Cyber Security Senior Analyst (Design & Assurance)

The opportunity to join our team

We have an opportunity for a Cyber Security Design & Assurance Senior Analyst to join our talented Cyber Security team! This is an awesome position that spans the entire life cycle of projects, integrating security into every phase—effectively “shifting left” to improve security measures from the outset. This is an opportunity to work closely with the business to ensure that the right level of security is incorporated, empowering stakeholders to make informed decisions about risk.

In this generalist role, you’ll also have the opportunity to specialise in areas such as cyber security controls design and verification, threat & vulnerability management and offensive security testing, deepening your expertise within our security strategy.

Key Responsibilities:

• Control Verification and Validation: Lead and perform testing and validation activities to ensure that implemented security controls are effective in mitigating identified risks. This may include Reviewing Security Configurations, conducting Vulnerability Scans, Static and Dynamic Application Security Testing (SAST/DAST) and participating in Security testing exercises.
• Collaboration and Communication: Ability to context switch across various Security domains and engagements. Work effectively with various stakeholders, including project managers, technology teams, and other cyber security professionals. Communicate security risks, requirements, and recommendations clearly and concisely.
• Threat Modelling and Risk Assessment: Lead and conduct threat modelling exercises to identify potential security weaknesses in systems and applications. Participate in security risk assessments to evaluate the likelihood and impact of identified threats.
• Documentation and Reporting: Lead the creation and maintenance of documentation related to security design, controls, and risk assessments. Prepare reports on security posture and compliance for stakeholders.
• Secure Design and Architecture: Collaborate with project teams, developers, and architects to integrate security considerations into the design and implementation of technology and business solutions, with a strong focus on AWS and GCP cloud technologies. Apply secure-by-design principles and recommend appropriate security controls based on risk assessments and industry best practices.

What you will bring to this role

We are looking for a seasoned analyst with a strong background in cyber security design, risk assessment, and control implementation.

To thrive in this role, you will need to have demonstrated technical proficiency in at least one of the following Primary Skillsets, ensuring a solid foundation in core security discipline:

• Vulnerability Management: Operating Tools such as Qualys, Rapid7, or Tenable.
• DevSecOps:
  • SAST: Experience with tools like SonarQube, Snyk, or Veracode.
  • SCA: Proficiency in platforms like Nexus IQ/Lifecycle, Snyk, or equivalent.
  • Container Security: Tools such as Trivy, Sysdig, Falco, or equivalent.
  • DAST: Familiarity with OWASP Zap or similar solutions.
• Security Testing: Practical experience using Burp Suite or equivalent, along with Kali Linux for penetration testing and security assessments.
• Cloud Security: Experience with platforms such as Wiz, Cloud Conformity, or equivalent.

Possession of one or more Secondary Skillsets is considered desirable but not essential.

• DevOps Experience:
  • Software Source Control: Tools like GitHub or GitLab.
  • CI/CD: Platforms such as GitHub Actions, Jenkins, or equivalent.
  • Infrastructure as Code (IaC): Proficiency with Terraform or AWS CloudFormation.
  • Configuration Automation: Tools like Ansible, Puppet, or Chef.
• Scripting and Automation: Ability to write scripts using Python, Bash, or PowerShell.
• Cloud Security: Experience with platforms such as Wiz, Cloud Conformity, or equivalent
• Have demonstrated experience in Controls Design and Assurance in Cloud environments particularly with AWS and/or GCP.
• The ability to context switch and demonstrate analytical and problem-solving skills,  to address complex security issues and develop effective solutions.
• Proven solid understanding of security principles and best practices related to network, cloud, application, and data security.
• Be familiar with relevant industry standards and frameworks such as NIST, ISO 27001, and OWASP.
• Hold relevant cyber security certifications (e.g., AWS or GCP cloud certification, Security+, CySA+, CCSP, or similar).

Join us and make a significant impact on our organisation's security landscape!

Find the better way

What gets us excited about working here? Helping people feel good about their money as one of Australia’s leading financial wellbeing organisations. From those starting out to those retiring. As your team, we’ll show up for you and together we will create financial wellbeing for every Australian. Because we know people who are confident about their financial future live better lives.

If this sounds like your kind of career, you sound like our kind of person. With us, you’ll do work that builds your technical know-how and challenges our entire industry to move forward. Along the way, you’ll be free to explore new ideas and technology, solve problems in a team, and independently to get great things done. Around here, we like to call it “putting our fingerprints on the future”.

People-inspired tech

Deep expertise combined with creativity can take on the trickiest of problems. Join our team of brilliant minds and mentors as we explore our way to innovation and apply technology in more human ways than ever.

__

To Apply

Read more here about why you should join our team.

Applicants will be required to provide evidence of their eligibility to work in Australia, and at a minimum be required to undertake police and basic credit checks as a condition of employment.

Please note that applications from agencies will not be considered at this time.

We acknowledge and celebrate the richness that individual differences bring to our team. If you need assistance or an adjustment during the application process, please reach out and let us know.