Job Description
Rate: £500-£550 per day Inside IR35
Duration: 6 months initially (will extend, 6 month rolling)
Location: Ipswich 3 days, 2 days remote
Position Summary:
We are seeking a highly skilled Security Risk Analyst with a strong background in application security, vulnerability management, and risk assessment. In this role, you will be responsible for conducting security diagnostics across a suite of applications, identifying potential vulnerabilities, and delivering detailed risk assessment reports to the CISO. This position does not involve remediation but plays a critical role in uncovering and reporting risks within the organization’s application landscape.
Key Responsibilities:
* Conduct security risk diagnostics on enterprise applications to identify vulnerabilities, weaknesses, and compliance gaps.
* Perform comprehensive vulnerability assessments and penetration testing to evaluate application-level security posture.
* Develop detailed risk reports and vulnerability findings, including risk impact and likelihood, and deliver to the CISO.
* Collaborate with cross-functional teams to collect necessary data and context for risk assessments, while maintaining an independent risk evaluation.
* Support the organization’s GRC (Governance, Risk, and Compliance) objectives by aligning assessments with security frameworks and standards.
* Assist with security audits and help prepare documentation for internal or external reviews.
* Apply industry-recognized standards and frameworks such as NIST, ISO 27001, CIS Controls, in assessments and recommendations.
* Leverage past penetration testing, vulnerability management, and incident response experience to identify and contextualize threats effectively.
* Partner with and provide direct insights to CISOs and senior security leadership, contributing to overall security strategy and risk posture awareness.
Required Skills & Qualifications:
* Senior profile with experience in security risk analysis, application security, or vulnerability management.
* OSPC or CISP
* Proven experience with security frameworks such as NIST, ISO 27001, CIS Controls – nice to have.
* Strong knowledge of vulnerability scanning tools (e.g., Qualys, Tenable, Nexpose, Burp Suite).
* Solid understanding of risk assessment methodologies and ability to communicate technical risks in business terms.
* Hands-on background in penetration testing, incident response, or vulnerability management with a move into risk analysis preferred.
* Experience collaborating with or reporting to CISOs and senior security stakeholders.
* Excellent analytical, documentation, and presentation skills.
Preferred Qualifications:
* Security certifications such as CISSP, CISM, CRISC, OSCP, CEH, or equivalent.
* Experience working in regulated industries (e.g., finance, healthcare, government).
* Familiarity with risk scoring methodologies (e.g., CVSS, FAIR).