Senior Information Security Analyst - Security Testing (C5)
There's a whole lot more to technology at Sainsbury's than meets the eye. In this vital role at the forefront of Information Security, you'll find we're as much a Digital and Technology company as we are a Supermarket Chain. And as we continue our digital transformation, you'll be at the heart of it.
You'll discover a business with a Cloud-first approach, embracing the latest technologies. We're ahead of the game in methodology too, building a DevOps culture and embedding Agile working. Our Digital and Technology teams develop an extraordinary variety of products and services spanning our supermarkets, online shopping, and our finance offerings through Sainsbury's Bank. They power a diverse back office, too - from logistics and store support, through to HR apps.
We take our responsibility for protecting customer and colleague data seriously, so Information Security is crucial to our success in all these areas. The scope to develop a rewarding career is every bit as big as our ambitious plans to develop new apps and services.
As an experienced Senior Information Security Analyst, you'll be a trusted consultant to the business. Your brief will span security testing, both for business as usual and a diverse portfolio of IT projects. Working closely with BAU, project and programme teams, including Service Owners and Managers, Delivery Managers, Solution Architects, Developers, DevOps and Product Owners, you'll ensure that all Sainsbury's IT Systems and Data is protected. Put simply, you will test to make sure the security controls we build in do the job.
Supporting in-house development utilising Agile and Waterfall methodologies, a strong knowledge and experience of penetration and other security testing will be vital. This key role goes far beyond testing new systems, services and products. We're constantly changing and updating both business and customer-focused systems, so there's a constant need to test. You'll manage remediation of identified vulnerabilities and play a pivotal role in the full risk management lifecycle. Getting to know our systems well, you'll understand your important role in the big picture of Sainsbury's thriving, and making a positive difference for our customers. Widely recognised for your expertise, the impact you have will be huge. This will include mentoring and developing junior colleagues in the Information Security Testing team.
So what are we looking for?
To join us, you'll need to have either OSCP, GIAC or CEH, or be a Qualys Certified Specialist. It would also be an advantage to have CISSP, CISM, CRISC, CISA or an equivalent Information Security qualification.
You'll bring to the role proven experience of using web application vulnerability scanning tools such as Qualys WAS, IBM AppScan and HP Web Inspect. We'll also expect you to be highly skilled in the use of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Source Code Analysis tools like HP Fortify, Veracode and Checkmarx.
To find out more information and to apply, please click the APPLY button.