Cloud CyberSecurity Analyst (Vulnerability Analyst) - Work from Home

Cloud CyberSecurity Analyst (Vulnerability Analyst)

Note: this role is a virtual/work from home/remote opportunity

As a CyberSecurity Analyst you will work closely with the other members of the CyberSecurity team in both project orientated work and security operations activities.

You will work closely with internal and external managed security service providers on all manner of operational security and support their activities where needed.

The CyberSecurity Analyst will be the principle point of escalation within technical security.

The CyberSecurity Analyst will be engaged in a number of project-based activities, providing security architecture support and guidance, advising on industry standard security best practice, ensuring projects align to the Alight security policies and standards and offering general insight into security principles and their application within Alight.

The CyberSecurity Analyst will assist in the wider operational activities including but not limited to Data Security, SOC1/SOC2 Audits, Client Audits, security certifications and penetration and vulnerability testing.

You will be expected to support management teams during security incident events and be confident and capable of explaining the risk and remediation positions for threats as part of the global security incident management process.

The role will require you to have a technical background. Understanding of security technologies, security controls and security best practice would be ideal but a willingness and desire to expand these security skills and knowledge within the technical security team is mandatory.

The ideal candidate will need to be proficient in security capabilities and wider general security best practice. Where up skilling is required, this will be provided through both peer knowledge share and explicit training.

The nature of the role and the distribution of team members requires the individual to be a self- starter, focused, motivated, flexible with good communication skills.

Duties and Responsibilities

• Work with the CyberSecurity Operations Management and colleagues on a day-to-day basis to ensure the highest levels of security and control are maintained throughout Alight.
• Ensure all Security Incidents and Security Events are managed through the Security Incident Management process and provide direct communications for all critical items requiring the attention of senior management through the Head of CyberSecurity Operations.
• Configure and execute vulnerability assessment activities to ensure that all vulnerabilities are discovered, prioritized and assigned to appropriate remediation teams. Provide guidance to teams with regard to the vulnerability management program.
• Ensure regular / recurring tasks and activities are managed efficiently and within defined time constraints.
• Work with technical and business units across the organization to develop and implement security standards, policies and practices to make continual improvements and increase the effectiveness of the security program.
• Work with technical and business units across the organization as a security reference point, offering advice, support and guidance on all a wide range of security orientated issues.
• Assist in documenting and updating as appropriate, security and risk policies, standards and processes ensuring these, and the risk register are up to date and regularly reviewed.
• Maintain a positive, professional environment in full compliance with applicable laws, regulations, policies, and procedures; ensure that staff members understand and comply with applicable laws, regulations, policies and procedures. Write and publish risk reports to provide situational awareness and communicate risks to management.

Position Requirements

• Graduate or higher degree holder in relevant information security or a related technical discipline; or the equivalent combination of education; professional training or work experience.
• Some knowledge of ISO27001 and SSAE/18 standards and controls coupled with GDPR working knowledge would be a plus.
• 2+ years Cloud support (AWS preferred)
• 3+ years of technical operations experience, providing system/platform support for one or more of the following:
• Network Operations or engineering
• System administration of Linux or Windows
• SOC/CIRT team lead
• Advanced English oral and written communication skills.
• Confident but reassuring customer-facing style and excellent organizational skills.
• Good team player skills coupled with good analytical skills.
• Technical awareness of (and ideally experience in) SIEM, IDS / IPS, DLP, DDoS, Data classifications, vulnerability management and penetration testing, with any forensics experience a plus.
• Maintain a good technical understanding of today's security marketplace, the threat landscape and how vendors are responding to the changing face of data security.
• Self-motivated learner with drive to investigate problems with minimal instruction and supervision.

Work Conditions

• Will be required to be flexible in working hours.
• May be required to travel to other sites globally.
• Will be required to undertake security vetting.
• Always maintain a high standard of professionalism, both in manner and appearance.
• Positively react to change as the Company evolves and the needs of the department change.
• Will be expected to complete compulsory internal annual Security and Compliance training.
• Carry out other duties, not covered above, as necessary, which will be deemed appropriate to the nature of the department and/or role.

Background Check Required

By applying for a position with Alight, you understand that, should you be made an offer, it will be contingent on your undergoing and successfully completing a background check consistent with Alight's employment policies. Background checks may include some or all of the following based on the nature of the position: SSN/SIN validation, education verification, employment verification, and criminal check, search against global sanctions and government watch lists, fingerprint verification, credit check, and/or drug test. You will be notified during the hiring process which checks are required by the position.