CyberSecurity Analyst

Cyber Security Analyst

Reference: 25000N1V

Responsibilities

• Oversee the security aspects of a diverse portfolio of banking service platforms and applications, contributing to compliance projects for functional and technical teams.
• Support functional and technical teams through major platform and application evolutions, requiring a strong understanding of architecture, functionalities, and security policies.
• Monitor and maintain application compliance levels according to global audit and regulatory programs such as ECB Audit, NIST, GDPR Compliance, NYDFS, and SECAIA.
• Enhance and sustain application and platform security in alignment with regulatory mandates and Societe Generale group security criteria.
• Collaborate with application and technical teams to deploy, troubleshoot, and maintain essential security solutions that meet defined security criteria.
• Prepare regular reports on Business As Usual (BAU) activities and key programs, maintaining clear communication with project stakeholders.
• Independently plan, organize, and follow up on action plans, demonstrating a high degree of autonomy.
• Conduct Application Security Assessments (ASA) and Security Control Assessments, providing actionable security recommendations.
• Perform risk reviews, validate ad-hoc requests and derogations, and maintain risk acceptance documentation in accordance with group guidelines.
• Champion 'Secure by Design' principles throughout the application Software Development Life Cycle (SDLC).
• Provide demonstrations and training to teams on 'Secure by Design' methodologies and emerging security technologies.

Profile Required

• Possess 2 to 5 years of IT security experience with a solid foundation in information security principles.
• Demonstrate the ability to comprehend architectural challenges to formulate security policies and recommendations for applications and projects, engaging effectively with architects and project managers.
• Exhibit strong knowledge of SDLC and practical experience in security environments and activities.
• Familiarity with Application Security, Vulnerability Management, Cloud Security, and Threat Modeling.
• Awareness of digital technologies and an understanding of functional domains and business processes.
• Skilled in identifying and proposing process improvements, preparing documentation, and consolidating technical and process-related security information.
• Knowledge of Cloud and Network Security, Identity and Access Management (IAM), Data Encryption, and Security Information and Event Management (SIEM).
• Understanding of regulatory frameworks including GDPR, NYDFS, SCHREMS, and DORA.
• Familiarity with Cloud infrastructure, Firewalls, Routers, and Wi-Fi security.
• Exposure to programming languages and technologies such as JAVA, API, ASP.Net, Spark, Python, and React.js.
• Experience with security tools like Qualys, Nessus, Nmap, Burp Suite, SonarQube, Netsparker, OWASP, and open-source security testing tools.
• Exhibit strong work ethics, adaptability, interpersonal skills, and problem-solving capabilities.

Mandatory Skills

• Application Security, Vulnerability Assessment and Penetration Testing, Risk Management, Cloud Security, API Security, Vulnerability Management, DevSecOps.
• Proficiency in customer and business interactions.
• Excellent communication skills, including negotiation and influencing abilities, with a strong capacity to persuade and impact others.