Senior Information Security Analyst

Coventry, West Midlands, United Kingdom

Sainsbury's

Shop online at Sainsbury's for groceries, clothing, homewares, electricals, financial services and more. Together we’re helping everyone eat better.

View all jobs at Sainsbury's

Apply now Apply later

Job Title / Role

Senior Information Security Analyst – Product Assurance

 

Reporting to

Information Security Manager – Sainsbury’s

 

Division/Dept

Data Governance and Information Security

 

Location`

Coventry, London, Manchester (Flexible)

 

In a nutshell

 

As a Senior Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team who are responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle.

 

You will be continually reviewing our security posture and setting the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.

 

The ideal candidate will have significant (6+ years) experience working within Information or Cyber Security and be passionate about continuous professional development. You will be asked to provide recent, industry-respect certificates if successful at interview to demonstrate your ongoing education. 

 

Whilst this role isn’t ‘hands-on’ candidates are expected to have an in-depth knowledge of security technologies and how these are integrated in monolithic and microservice architectures.

 

What you need to do

 

  • As a Senior Information Security Analyst, you will have good all round infosec experience coupled with finely honed Stakeholder Management skills to ensure that robust security is maintained across our environment.
  • Provide technical, procedural and policy advice to business stakeholders and Engineers with sufficient detail 
  • Review requests to ensure they comply with company policy and best security practice prior to approval 
  • Conduct in-depth risk assessments and threat modelling alongside producing detailed documentation 
  • Present findings to management alongside recommendations on how to secure our systems 
  • Advocate for innovative security solutions through persuasive quantitative evidence and presentation 
  • Mentor, engage and help educate junior colleagues across the InfoSec family 
  • Support strategic initiatives to ensure cybersecurity is integrated at all phases across the business 
  • Ensure that risks have been raised and being able to comprehensively explain the issues 
  • Provide subject matter expertise on the InfoSec domain that the candidate is expert at 
  • Evaluate requests from our suppliers to ensure they are fit for purpose 
  • Deliver weekly reporting to management and other stakeholders
  • Co-ordinate complex incident response and recovery, working closely with Engineers and SOC colleagues
  • Provide support to the Information Security Manager 

 

What you need to know and show

 

  • A strong technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture
  • Experience of working in a hybrid on-premises Active Directory- Microsoft Entra domain services environment 
  • Clear understanding of common Identity and Access Management topics – such as Privileged Access, Single Sign On, Conditional Access, Cloud Access Security Brokers & options for Workload Identities
  • Familiarity with common Mobile Device and Endpoint Management solutions
  • An understanding of the Microsoft Defender suite of products
  • Awareness of Email & Web Security Gateway technologies
  • Ability to understanding the operation of corporate networks and firewall solutions, including Wide Area Network considerations for multi-site deployments (inc. international)
  • Consideration on how to assess the security of purchased Software-as-a-Service products
  • Understanding of administrating the core Microsoft 365 suite of applications (e.g. Office, SharePoint, Teams, Viva, apps & plug-ins)
  • Knowledge of other Microsoft enterprise services, such as Power Platform & Purview
  • Familiarity with AI tooling such as Microsoft 365 / Security / GitHub Copilot.
  • Experience with other common productivity & collaboration tools, such as Confluence, Miro, Adobe Cloud Suite
  • Awareness of common hosting infrastructure options, such as hypervisor services & edge computing deployments
  • Ability to understand and assess integrations between systems through methods such as APIs, Process Automation or Batch processing
  • Nice to have knowledge of AWS, Azure, Oracle, GCP and SAP Clouds
  • Risk Management experience and understanding of Risk Management Frameworks
  • Strong analytical and report writing skills
  • Appreciation of containerisation technologies such as Docker, Kubernetes etc.
  • Experience with logging, monitoring, load balancing/proxies and API gateways
  • Working knowledge of GitHub, Jenkins, Ansible, Chef and Puppet
  • In-depth knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain
  • Familiarity with PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies
  • The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing
  • Strong understanding of the changing threat landscape and how this may affect our systems
  • The ability to challenge concerns and report through appropriate channels
  • Self-drive, motivation and the ability to work independently to deliver expected outcomes
  • Excellent teamwork and problem-solving skills by blending technical knowledge with business requirements
  • In-depth understanding of data and security risks in a large enterprise

 

Desirable Qualifications

 

You will have two (or more) of the following:

 

  • CompTIA CASP+, Cloud+, Security+, Network+, Linux+
  • CSA CCSK / CCAK
  • (ISC)² CISSP / CCSP / SSCP
  • ISACA CISA / CISM / CRISC / CGEIT
  • AWS Certified Security or Certified Solutions Architect
  • GCP Professional Cloud Security Engineer
  • GIAC Cloud Security Automation
  • Microsoft Certified Azure Solutions Architect Expert
  • Microsoft Certified Cybersecurity Architect Expert
  • MSc. Information/Cyber Security (not essential)

 

As well as lots of on-the-job training and endless opportunities, you'll get:

  • Colleague discount across our multi-brands - Sainsbury's, Argos, TU Clothing and Habitat
  • Holiday allowance
  • Bonus scheme
  • Pension plan
  • Special offers on gym memberships, restaurants, holidays, retail vouchers and more

Work-life balance is important to us, so we offer our colleagues as much flexibility as possible in line with the needs of their role. We trust them to decide how, where and when they work, combining remote and collaborative working with a flexible approach to hours, giving them plenty of time and space for life outside of work whilst delivering against our business goals.

We’d all like amazing work to do, and real work-life balance. That’s waiting for you at Sainsbury’s. Think about the scale it takes for us to feed the nation. The level of data, transactions and variety it involves. Then you’ll realise that ours is a modern software engineering environment because it has to be. We’ve made serious investment into a Tech Academy and into setting standards and principles. We iterate, learn, experiment and push ways of working such as Agile, Scrum and XP. So you can look forward to awesome opportunities in everything from AI to reusable tech.

We are committed to being a truly inclusive retailer, so you’ll be welcomed whoever you are and wherever you work. Around here, there’s always the chance to try something new - whether that’s as part of an evolving team or somewhere else across the business - and we take development seriously and promise to support you. We also recognise and celebrate colleagues when they go the extra mile and, where possible, offer flexible working. When you join our team, we’ll also offer you an amazing range of benefits. Here are some of them:
 
 Starting off with colleague discount, you'll be able to get 10% off at Sainsbury's, Argos, TU and Habitat after 4 weeks. This increases to 15% off at Sainsbury’s every Friday and Saturday and 15% off at Argos every pay day. We've also got you covered for your future with our pensions scheme and life cover. You'll also be able to share in our success as you may be eligible for a performance-related bonus of up to 20% of salary, depending on how we perform.  
 
 Your wellbeing is important to us too. You'll receive an annual holiday allowance, and you can buy additional holiday. We also offer other benefits that will help your money go further such as season ticket loans, interest free car loan of up to £10k, cycle to work scheme, health cash plans, pay advance (where you can access some of your pay before pay day) as well access to a great range of discounts from hundreds of other retailers. And if you ever need it there is also an Employee Assistance Programme, you will also be eligible for private healthcare too.

Moments that matter are as important to us as they are to you which is why we give up to 26 weeks’ pay for maternity or adoption leave and up to 4 weeks’ pay for paternity leave. 
 
 Please see www.sainsburys.jobs for a range of our benefits (note, length of service and eligibility criteria may apply).

Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Category: Analyst Jobs

Tags: Active Directory Agile Ansible APIs Automation AWS Azure CASP+ CCSK CCSP CISA CISM CISSP Cloud CompTIA Confluence CRISC Cyber Kill Chain Docker EDR Firewalls GCP GIAC GitHub Governance IAM Incident response IPS ISACA Jenkins Kubernetes Linux MITRE ATT&CK Monitoring NIST NIST Frameworks Oracle OWASP Puppet Risk assessment Risk management SAP Scrum SharePoint SIEM SOC SSCP

Perks/benefits: Career development Equity / stock options Fitness / gym Flex hours Flex vacation Health care Parental leave Salary bonus Signing bonus

Region: Europe
Country: United Kingdom

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.