Cyber Vulnerability Analyst

DLG is evolving. Across every facet of our business, our teams are embracing new opportunities and putting customers at the heart of everything they do. By joining them, you’ll have the opportunity to not just be recognised for your skills but encouraged to build upon them and empowered to do your absolute best.

We have an exciting opportunity for a Cyber Vulnerability Analyst to join our Cyber Defence Centre! Reporting into the Vulnerability & Testing Manager, you'll be a key member of our Cyber Defence ‘Assure’ function and perform identification, contextualisation, and analysis of posture weaknesses across the Direct Line Group technology estate. You'll be responsible for ensuring service owners are aware of weaknesses in their security posture and are empowered with the right information to take the necessary actions.

This is a 12-month FTC/secondment opportunity with two London or Bristol office days a week.

What you'll be doing:

This role, as part of the wider team, will focus on running an effective vulnerability management and cloud security posture management (CSPM) service. You'll be responsible for:

• Managing aspects of the vulnerability and CSPM lifecycle excluding patch management.

• Identifying, alongside your peers, vulnerability & CSPM improvement opportunities.

• Improving and maintaining documentation that defines DLG’s vulnerability and posture weakness identification, contextualisation, prioritisation, and tracking framework.

• Relationship management with key technology stakeholders to ensure vulnerability (including cloud configuration weakness) priorities are understood and tracked appropriately.

• Collaborating with the wider Cyber Defence and CISO teams to ensure appropriate mitigation actions are considered within our security capabilities; putting automation at the heart of everything we do.

What you'll need:

This role is suited to an analyst with a strong stakeholder management & risk background, who understands how to effectively influence a wide range of stakeholders, and effectively communicate and prioritise risks across a wide group technology estate. We are looking for individuals with:

• Proven track record being part of a security team or function where you have demonstrated strong stakeholder management skills across stakeholders with differing levels of technical security competency.

• Understanding of core vulnerability and cloud security posture management concepts.

• Pragmatism is a must for this role. Understanding risk, resource availability and business objectives at a group level is key. Putting our customers interests at the heart of everything we do must always come first.

• Experience applying contextualisation to identified posture weaknesses, both from a threat intelligence and internal technology architecture perspective.

• Understanding of how automation must play a role in all stages of vulnerability identification and prioritisation.

• Very strong ability to communicate with both technical and non-technical audiences, both written and verbal.

It's desirable if you have:

• Experience with vulnerability and cloud security posture management tools across multi-cloud estates.

• Best practice understanding of Azure, AWS & GCP environments setup.

• Understanding of wider Cyber Defence areas, such as threat intelligence, operations and engineering and how these areas influence posture improvements opportunities.

• Experience working in environments undergoing change programs.

• Cloud Security Administrator or Auditor certifications (or equivalent based on cloud platform).

Closing date: Tuesday, 20th May

Benefits

We wouldn’t be where we are today without our people and the wide variety of perspectives and life experiences they bring. That’s why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include:

• 9% employer contributed pension

• 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover

• Additional optional Health and Dental insurance

• Up to 10% bonus

• EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.

• 25 days annual leave, increasing each year up to a maximum of 28

• Buy as you earn share scheme

• Employee discounts and cashback

Plus many more!

Ways of Working

This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you.

We want everyone to get the most out of their time at DLG. Which is why we’ve looked beyond the financial rewards and created an offer that takes your whole life into account. Supporting our people to work at their best – whatever that looks like — and offering real choice, flexibility, and a greater work-life balance that means our people have time to focus on the things that matter most to them. Our benefits are about more than just the money you earn. They’re about recognising who you are and the life you live.

Be yourself

Direct Line Group is an equal opportunity employer, and we think diversity of background and thinking is a big strength in our people. We're delighted to feature as one of the UK's Top 50 Inclusive Employers and are committed to making our business an inclusive place to work, where everyone can be themselves and succeed in their careers. We know you're more than a CV, and the things that make you, you, are what bring potential to our business. We recognise and embrace people that work in different ways so if you need any adjustments to our recruitment process, please speak to the recruitment team who will be happy to support you.

#LI-GY

#LI-HYBRID