships within technology and the business to understand security risk and drive robust risk-based decision making.
- Effectively articulate technical issues to business units and engineering teams.
- Define Security Non-Functional Requirements for each project and ensure that they are fulfilled prior to going into service, ensuring the relevant technology standards are applied to specific projects.
- Liaise with third-party strategic partners and providers who support Sainsbury’s.
What you need to know and show
- A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
- Appreciation of containerisation technologies such as Docker, Kubernetes etc.
- Fundamental knowledge of logging, monitoring, load balancing/proxies and API gateways
- Fundamental knowledge of GitHub, Jenkins & Jira
- Basic knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
- Fundamental understanding of PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
- The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
- Strong understanding of the changing threat landscape and how this may affect our systems
- The ability to challenge concerns and report through appropriate channels
- Self-drive, motivation and the ability to work independently to deliver expected outcomes
- In-depth understanding of data and security risks in a large enterprise
- Risk & Vulnerability Management experience and understanding of Risk & Vulnerability Management Frameworks
- Strong analytical and report writing skills.
- Experience with serverless cloud technologies such as AWS storage and Lambda functions.
Desirable Qualifications
You will have two (or more) of the following:
- CompTIA Security+, Network+, Linux+, Cloud+, Data+, DataSys+
- CSA CCSK / CCAK
- AWS Certified Security
- Microsoft Azure Security Engineer Associate
- (ISC)² CISSP / CCSP / SSCP
- ISACA CISA / CISM / CRISC / CGEIT
- MSc. Information/Cyber Security
Why join us
Sainsbury’s may be a 150-year-old retail chain, but we’re in the midst of an exciting transformation, redefining the way we operate and embracing a nimble mindset. As a Tech professional, working with us means being part of a journey where you can push boundaries and create incredible systems and technologies. With access to vast amounts of data from billions of transactions, you’ll have the opportunity to make a tangible impact on our colleagues and customers, delivering exceptional experiences. At Sainsbury’s Tech, you’ll join a community of thousands of experts, where knowledge-sharing and learning thrive. Here, things get built, ideas become reality, and solutions reach our customers and colleagues rapidly. Welcome to the home of Sainsbury’s Tech, where possibilities are endless and innovation knows no limits.
Expected salary:
Location: Holborn, Central London