At Smart, our mission is to transform retirement, savings and financial wellbeing, across all generations, around the world.

WHO WE ARE LOOKING FOR

The skills, experience, and aptitudes we are looking for are listed below but please don’t be discouraged from applying if you don’t meet every single one of these criteria – having a ‘can do’ attitude is sometimes more important than being able to tick every box:

• Strong knowledge of AWS fundamentals Experience in creating security alerts in containerised environments
• Knowledge in Identity and Access Management systems like GSuite, Azure AD, and Okta, authentication integration via OAuth, SAML, and LDAP
• Ability to handle multiple digital product development conflicts.
• Deep knowledge of implementing and maintaining SIEMs, including developing alerts and fine-tuning detections
• Knowledge in Google SecOps and writing YARA-L alerts
• Strong knowledge of cyber threats, adversary activities
• Developing security orchestration, automation and response (SOAR) platforms.
• Strong knowledge of security operation centres and incident response platforms.
• Understanding of security standards such as ISO27001, SOC2, CIS, NIST.
• Managing third-party penetration tests, analysing results, prioritising and assisting teams in remediation
• Previous experience of working in an agile environment.
• Exceptional stakeholder management and client-communication skills.

WHO WE ARE

We work in partnerships with governments and financial institutions in the UK and internationally. Our cloud-native digital platform is revolutionising how people around the world think about, and save for, their retirement.
At heart, we’re a financial technology business. What we do is all about innovation, and using the power of digital change to put the customer first. Our Engineers will tell you that working at Smart gives you the opportunity to play your part in developing world-class technological solutions, working with – and learning from – like-minded people.
You’ll also find that, across our business, our colleagues love Smart’s culture, and how what we do means better financial outcomes for savers. That feels worthwhile, and it means that what we do, collectively, goes way beyond the nine to five of a typical working day.
Don’t just take our word for it – you can see what our colleagues say about working at Smart on LinkedIn Life and Glassdoor.

RESPONSIBILITIES

• Safeguards information system assets by detecting/identifying security problems, addressing false positives and responding to security incidents.
• Escalates incidents to senior management where necessary, with succinct descriptions, and acts as a point of contact throughout the investigation.
• Recommends and implements detection criteria, new patterns, new signatures, rules and tunes existing configuration.
• Manages security incident response, acts directly upon SIEM alerts and generates incident reports (Maintains and manages SIEM technologies) works with our Security Operations Centre (SOC) Performs detailed analysis of the data captured by monitoring systems.
• Undertakes forensic analysis for investigations, including writing reports and securing evidence.
• Liaises with architects in relation to security issues and provides future recommendations.
• Handles client security queries end to end and plans vulnerability remediation in a timely fashion.
• Assist QA and Security Bug Fix Teams to verify clean and efficient code based on OWASP security best practices specifications.
• Managing client relationships, organising, conducting and running workshops
• Clearly define and document business requirements, thereby providing a strong foundation from which technical specifications can be derived.
• Actively manage senior stakeholders and create a compelling case for change, as well as using your own methods to identify the most suitable approach with regards to requirements capture and analysis.
• Work closely with third party vendors/partners/internal stakeholders involved in the delivery of security initiatives.