Job Description

At Smart, our mission is to transform retirement, savings and financial wellbeing, across all generations, around the world.

THE ROLE

(12 Month fixed-term contract)

Working in Smart's Group Security team, you will be helping keep Smart safe by creating alerts and security policies as well as triaging and responding to security incidents. You'll work with a small in-house team as well as multiple external partners using the latest security technologies in a cutting edge technology environment.

Responsibilities

Safeguards information system assets by detecting/identifying security problems, addressing false positives and responding to security incidents. Escalates incidents to senior management where necessary, with succinct descriptions, and acts as a point of contact throughout the investigation. Recommends and implements detection criteria, new patterns, new signatures, rules and tunes existing configuration. Manages security incident response, acts directly upon SIEM alerts and generates incident reports (Maintains and manages SIEM technologies) works with our Security Operations Centre (SOC) Performs detailed analysis of the data captured by monitoring systems. Undertakes forensic analysis for investigations, including writing reports and securing evidence. Liaises with architects in relation to security issues and provides future recommendations. Handles client security queries end to end and plans vulnerability remediation in a timely fashion. Assist QA and Security Bug Fix Teams to verify clean and efficient code based on OWASP security best practices specifications. Managing client relationships, organising, conducting and running workshops Clearly define and document business requirements, thereby providing a strong foundation from which technical specifications can be derived. Actively manage senior stakeholders and create a compelling case for change, as well as using your own methods to identify the most suitable approach with regards to requirements capture and analysis. Work closely with third party vendors/partners/internal stakeholders involved in the delivery of security initiatives.

WHO WE ARE LOOKING FOR

The skills, experience, and aptitudes we are looking for are listed below but please don't be discouraged from applying if you don't meet every single one of these criteria - having a 'can do' attitude is sometimes more important than being able to tick every box:




Strong knowledge of AWS fundamentals Experience in creating security alerts in containerised environments Knowledge in Identity and Access Management systems like GSuite, Azure AD, and Okta, authentication integration via OAuth, SAML, and LDAP Ability to handle multiple digital product development conflicts. Deep knowledge of implementing and maintaining SIEMs, including developing alerts and fine-tuning detections Knowledge in Google SecOps and writing YARA-L alerts Strong knowledge of cyber threats, adversary activities Developing security orchestration, automation and response (SOAR) platforms. Strong knowledge of security operation centres and incident response platforms. Understanding of security standards such as ISO27001, SOC2, CIS, NIST. Managing third-party penetration tests, analysing results, prioritising and assisting teams in remediation Previous experience of working in an agile environment. Exceptional stakeholder management and client-communication skills.

WHO WE ARE

We work in partnerships with governments and financial institutions in the UK and internationally. Our cloud-native digital platform is revolutionising how people around the world think about, and save for, their retirement.


At heart, we're a financial technology business. What we do is all about innovation, and using the power of digital change to put the customer first. Our Engineers will tell you that working at Smart gives you the opportunity to play your part in developing world-class technological solutions, working with - and learning from - like-minded people.


You'll also find that, across our business, our colleagues love Smart's culture, and how what we do means better financial outcomes for savers. That feels worthwhile, and it means that what we do, collectively, goes way beyond the nine to five of a typical working day.


Don't just take our word for it - you can see what our colleagues say about working at Smart on LinkedIn Life and Glassdoor.

BENEFITS

25 days' holiday per year, increasing with length of service. 500 annual training budget to spend on your professional development Extensive private healthcare, including dental, eyecare and EAP Enhanced sick leave (three months' pay per year) Enhanced maternity and paternity (maternity - 6 months fully paid/paternity - 3 weeks fully paid) Death in service insurance cover Fully-paid five-week sabbatical after five years of employment In office wellbeing, such as manicures, massages and barbers. Smart employees also enjoy a 50% discount on orders from our sister company Arena Flowers, Britain's most ethical florist. They offer unique hand-tied bouquets, luxury flowers, letterbox flowers, plants and gifts to spend on friends and loved ones or even for yourself.

We think Smart is an awesome place to work. If it sounds like somewhere you'd like to work, too, and if you're ready to play your part in our continued success in the future, then naturally we'd love to meet you.