Senior Security Analyst

Cubic offers an opportunity to provide innovative technology for government and commercial customers around the globe, helping to solve their future problems today. We’re the leading integrator of payment and information technology and services for intelligent travel solutions worldwide, and the leading provider of realistic combat training systems, secure communications and networking and highly specialized support services for military and security forces of the U.S. and allied nations.

We are seeking employees inspired by technology, and motivated by the rewards of hard work, commitment, teamwork, quality, integrity, and respect. We invite you to explore opportunities with Cubic.

Essential Job Duties and Responsibilities:

• Lead and supervise the team on a day to day basis, ensuring that the team is adequately resourced and has the required skills and ability to deliver the agreed level of service to our customers.
• Contribute to the technical strategy and procedures for the team and ensure that the team’s objectives are aligned with the business objectives as set by senior management.
• Work collaboratively with internal stakeholders to develop and facilitate team performance improvements.
• Provide expert technical on-the-job training, alongside the Learning & Development team, coaching and mentoring to the team.
• Leads security incident and event management and other operational cyber security monitoring generated by security control tools in accordance with established procedures and security standards.
• Leads incident response, undertakes security investigations and compiles incident and problem management/root cause analysis reports.
• Implements corrective actions where required.
• Leads vulnerability management process for the region.
• Leads external penetration test activities procured from vendors and ensures remediations are documented and implemented.
• Installs, manages and improves technical security control tools and processes.
• Ensures change control requests are reviewed against cyber security requirements to reduce the risk of weakening existing security controls.
• Participates in the evaluation, testing and implementation of such changes.
• Leads security control reviews for all types of IT infrastructure and business applications and recommends appropriate action across the wider Security function.
• Supports mobilisation of new customer programmes and new systems and ensures readiness for operations via established service transition processes within region.
• Supports internal and external customers defining their needs for new access rights and privileges.
• Ensures key performance/key risk information is collated and delivered to internal and external customers according to schedule.
• Contributes to other information security, contingency planning and related activities.
• Provide training and guidance to the wider team, promoting best practice and process improvement.
• May be required to work at or travel on to other local global Cubic sites and datacentres.
• Comply with Cubic’s values and adherence to all company policy and procedures.
• In particular comply with the code of conduct, quality, security and occupational health, safety and environmental policies and procedures.
• Perform other duties assigned by their manager from time-to-time, as may be reasonably required of them.

Minimum Job Requirements:

Qualifications

• Essential: University degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent educations and Team Leader/commercial experience.
• Desirable: A university master-level degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent educations/experience. Certification as an Information Security professional (e.g. ISACA CISA/CISM/CRISC, ISC(2) CISSP, BCS CISMP/IISP). Information privacy/data protection industry certifications – CIPPE/ + CIPM. Payment Card Industry Security Standards Council certification (ISA/QSA). ITIL v3/Prince2 foundation level/TOGAF certifications. IT infrastructure/networking vendors’ certifications.

Skills/Experience/Knowledge

• Essential: Proven team leader with identified tangible results in uplifting team capability. Expert knowledge, focused on execution and delivery of activities, leads the way for improved efficiency in tool use and streamlining processes. Expert knowledge of security SIEM tooling and vulnerability scanners. Experience in implementing and ensuring compliance with cyber security controls to multiple standards including ISO 27001 and ensuring operational controls meet continued compliance requirements to maintain PCI-DSS certifications. Stakeholder management experience e.g. leading consultations/workshops and presentational skills.
• Desirable: Functional experience leading a commercial security operations centre. Experience of compliance programmes of wider security, audit, risk and compliance standards e.g. PCI-P2PE, PCI-POI-PTS, ISO 22301, ISO27005, ISO31000, NIST security and risk frameworks, legislation such as GDPR (highly desirable). Experience using cyber security governance, risk and compliance and IT service management tools. Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402, SOX compliance knowledge/understanding. Experience of transactional revenue, embedded, smartcards and mobile/open payment systems. Proficiency writing and speaking in other European languages.

Personal Qualities

• Able to work effectively and uphold professional standards and confidentiality with internal and external stakeholders at all levels.
• Able to travel globally at reasonable notice and be based internationally for assignments for several weeks’ duration.
• Superior verbal and written English language communications skills.
• Ability to understand corporate objectives to implement them as business unit policy.
• Self-motivated, able to work on own initiative.
• Strong customer service skills.

The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.