Senior Security Analyst

Our solutions are a key part of most industries - electronics, medical research, renewable energy, food production, infrastructure and many more. Working with us means working with the latest technologies and groundbreaking, sustainable innovations.

Join us on our journey for a better tomorrow.

Mission/Purpose of the Job
Security Operations Lead plays a crucial role in maintaining a Vacuum Technique Business Area's cybersecurity posture, Security Operations Lead will be involved in and/or leading multiple streams including but not limited to; Security Operations, Mergers & Acquisitions integration, Risk and Vulnerability Management

Main Responsibilities

Leadership and Mentorship:

• Lead by example a team of Security analysts, providing direction, support, and coaching to ensure the team meets performance objectives.
• Develop and maintain an effective security team through hiring, training, and career development initiatives.
• Represent Security Operations and the wider Information Security function in the global technology team. Be a central point of contact for day-to-day activities and relationships with key stakeholders for Security Operations activities:Security Operations, Mergers & Acquisitions integration, risk management and Vulnerability Management.
• Establish metrics and monitoring to report the effectiveness and efficiency of the Security Operations function.
• Identify and implement new ways to automate and improve Security across the business.
• Working collaboratively with other IT/ Group Security, Information Security, Architecture, Business and PMO teams within Vacuum Technique and the wider Atlas Copco Group.

Security Operations:

Overseas Security Operations including reviewing and making the activities efficient and aligned with industry

standards: 

•  Incident Response: Review, action Incidents, Requests within SLA
• Generic account approvals: Thorough investigation on request and process review within SLA
• Admin access requests: Thorough investigation on request and process review within SLA 
• Third-Party Apps Assessment and Approval: Security questionnaire for assessment based on type of apps and use within SLA following SOPs
• Process reviews and documentation: Review existing process and update. Create new SOPs for all Security Operations activities
• Security and firewall changes assessment: Change approval process review and security assessment within SLA following SOPs
• Reporting related to Security Tasks: Producing and Deliver the project reports every 2 weeks
• Customer Assessment: Audit and assessment by Customer and share the required evidence within SLA following SOPs
• SecOps -Group Security - Working with Group Security on Ad-Hoc tasks
• OT Security Baselining to be completed on demand

Vulnerability Management:

Overseas Vulnerability Management including reviewing and making the activities efficient and aligned with industry

standards: 

• Pentest Scoping: Liaising with the product owner and Order Apps Pentest following SOP and within SLA
• Follow-Ups: Follow-up to achieve the milestone: until vulnerabilities are mitigated / remediated
• Reporting: Testing and Remediation: Review test reports for Remediation following SOP and within SLA
• Exception Process: Liaising with the product owner to understand the application details and exceptions following SOP and within SLA

Collaboration and Stakeholder Management:

• Work closely with Group IT operations, infrastructure teams, and external vendors to ensure seamless integration of security measures.
• Collaborate with business units to understand and implement security requirements tailored to the organization’s needs.

Documentation and Reporting:

• Document security procedures, best practices, and lessons learned for internal and regulatory purposes.
• Prepare detailed security reports and presentations for senior management on risk assessments, incident response, and system status.

Mergers & Acquisitions integration, risk management:

Oversees Mergers & Acquisitions including reviewing and making the activities efficient and aligned with industry

standards: 

• Due Diligence (DD): Kickstart the M&A process by performing DD as per Group Security template following SOP and within SLA
• Testing: Manage the scoping of Security testing following SOP and within SLA
• Risk Identification and Remediation: Follow up on Risk Identified during DD and Pentest following SOP and within SLA
• ATP Rollout: Identify the asset and perform the ATP installation on assets in scope following SOP and within SLA
• Liaising with IT infra. Team: Work with IT Infra. Team and help in a secure way of implementation/integration
• Application Review: Review the applications and provide recommendations/alternatives following SOP and within SLA
• M&A regular Reporting: Provide the M&A information as per the group security requirements to all stakeholders. Ensure all trackers ‘Risks Registers, M&A, Application/Software Assessments, Customer Assessments are always up to date.

Experience:

At least 8-10 years of experience working in Security Operations, with hands-on experience in

• Security Testing: Ability to simulate cyberattacks to identify and exploit vulnerabilities in systems and networks
• Vulnerability Assessment: Proficiency in using tools to scan and identify vulnerabilities in various systems and applications
• Risk Assessment and Management: Skills to evaluate the potential impact of vulnerabilities and prioritize remediation efforts based on risk
• Threat Intelligence: Understanding of current threat landscapes and the ability to analyse threat data to anticipate and mitigate potential attacks
• Patch Management: Knowledge of applying patches and updates to software and systems to fix vulnerabilities
• Configuration Management: Ensuring systems are securely configured and maintaining these configurations over time
• Compliance and Regulatory Knowledge: Understanding of legal and regulatory requirements related to cybersecurity (NIST, CRA, CMMC, ISO 27001, CISM) and ensuring systems comply with these standards

Education:

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Relevant certifications such as ISO 27001, CISM are highly desirable.

Personal Attributes:

• Strong attention to detail and a methodical approach to security management.
• Excellent communication skills, with the ability to work collaboratively with both technical and non-technical stakeholders.
• Ability to manage multiple priorities and work in a fast-paced environment.
• Strong analytical skills and a proactive approach to security risk management.

Diverse by nature and inclusive by choice
Bright ideas come from all of us. The more unique perspectives we embrace, the more innovative we are. Together we build a culture where difference is valued and we share a deep sense of purpose and belonging.