Senior Information Security Analyst

Job Title / Role

Senior Information Security Analyst – Product Assurance

Reporting to

Information Security Manager – Sainsbury’s

Division/Dept

Data Governance and Information Security

Location

Coventry, London, Manchester (Flexible)

In a nutshell

As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.

You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.

The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. You will be asked to provide recent, industry-respect certificates if successful at interview to demonstrate your ongoing education.

Whilst this role isn’t ‘hands-on’ candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

What you need to do

1. As a Senior Information Security Analyst, you will have good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
2. Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail.
3. Review requests to ensure they comply with company policy and best security practice prior to approval.
4. Conduct in-depth risk assessments and threat modelling alongside producing detailed documentation.
5. Present findings to management alongside recommendations on how to secure our systems.
6. Advocate for innovative security solutions through persuasive quantitative evidence and presentation.
7. Mentor, engage and help educate junior colleagues across the InfoSec family.
8. Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business.
9. Ensure that risks have been raised and being able to comprehensively explain the issues.
10. Provide subject matter expertise on the InfoSec domain that the candidate is expert at.
11. Evaluate requests from our suppliers to ensure they are fit for purpose.
12. Deliver weekly reporting to management and other stakeholders.
13. Co-ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues.
14. Provide support to the Information Security Manager.

What you need to know and show

1. A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture.
2. Experience of working in a hybrid on-premises Active Directory- Microsoft Entra domain services environment.
3. Clear understanding of common Identity and Access Management topics – such as Privileged Access, Single Sign On, Conditional Access, Cloud Access Security Brokers & options for Workload Identities.
4. Familiarity with common Mobile Device and Endpoint Management solutions.
5. An understanding of the Microsoft Defender suite of products.
6. Awareness of Email & Web Security Gateway technologies.
7. Ability to understand the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi-site deployments (inc. international).
8. Consideration on how to assess the security of purchased Software-as-a-Service products.
9. Understanding of administrating the core Microsoft 365 suite of applications (e.g. Office, SharePoint, Teams, Viva, apps & plug-ins).
10. Knowledge of other Microsoft enterprise services, such as Power Platform & Purview.
11. Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.
12. Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite.
13. Awareness of common hosting infrastructure options, such as hypervisor services & edge computing deployments.
14. Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing.
15. Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds.
16. Risk Management experience and understanding of Risk Management Frameworks.
17. Strong analytical and report writing skills.
18. Appreciation of containerisation technologies such as Docker, Kubernetes etc.
19. Experience with logging, monitoring, load balancing/proxies and API gateways.
20. Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet.
21. In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain.
22. Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies.
23. The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing.
24. Strong understanding of the changing threat landscape and how this may affect our systems.
25. The ability to challenge concerns and report through appropriate channels.
26. Self-drive, motivation and the ability to work independently to deliver expected outcomes.
27. Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements.
28. In-depth understanding of data and security risks in a large enterprise.

Desirable Qualifications

You will have two (or more) of the following:

1. CompTIA CASP+, Cloud+, Security+, Network+, Linux+
2. CSA CCSK / CCAK
3. (ISC)² CISSP / CCSP / SSCP
4. ISACA CISA / CISM / CRISC / CGEIT
5. AWS Certified Security or Certified Solutions Architect
6. GCP Professional Cloud Security Engineer
7. GIAC Cloud Security Automation
8. Microsoft Certified Azure Solutions Architect Expert
9. Microsoft Certified Cybersecurity Architect Expert
10. MSc. Information/Cyber Security (not essential)

As well as lots of on-the-job training and endless opportunities, you'll get:

1. Colleague discount across our multi-brands - Sainsbury's, Argos, TU Clothing and Habitat.
2. Holiday allowance.
3. Bonus scheme.
4. Pension plan.
5. Special offers on gym memberships, restaurants, holidays, retail vouchers and more.

Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals.