Cyber Security Analyst

The Cyber Security Analyst is a hands-on role working to protect Lookers from cyber security threats. Your time will be shared across four (4) key areas: * Software Development - Leading the Privacy by Design and secure coding practices within the development teams. * Web Application Firewall - Tuning and responding to alerts from our Akamai Web Application Firewall. * External security testing regime, ensuring that our web sites and public-facing services are subject to the appropriate level of testing and that any identified security weaknesses have been resolved within a timely manner. * And managing the protection of our brand and social media channels using ZeroFox. Duties & Key Responsibilities * Operational cyber security, including the monitoring and maintenance of cyber security tools, such as Web Application Firewall, social media and brand protection, and vulnerability management platforms. * Provide Subject Matter Expertise to the development teams in the principles of secure by design / privacy by design and secure coding practices. * Ensuring that development staff receive appropriate training and demonstrate an acceptable level of secure coding competence. * Identification and risk assessment of newly identified vulnerabilities. * Support the Head of IT Security to deliver risk-based improvements, including public-facing websites and services. * Assist with IT security gap and risks assessments of Lookers IT services, including PCI DSS, ISO 27001 and Cyber Security Essentials. * Enforces and identifies exceptions to Lookers IT security policies, procedures, and standards. Experience & knowledge * Strong knowledge of testing software security (SAST / DAST) and the Tenable vulnerability management platform including web application security testing. * Experience working with cyber security standards, frameworks, and compliance-led initiatives, including achieving Cyber Security Essentials and NIST Cybersecurity framework * A solid technical understanding and strong knowledge of cyber security best practice, common attack types and detection/prevention methods, including OWASP and NIST guidelines * One or more relevant cyber security qualifications from a recognised body, such as Secure Code Warrior, ISC2 Certified Secure Software Lifecycle Professional (CSSLP), CompTIA Cyber Security Analyst, SANS GIAC (GWEB / GICSP / GSSP), and/or EC Council CASE .Net We would be most grateful if you could please share your salary expectations on your application