Senior Information Security Analyst

Sainsbury's

Senior Information Security Analyst – Product Assurance

Reporting to: Information Security Manager – Sainsbury’s

Division/Dept: Data Governance and Information Security

Location: Coventry, London, Manchester (Flexible)

In a nutshell: As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle. You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.

The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. You will be asked to provide recent, industry-respect certificates if successful at interview to demonstrate your ongoing education.

Whilst this role isn’t ‘hands-on’, candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

What you need to do:

• Have good all-round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
• Provide technical, procedural, and policy advice to business stakeholders and Engineers with sufficient detail.
• Review requests to ensure they comply with company policy and best security practice prior to approval.
• Conduct in-depth risk assessments and threat modelling alongside producing detailed documentation.
• Present findings to management alongside recommendations on how to secure our systems.
• Advocate for innovative security solutions through persuasive quantitative evidence and presentation.
• Mentor, engage, and help educate junior colleagues across the InfoSec family.
• Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business.
• Ensure that risks have been raised and be able to comprehensively explain the issues.
• Provide subject matter expertise on the InfoSec domain that the candidate is expert at.
• Evaluate requests from our suppliers to ensure they are fit for purpose.
• Deliver weekly reporting to management and other stakeholders.
• Co-ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues.
• Provide support to the Information Security Manager.

What you need to know and show:

• A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture.
• Experience of working in a hybrid on-premises Active Directory- Microsoft Entra domain services environment.
• Clear understanding of common Identity and Access Management topics.
• Familiarity with common Mobile Device and Endpoint Management solutions.
• An understanding of the Microsoft Defender suite of products.
• Awareness of Email & Web Security Gateway technologies.
• Ability to understand the operation of corporate networks and firewall solutions.
• Consideration on how to assess the security of purchased Software-as-a-Service products.
• Understanding of administrating the core Microsoft 365 suite of applications.
• Knowledge of other Microsoft enterprise services.
• Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.
• Experience with other common productivity & collaboration tools.
• Awareness of common hosting infrastructure options.
• Ability to understand and assess integrations between systems.
• Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds.
• Risk Management experience and understanding of Risk Management Frameworks.
• Strong analytical and report writing skills.
• Appreciation of containerisation technologies.
• Experience with logging, monitoring, load balancing/proxies and API gateways.
• Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet.
• In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain.
• Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies.
• The ability to verify solutions and gain assurance that they are fit for purpose.
• Strong understanding of the changing threat landscape and how this may affect our systems.
• The ability to challenge concerns and report through appropriate channels.
• Self-drive, motivation and the ability to work independently to deliver expected outcomes.
• Excellent teamwork and problem-solving skills.
• In-depth understanding of data and security risks in a large enterprise.

Desirable Qualifications:

You will have two (or more) of the following:

• CSA CCSK / CCAK
• ISACA CISA / CISM / CRISC / CGEIT
• AWS Certified Security or Certified Solutions Architect
• GCP Professional Cloud Security Engineer
• GIAC Cloud Security Automation
• Microsoft Certified Azure Solutions Architect Expert
• Microsoft Certified Cybersecurity Architect Expert
• MSc. Information/Cyber Security (not essential)

As well as lots of on-the-job training and endless opportunities, you'll get:

• Colleague discount across our multi-brands.
• Pension plan.
• Special offers on gym memberships, restaurants, holidays, retail vouchers and more.

Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work.

Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).