Senior Information Security Analyst

at  Cubic Corporation

Business Unit:
Cubic Transportation Systems
Company Details:
When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.
We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.
Job Details:
Manages vendor-supplied penetration tests across Cubic customer programs to meet contractual and project requirements. Maintains current knowledge of malware attacks, and other cyber security threats. Help creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Interprets, executes and documents testing procedures using agreed methods and standards. Records and analyses actions and results. Reviews test results and suggest modified tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. This position will work under general supervision and guidance.

Essential Job Duties and Responsibilities:

• Manages information security penetration testing for new and existing business applications, IT infrastructure and/ or Company products, and provides advice and guidance on scope of penetration testing to meet relevant technical security controls (e.g. ISO27001 and/or the PCI security standards)
• Ensures penetration tests meet information security requirements
• Ensure that all VM Sec Ops processes are followed and ensure that all Security tools are maintained
• Develop and maintain VM Sec Ops reports and dashboards
• Ability to explain tool sets to auditors and customers alike.
• Expert knowledge of SIEM tools, vulnerability scanners
• Ensures all residual risk is documented for agreement by business service owners.
• May be required to work on other global Cubic sites and data centres

Minimum Job Requirements:
Qualifications

Essential:

• Bachelor’s degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent qualifications/experience
• Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP)

Desirable:

• Master’s degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering)
• Payment Card Industry Security Standards Council certification (ISA/ QSA/ QSA P2PE)
• HMG IA qualifications/ CLAS/ CISPM
• ITIL v4/ Prince2 foundation level/ TOGAF 9 certifications
• Security and IT infrastructure/ networking vendors’ certifications

Skills/Experience/Knowledge

Essential:

• Demonstrable experience in managing penetration tests
• Demonstrable experience supporting PCI-DSS certified solutions
• Experience supporting secure development lifecycles (SDL)
• Good understanding of enterprise-scale security management process and infrastructure
• Detailed knowledge of enterprise IT infrastructure and tools (e.g. Microsoft, Cisco, Oracle Solaris, Linux)
• Superior network infrastructure and protocol knowledge
• Knowledge of cryptographic services, current ciphers and key management systems
• Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402
• Able to support an “on-call” out-of-business-hours service on a rotating basis with this responsibility spread across team members

Desirable:

• Demonstrable experience supporting architecture/ compliance programs for information security, audit, risk and compliance standards and legislation e.g. PCI-P2PE, PCI-POI-PTS, ISO 22301, ISO27005, ISO31000, NIST security and risk frameworks, GDPR
• Experience of application security testing tools and DevOps frameworks, e.g. Sonarqube, JIRA, static & dynamic code analysis/ “fuzzing”
• Ability to provide and report key performance indicator metrics demonstrating product and/or security architecture compliance within DevOps and waterfall project methods, product development
• Coding skills within development tools/ environments; Java, Visual Studio, C#
• Experience of transactional revenue, embedded, smartcards and mobile payment systems
• Knowledge / experience of security architecture of major public cloud services e.g. Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers e.g. Okta
• In depth understanding of information security operations tools, e.g. Tenable.IO, Nessus, Qualys, Splunk, Trend Micro DeepSecurity, Imperva, TripWire, Cisco IPS, McAfee, Barracuda

Personal Qualities

• Must be able to work effectively and uphold professional standards and confidentiality with Cubic internal and external customers as well as staff at all levels of the organisation. The role will also be required to work with security vendors, Cubic suppliers and customers.
• Must be able to travel globally at reasonable notice and be based internationally for assignments for several weeks’ duration
• Strong communication skills and able to rapidly acquire new knowledge and learn on the job
• Self-motivated, able to work on own initiative

Condition of Employment:
Successful outcome of a National Police Check
The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need.
Worker Type:
Employe

• Manages information security penetration testing for new and existing business applications, IT infrastructure and/ or Company products, and provides advice and guidance on scope of penetration testing to meet relevant technical security controls (e.g. ISO27001 and/or the PCI security standards)
• Ensures penetration tests meet information security requirements
• Ensure that all VM Sec Ops processes are followed and ensure that all Security tools are maintained
• Develop and maintain VM Sec Ops reports and dashboards
• Ability to explain tool sets to auditors and customers alike.
• Expert knowledge of SIEM tools, vulnerability scanners
• Ensures all residual risk is documented for agreement by business service owners.
• May be required to work on other global Cubic sites and data centre