Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Support secure services by identifying risks and integrating security into design processes.
- Company: Join a leading bank with a fast-paced, innovative culture.
- Benefits: Remote-first work environment with competitive salary and career growth opportunities.
- Why this job: Make a real impact on security while collaborating with diverse teams.
- Qualifications: Knowledge of security frameworks and experience with vulnerability discovery.
- Other info: Engage in a dynamic role with excellent exposure to cutting-edge technologies.
The predicted salary is between 36000 - 60000 ÂŁ per year.
Join us as an Attack Surface Reduction Analyst. Take on a new challenge and use your specialist knowledge to support the wider organisation in building and operating secure services that protect both colleagues and customers. You’ll act as a subject matter expert in a security related field, making sure that the security implications of the backlog are understood in the right way, building security early into design.
You’ll be joining an exciting and fast‑paced area of the bank, where you can expect great exposure both for you and your work.
What you’ll do:
- As an Attack Surface Reduction Analyst, you’ll be working at a domain level to understand and make sure robust security is continuously considered and incorporated at every stage, programme increment and feature team delivery throughout the development lifecycle and through to support.
- You’ll collaborate with feature teams and participate in story refinement, sprint planning and retrospective sessions, establishing a culture of innovation and strategic thinking that makes sure that the bank has knowledge of, and opportunities to exploit, the latest developments in your area of specialism.
- Supporting with the identification of risks, while contributing to risk management strategies to achieve business objectives and customer outcomes.
- Understanding and implementing Agile methodologies and actively contributing to finding opportunities to build security early into design.
- Making sure that decisions made are based on robust data, return on investment and value measures that demonstrate thoughtful and intelligent cost management.
- Actively contributing to your Centre of Excellence (CoE) specialism by cross sharing learnings and best practice with CoE and Community of Practice colleagues.
- Building and leveraging relationships with colleagues across the bank and third parties to ensure decisions made are commercially focused and create long term value for the organisation.
The skills you’ll need:
- To be successful in this role, you’ll need knowledge of one or more security subject areas and experience of setting risk appetites.
- You’ll also demonstrate experience of, or a willingness to learn, risk management frameworks.
- You’ll bring a strong understanding of vulnerability discovery across diverse environments, including traditional infrastructure, cloud platforms such as AWS, Azure and GCP, APIs, and application code, and you’ll be proficient with scanning tools like Qualys to identify and track exposures effectively.
- An understanding of cloud‑native architectures, container security such as Docker and Kubernetes, and CI/CD pipelines to assess vulnerabilities in dynamic and scalable environments, including recognising misconfigurations, insecure deployments, and cloud‑specific threat vectors.
- Strong communication and stakeholder management skills, and the ability to evaluate and prioritise vulnerabilities based on risk, exploitability, and business impact, and to coordinate remediation efforts across the bank.
- Familiarity with secure coding practices and API security, including the ability to interpret results from SAST, DAST, and API scanning tools.
- Knowledge of common code‑level flaws and the OWASP API Security Top 10 to make sure vulnerabilities are addressed early in the development lifecycle.
- The proven ability to produce clear, actionable reports and dashboards that communicate vulnerability posture and remediation progress.
Hours: 35
Job Posting Closing Date: 14/01/2026
Ways of Working: Remote First
Attack Surface Reduction Analyst employer: NatWest Group
Contact Detail:
NatWest Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Attack Surface Reduction Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at events. A friendly chat can open doors that a CV just can't.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repo showcasing your projects and expertise in security. It’s a great way to demonstrate what you can bring to the table.
✨Tip Number 3
Prepare for interviews by brushing up on common security scenarios and how you’d tackle them. Practice makes perfect, so get a mate to do mock interviews with you!
✨Tip Number 4
Don’t forget to apply through our website! We love seeing candidates who are genuinely interested in joining us and making a difference in security.
We think you need these skills to ace Attack Surface Reduction Analyst
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Attack Surface Reduction Analyst role. Highlight your relevant experience in security, risk management, and any specific tools you've used. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about security and how you can contribute to our team. Be sure to mention any specific projects or experiences that relate to the job description.
Showcase Your Knowledge: In your application, demonstrate your understanding of security concepts and methodologies. Mention any familiarity with Agile practices and how you've applied them in past roles. We love seeing candidates who are proactive about their learning!
Apply Through Our Website: Don't forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re serious about joining our team at StudySmarter!
How to prepare for a job interview at NatWest Group
✨Know Your Security Stuff
Make sure you brush up on your knowledge of security subject areas relevant to the role. Be prepared to discuss risk management frameworks and how you've applied them in past experiences. This will show that you’re not just familiar with the concepts but can also implement them effectively.
✨Showcase Your Technical Skills
Familiarise yourself with tools like Qualys and be ready to talk about your experience with vulnerability discovery across different environments. Highlight any hands-on experience you have with cloud platforms like AWS, Azure, or GCP, as well as container security with Docker and Kubernetes.
✨Communicate Clearly
Strong communication skills are key for this role. Practice explaining complex security concepts in simple terms, as you’ll need to collaborate with various teams. Prepare examples of how you’ve successfully communicated risks and remediation strategies in the past.
✨Be Agile Minded
Since the role involves Agile methodologies, be ready to discuss your experience with Agile practices. Think of specific instances where you contributed to sprint planning or retrospectives, and how you helped integrate security into the development lifecycle early on.
