Senior Security Vulnerability Analyst - Warsaw, Polska - Sportradar

Opis

Job Description:

All software and systems contain defects or vulnerabilities in them. This role is concerned with the management of vulnerabilities that are known about, so to ensure an effective remediation strategy is in place to avoid them being exploited by threat actors.
The Senior Security Vulnerability Analyst role in Sportradar's Attack Surface Management team is to be responsible for identifying, assessing the risk they pose and prioritising vulnerabilities for remediation in conjunction with the system owners, employing a risk-based approach. Thereafter actively reporting on their status and managing them to resolution thus reducing the overall risk to the business.

As a Security Subject Matter Expert (SME), Senior Security Vulnerability Analysts are required
to be technically equipped to understand the different types of vulnerabilities, assessing and
prioritise them based upon their exploitabilitiy, severity and other relevant factors including
exposure and business criticality.

They will also be good communicators and work collaboratively with the system owners and
other members of the Security group so that the risk posture can be easily understood with
vulnerabilities being remediated effectively and in a timely manner.

The Senior Security Vulnerability Analyst is a key member of the Attack Surface Management
Team and reports into the Senior Manager of the Product Security unit which is part of the wider Sportradar Security group).

He / She will be a team-player and always seek to learn, improve processes as well as helping collegues in the wider team.

Accountabilities and Activities:

• Monitoring a variety of tools and systems for the identification of vulnerabilities of various types.
• Triage findings for true and false positives based on a variety of factors.
• Assess the risk of the vulnerability in the context of the system architecture, its data, business criticality, and the availability of exploits for that vulnerability.
• Communicating the results of the analysis effectively to key stakeholders in order to create a realistic remediation plan.
• Creating metrics and KPI reports to ensure that findings are being addressed in a timely manner and overall risk to the business is reduced.
• Becoming a Subject Matter Expert on the various tooling to ensure that it is returning optimal results.
• Assisting investigations into security incidents, and acting as subject matter expert for the vulnerability management domain.
• Identifying opportunities to improve effective vulnerability management across Sportradar.
• Contribute to the development and implementation of security policies related to vulnerability management, ensuring application security principles are applied during design and into business as usual processes to reduce risk, drive adoption and adherence to policies, standards and guidelines by the wider business.
• Maintaining and developing documentation for internal processes, security procedures, and remediation guidelines, and ensuring adherence to them.
• Clearly articulating security issues to Sportradar internal teams, both verbally and in written format as well as presenting information to management stakeholders to both technical and non-technical audiences.
• Troubleshooting and helping to resolve security issues for Sportradar teams.
• Acting as subject matter expert and primary point of contact for security questions from Sportradar internal teams.
• Maintaining relationships with strategic third-party Information Security suppliers, partners and industry forums.
• Generating bespoke reporting from the Sportradar monitoring solution in line with business requirements, ongoing investigations, or senior stakeholder requests.
• Provide advice and guidance on procedural and technical security controls.
• Provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge.
• Work with the technical and solution architects to provide domain/specialist security expertise to IT projects in line with security strategy; contributing to and reviewing project documentation as necessary.

Required Experience:

• 5+ years experience working in an enterprise security environment, preferably in a technical security role.
• Knowledge of common operating system & cloud computing platforms, software development frameworks, network protocols, and security architecture.
• Knowledge of industry standard vulnerability management tools usage and implementation.
• Knowledge of current vulnerabilities and attacks.
• Excellent oral and written communication skills for both technical and non-technical audiences.

Desired Experience:

• Experience working in as a penetration tester or bug-bounty hunter.
• Experience in one or more high-level programming or scripting language.
• Hands-on experience with a variety of scanning tools at different stages of the SDLC.
• A track record of technical delivery working within a fast paced and pressured environment.

Qualifications, Education and Certifications:

• Bachelor's or Master's Degree in Computer Science, Information Technology, Information Security or similar, or equivalent industry experience.
• Industry certifications (or currently working towards them) such as:
• Security certs e.g. CISSP, CISM, CEH, OSCP, SANS etc
• Vendor certs e.g. AWS, Microsoft, Google, etc
• Other relevant certifications.

Sportradar is an Equal Opportunity Employer. We are committed to encourage diversity within our teams. All qualified applicants will receive consideration without regard to among other things, your background, status, or personal preferences