A global team at the heart of cyber innovation, together we create a more secure digital future
Security Analyst
Location
United Kingdom
Posted
2 days ago
Salary
0
Seniority
Mid Level
Job Description
Security Analyst
NCC Group
Role Description As a Bug Bounty Analyst, you will act as the first line of validation for vulnerability submissions. You will work directly with the Bug Bounty researcher community to accurately reproduce and validate submissions and provide clients with technical writeups for any actionable findings. When triaging vulnerability submissions, analysts must assess the reproducibility, the real-world security impact, and that the reported issue is in scope so that submissions can be successfully filtered prior to escalating to the client. Bug Bounty Analysts serve as a trusted intermediary between the researcher community and the client and therefore must have strong technical capabilities balanced with the ability to deliver clear, professional communication. Key Responsibilities - Reproduce reported vulnerabilities in a controlled manner to confirm their validity. - Ensure that all validated reports meet quality standards for clarity, accuracy, and reproducibility before escalation to the client. - Communicate professionally and constructively with the security researcher community, requesting information and providing clarification where needed. - Communicate clearly and professionally with Enterprise clients ensuring that technical details are understood. - Identify and appropriately handle out-of-scope reports, duplicates, and low-quality AI submissions. - Manage client queues to meet agreed response and validation timeframes. - Author and deliver NCC-quality vulnerability reports to the specifications of individual clients. - Drive or contribute to projects that improve BBS’ tooling, operational processes, and delivery quality. Qualifications - Excellent written and verbal communication skills. - Proven experience in web application, network, and mobile application security testing. - Strong knowledge in OWASP Top 10. - Recent professional experience that required regular use of a programming scripting language (E.g., Python, JavaScript). - Vulnerability Disclosure and Bug Bounty experience. - Vulnerability Management experience is a plus. - Software QA experience is a plus. - Experience with SAST and DAST testing tools is a plus. Benefits - Flexible Working: Balance your work and personal life with our flexible working options. - Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave. - Medicash & Critical Illness Scheme. - Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme. - Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities. - Green Car Scheme: Drive green and save money with our eco-friendly car scheme. - Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme. - Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet. - Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Role Description Under supervision, the Digital Forensics Intelligence Analyst analyzes evidence, crime reports, and databases to assist agents, law enforcement officers, and prosecutors in the investigation and successful prosecution of crime. - Identify criminal activity trends and linkages. - Assess cases to determine what type of data should be collected and the method of collection required as directed. - Operate case management system. - Provide analysis on data from computers, cell phones, and all other communications. - Retrieve and manage crime database information and ensure it is maintained on case intake and dispositions. - Review cases to provide the best method of visually portraying events, i.e., link diagrams, events, and association charts. - Utilize specialized computer software to analyze and organize information. - Perform other duties as assigned. Qualifications - High school diploma or GED. - A minimum of 3 years of experience in a related field/setting. Requirements - Computer proficiency. - Attention to detail. - Time management and prioritizing skills. - Ability to use good judgment and strong interpersonal skills. - Self-motivated with the ability to work with minimal supervision. - Exceptional oral and written communications skills. - Must be able to pass and maintain a background check and polygraph administered by the State Department of Corrections. Preferred Qualifications - A bachelor’s degree in digital forensics or related field. - Proficient in Excel. Physical Requirements While performing the duties of this job, the employee is regularly required to: stand, sit, talk, hear, and use hands and fingers to operate a computer, telephone, and a variety of office equipment. Occasionally may need to reach, stoop, or kneel. Benefits - Salary range: $20.90 - $23.82/hr based on experience and qualifications. - Health Insurance. - 401(k). - Disability. - Life Insurance. - Paid Time Off. - Voluntary Benefits.
• Responsible for complex level work supporting information technology applications through planning, designing, implementing, maintaining, and providing ongoing optimization and support • Provide advanced technical support, configuration, integration, and maintenance for healthcare applications throughout their lifecycle • May manage small and mid-sized projects related to these applications and technologies • Document and recommend workflow changes and technical/functional designs • Partner with external vendors to support third-party applications • Solve common and complex issues and serve as PM for mid-size projects • Oversee configuration of electronic and mechanical hardware with software products
Principal Security Analyst - Governance, Risk, and Compliance
BlackbaudBlackbaud is a large, private company founded in 1981 to provide technology solutions to nonprofit organizations. The company helps its clients with fundraising
Role Description The Cyber Security Governance, Risk, and Compliance (GRC) team is looking for a Principal Security Analyst to be a key member of a critical security program responsible for security risk and compliance activities across the entire enterprise. The role will require working with various company stakeholders to build and mature the processes of preparing for how Blackbaud identifies, documents, and assesses risk across the organization and determine the strength of our control framework and implementation. - Champion the security risk quantification program and process to enable informed decision making across the organization. - Articulate security risk through the development of Key Risk Indicators (KRIs) and report to multiple stakeholder groups, including the Executive Leadership Team (ELT) and Board of Directors. - Develop, assess, and implement cybersecurity controls and procedures required to protect the confidentiality, integrity, and availability of Blackbaud data. - Lead and coordinate internal and external security, compliance, and regulatory assessments, including customer audits, independent attestations, certification audits, and third party reviews. - Serve as the primary liaison with assessors and stakeholders to ensure successful completion of assessment activities and remediation efforts. - Act as a key stakeholder in corporate governance forums and committees by serving as an active advocate for cybersecurity practices, risk management, and policy compliance. - Partner with control owners to continuously monitor control implementations, assess effectiveness, and track noncompliance issues through resolution. - Enhance change management processes to socialize, communicate, and educate stakeholders on policy, standard, and procedure updates. - Identify opportunities to strengthen and mature the organization's governance, risk, and compliance programs through continuous improvement initiatives and industry best practices. Qualifications - 8+ year’s experience in Information Technology and/or Security - 3+ year's experience in leading audit/ assessment projects - 3+ year’s experience in risk management frameworks (i.e., NIST CSF) - 2+ year’s experience in quantitative risk management frameworks (FAIR, OCTAVE, etc.) - Experience in corporate GRC solutions (Archer, ServiceNow, etc.) - Experience in financial services, or other highly regulated industries (i.e. SOX, SOC, PCI DSS) - Experience working in an agile team - Demonstrated understanding of cyber risks and implementing mitigation plans - Possesses effective communication and presentation skills - Ability to handle multiple priorities and high stress situation - Industry Certifications like: CISSP, CRISC, CISM/CISA, AWS certification(s), Azure certification(s) Benefits - Medical, dental, and vision insurance - Remote-flexible workforce - Wellness Programs - 401(k) program with employer match - Flexible paid time off - Generous Parental Leave - Donations for Doers - Pet insurance, legal and identity protection - Tuition reimbursement program
• Continuously monitor security alerts and notifications from various tools and platforms to identify potential threats and vulnerabilities. • Assist in investigating and responding to security incidents, including performing initial triage and documenting findings. • Manage annual incident response testing. • Conduct basic threat analysis and research to understand emerging threats and vulnerabilities relevant to our environment. • Support the configuration and maintenance of security tools and systems to ensure they are properly tuned and up to date. • Help identify, assess, and prioritize vulnerabilities in systems and applications, and assist with remediation efforts. • Maintain and update security documentation, including policies, procedures, and incident reports. • Assist in developing and delivering cybersecurity awareness training to staff members. • Support compliance efforts related to cybersecurity frameworks and standards (e.g., PCI, NIST). • Maintaining a disaster recovery strategy and procedures backup plan. • Monitor and manage the organization’s firewall infrastructure to safeguard network traffic. • Oversee IDS/IPS systems to detect and respond to malicious activities and policy violations. • Maintain and update antivirus solutions and endpoint protection tools to prevent and respond to malware threats. • Utilize SIEM tools to collect, analyze, and correlate security event data from various sources. • Support the management and security of VPNs used for remote access. • Monitor and manage email security systems to prevent phishing and other email-based threats. • Assist in ensuring the integrity and security of data backup and recovery systems. • Audit IAM systems to control and monitor user access and authentication.



