Information Security Specialist
  • United Kingdom Manchester
  • ClickJobs.io
1 year before
31.01.2024
Protect and Defend
Cyber Defense Analysis
Job Description

Who we are looking for An Information Security Specialist who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely. The Information Security team deal with the security of closed-sourced, open-source and in-house written applications. The objective is to ensure that systems and services are built with privacy and security by design. You will be working closely with the Software Development team, to confirm that application based vulnerabilities are understood and mitigated. This is done from a security assessment point of view rather than code QA, therefore code reading skills are desirable. The team comprises of a variety of individuals, ranging from graduates to time served engineers with backgrounds as sys-admin, networks, service operation as well as security. We use first-class, enterprise-level tools to identify threats to the systems as well as in house developed scripts and internet research. This role is eligible for inclusion in the Company’s hybrid working from home policy. Preferred skills and experience Broad understanding of technology functions. Use of planned, structured methodologies for conducting and reporting on Web Application Penetration Testing. Excellent understanding of and demonstrable experience with automated, dynamic and static application security testing tools, as well as manual security testing to find vulnerabilities and logical issues. Offensive Security Certified Professional (OSCP) certification or similar. Examination of packets using Wireshark and other related tools. Understanding of industry standard information security practices. Strong communication skills. High attention to detail. Excellent documentation skills. Ability to work to deadlines. Main Responsibilities Providing support to the team leader and technical lead and act as deputy where required. Taking a lead role in the project process to ensure that information security aspects are considered up front and throughout the project lifecycle. Conducting manual and automated source code review. Contributing to and utilising our security testing methodologies, creating and updating technical documentation as necessary. Completing security vulnerability analysis or assessment and taking an active role in external audits as necessary. Developing an understanding of the Business and supporting junior members of the team. Liaising with software development to ensure that security is considered throughout the lifecycle. Identifying any security flaws within our software and manage through appropriately, liaising with external bodies where necessary. Identifying and developing new tools that could be beneficial in the security testing process. Staying up to date with new and emerging threats. “By applying to us you are agreeing to share your Personal Data in accordance with our Recruitment Privacy Policy - http://www.bet365careers.com/privacypolicy.pdf"

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0033   Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
  • K0056   Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • K0058   Knowledge of network traffic analysis methods.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0104   Knowledge of Virtual Private Network (VPN) security.
  • K0111   Knowledge of network tools (e.g., ping, traceroute, nslookup)
  • K0167   Knowledge of system administration, network, and operating system hardening techniques.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0221   Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • K0301   Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • K0332   Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0339   Knowledge of how to use network analysis tools to identify vulnerabilities.
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0057   Skill in using protocol analyzers.
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0156   Skill in performing packet-level analysis.
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • S0169   Skill in conducting trend analysis.
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.