Head of Security Testing & Threat Vulnerability Management
Do you want to define and lead the security testing and threat vulnerability management efforts for one of London’s finest financial institutions? This organisation powers financial markets and exchanges, and delivers bleeding-edge products to firms all over the globe.
As the Lead of this team, you’ll take charge of the development and execution of strategy for the team, setting and driving the achievement of important metrics and objectives through effective leadership and ensuring alignment with the broader CIS strategy. You will manage the performance, development, and wellbeing of your specialist team across various technical domains to provide robust control, security, and resiliency of the compute environment.
Your goals will always be towards protecting customer and employee confidential information. You and your team will achieve these by developing and executing a security testing framework, and implementing the best tools and processes at your disposal. Managing penetration testing, vulnerability scanning, red-teaming, and intelligence lead testing (CBEST), you’ll work closely with infrastructure and application teams to monitor, track, and ultimately drive down key vulnerabilities. Your colleagues in business and technology will lean on you as a trusted advisor, so expect to be involved in major change activities to ensure the appropriate security engagements.
To be successful in this role, it requires:
- Understanding of Security Testing protocols, pen testing and code testing
- Experience in Red Team management
- Current working knowledge of the industry threat landscape and tracking of cyber threat
- An understanding of the threat intelligence data formats and standards (openioc, stix, taxii, maec)
- An understanding of SIEM platforms (e.g. Splunk/QRadar/LogRhythm).
- Experience in security event analysis & triage, incident handling and root-cause identification
- Experience with performing malware analysis using a variety of techniques including dynamic and static analysis
- An understanding of Windows/Linux internals, and how malware typically interacts with the OS
- Solid understanding of networks including the TCP/IP stack, typical organisation architectures, and common protocols abused by malware.
- Knowledge of Windows Active Directory and how it is commonly abused by threat actors
- Experience in financial services organisations or similarly regulated organisations
- Experience in working with multi-country organisations and complex integration programmes with significant business impact
- Experience in developing and influencing strategic working relationships with key technology suppliers.
Apply for this role
All fields marked with * are required.