Senior Security Analyst in London

Why work for us? A career at Janus Henderson is more than a job, it's about investing in a brighter future together. Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service. We will do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right.

Our Values are key to driving our success, and are at the heart of everything we do:

• Clients Come First - Always
• Execution Supersedes Intention
• Together We Win
• Diversity Improves Results
• Truth Builds Trust

If our mission, values, and purpose align with your own, we would love to hear from you!

Responsibilities:

• Lead the identification, assessment, and remediation of vulnerabilities across applications, infrastructure, and cloud environments, collaborating with development and operations teams for effective solutions.
• Optimise vulnerability scanning profiles, dashboards, and reports to ensure comprehensive coverage and actionable insights, while analysing data to prioritise risks and provide clear remediation guidance.
• Contribute to the continuous improvement of vulnerability management processes, policies, and procedures, including supporting incident response activities and aligning with industry best practices.
• Identify potential security risks and document clear, actionable remediation options or mitigating controls aligned with industry best practices.
• Contribute to other cybersecurity initiatives, utilising our standards and procedures while adhering to industry best practices.
• Perform risk assessments and execute system tests to ensure proper functioning of data processing activities and security measures.
• Ensure that security controls in both new and existing computer systems comply with established security policies and guidelines.
• Assist in incorporating regulatory compliance requirements, such as SOX and GLBA, into the organisation's security roadmap.
• Conduct thorough security incident investigations, including maintaining chain of custody, implementing containment measures, performing root cause analysis, and identifying preventive strategies.
• Support incident response with vulnerability intelligence during security events.
• Participate in the Information Security on-call rotation.

What to expect when you join our firm:

• Hybrid working and reasonable accommodations.
• Generous Holiday policies.
• Excellent Health and Wellbeing benefits including corporate membership to ClassPass.
• Paid volunteer time to step away from your desk and into the community.
• Support to grow through professional development courses, tuition/qualification reimbursement and more.
• All-inclusive approach to Diversity, Equity and Inclusion.
• Maternal/paternal leave benefits and family services.
• Complimentary subscription to Headspace - the mindfulness app.
• All employee events including networking opportunities and social activities.
• Lunch allowance for use within our subsidised onsite canteen.

Must have skills:

• 3+ years in an Information Security role with proven experience in Vulnerability Management.
• Proven hands-on experience with vulnerability management platforms and in a vulnerability management role.
• Experience in information security incident response.
• Knowledge of vulnerability management (remediation and configuration) and other security scanner tools.
• Strong understanding of vulnerability assessment methodologies and risk scoring.
• Strong collaboration skills working with application and infrastructure teams within a security context.
• In-depth working knowledge of security best practices and frameworks (e.g., MITRE ATT&CK, OWASP Top 10, NIST).
• Excellent verbal and written communication skills.
• Ability to manage multiple projects and tasks.
• Analytical ability to capture and summarise information, find solutions to various tactical and strategic problems and prioritise work.
• Exposure to public cloud infrastructure (SaaS, IaaS, and PaaS).
• Familiarity with patch management processes and tools.

Nice to have skills:

• 5+ years of experience within Incident Response and Vulnerability Management.
• Knowledge of Tenable.sc and/or Tenable.io.
• Knowledge of cloud security vulnerabilities and associated scanning techniques.
• Experience with scripting or automation to enhance vulnerability management processes (e.g. Python) and to drive efficiency and innovation.
• Relevant Information Security certifications (e.g. CompTIA Security+, CySA+, CEH, SANS, Cloud Certifications).

You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role. At Janus Henderson Investors we're committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from all backgrounds. Don't worry if you don't think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can't accommodate every flexible working request we're happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know.

Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee's job functions (as determined by Janus Henderson at its sole discretion). All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants' past political contributions or activity may impact applicants' eligibility for this position. Janus Henderson is an equal opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.