Security Engineering Analyst

Serving our customers, communities, and planet a little better every day.

Salary – Between £, - £, + annual bonus & benefits

Location – Edinburgh, Permanent

Office Attendance – Our roles are hybrid; however, you should be able to travel to our Edinburgh office 2 days per week for this position.

A chance to thrive

We’re looking for a Security Engineering Analyst to join our Vulnerability Management and Assurance team at Tesco Bank, part of Barclays Bank UK Plc. The Vulnerability Management and Assurance team are the technical experts in technical vulnerabilities and weaknesses – senior stakeholders rely on our ability to understand deeply technical topics and interpret the situation at the business level. Our team is responsible for detecting, tracking, and advising on vulnerabilities to protect the Bank and our customers.

What you’ll be doing:

• Supporting holistic improvements to our security posture – this is a broad “stem cell” role with many directions to specialise in down the line.
• Scoping and arranging pragmatic assessments and penetration tests – supporting Project assurance and Annual testing cycle alongside Consultancy and Assurance team.
• Vulnerability Scanning & Compliance Benchmarking of all our assets – working alongside our Vulnerability Management experts.
• Managing vulnerability and non-compliance data, driving improvements across the bank - liaising with teams across the bank and gaining broad exposure to various systems.
• Advising system owners, risk teams, and senior stakeholders – reporting key metrics.

We need you to have:

• Technical understanding of vulnerabilities and a familiarity with the attacker mindset.
• Familiarity with a range of security assessment types and ambition to decide, scope, and arrange pragmatic security tests to be carried out by our panel of security vendors.
• Strong understanding of security best practices and anti-patterns.
• Great communication abilities with technical and non-technical colleagues across the bank to build working relationships with other teams, spread awareness of security, and help the bank achieve required levels of protection and governance.

And if you have any of these, even better:

• Understanding of Agile practices and effectively employing the principles in a real-life workplace to improve the team’s service.
• Experience in offensive IT Security tooling and practices experience in pentesting, HackTheBox, TryHackMe).
• Understanding of current and past OWASP Top s (web / API / mobile), CVSSv2 and CVSSv3, MITRE ATT&CK, and NIST Framework.
• IT Security related achievements, publications, certifications, and other credentials.

We don’t expect you to tick every box, and if you feel you hit most of the brief, it’s worth exploring to further develop your career here with us.

What’s in it for you:

• Prepare for your retirement with our colleague pension scheme.
• Virtual GP Service days a year.
• Performance related annual bonus.
• Indulge in a generous holiday allowance with a minimum of weeks, with the opportunity to buy more.
• Embrace the benefits of our Colleague Clubcard, enjoy a % discount that increase to % every payday (worth up to 2K). As an added perk, we’ll give you a second card to share with someone else.
• Benefit from our family-oriented initiatives, encompassing enhanced maternity leave pay, a shared parental leave policy, and a generous paid paternity leave.
• A place to get on - take advantage of our ongoing learning opportunities and training, to help you achieve the job and career you want.

Everyone’s welcome

We want all our colleagues to always feel welcome and be themselves at Tesco Bank, part of Barclays Bank UK Plc. We’re committed to building a more inclusive workplace and celebrating everything that makes colleagues unique, and value the richness and diversity this brings to our business. A more diverse business helps us deliver on our purpose to serve our customers, communities, and planet a little better every day.