Role Purpose

The Security Analyst will be responsible for identifying, analysing, and mitigating security threats and vulnerabilities across the organisation’s operational environments. The role focuses on proactive security testing, threat simulation, and vulnerability assessments to strengthen the organisation’s cyber resilience, support regulatory compliance, and enhance the overall security posture of the organisation.

Responsibilities or duties

Strategy

• Support the development and implementation of security strategies and protocols to protect systems, networks, and data.
• Collaborate with internal stakeholders to assess security risks and recommend preventive and corrective controls.
• Continuously monitor emerging cyber security threats, technologies, and best practices to enhance organisational readiness.

Operational

• Conduct penetration testing across internet, intranet, wireless, web applications, social engineering, and physical environments.
• Execute red team exercises to identify gaps in security controls and incident response readiness.
• Identify, analyse, and exploit security vulnerabilities across diverse systems and environments.
• Lead or support penetration testing engagements, including providing technical guidance to junior team members.
• Analyse test results and prepare clear, comprehensive reports outlining findings, risks, and remediation recommendations.
• Communicate complex security concepts and findings to technical and non-technical stakeholders, including senior leadership.

Corporate Governance

• Ensure compliance with regulatory requirements, industry standards, and internal information security policies.
• Develop and maintain security documentation, including policies, procedures, and incident response plans.
• Provide guidance to internal teams on security-related matters and support audit and compliance activities.

People and Culture

• Promote a strong culture of security awareness and shared responsibility across the organisation.
• Support knowledge sharing and skills development within the Cyber Security team.
• Collaborate respectfully and effectively with cross-functional teams to embed security into everyday operations.
• Model professional conduct, accountability, and ethical behaviour in all security engagements.

Qualifications or requirements (e.g., education, skills)

Key Competencies

• Strong knowledge of penetration testing and vulnerability assessment techniques.
• Ability to analyse complex security risks and recommend effective controls.
• Strong interpersonal and communication skills
• High attention to detail and investigative mindset.
• Ability to work independently and collaboratively within technical teams.

Key Deliverables for the Role

• Conduct threat and vulnerability assessments with actionable remediation recommendations.
• Investigate, document, and report information security incidents and emerging risks.
• Analyse and respond to newly identified hardware and software vulnerabilities.

Academic Qualifications

• Bachelor’s degree in Computer Science or a related discipline from a recognised institution.
• Information Security certifications such as CEH, OSCP, CompTIA PenTest+, or CRTP.
• Networking certifications such as MCSE, CCNA, or CCNP.
• IT Service Management certification (ITIL).
• Cloud technology competency.

Experience needed

Relevant Experience

• Minimum of 3 years’ experience in penetration testing and vulnerability assessments.
• At least 1 year of experience within a medium to large-sized organisation.
• Hands-on experience with security testing tools, secure infrastructure reviews, and modern security technologies.

• Support the development and implementation of security strategies and protocols to protect systems, networks, and data.
• Collaborate with internal stakeholders to assess security risks and recommend preventive and corrective controls.
• Continuously monitor emerging cyber security threats, technologies, and best practices to enhance organisational readiness.
• Conduct penetration testing across internet, intranet, wireless, web applications, social engineering, and physical environments.
• Execute red team exercises to identify gaps in security controls and incident response readiness.
• Identify, analyse, and exploit security vulnerabilities across diverse systems and environments.
• Lead or support penetration testing engagements, including providing technical guidance to junior team members.
• Analyse test results and prepare clear, comprehensive reports outlining findings, risks, and remediation recommendations.
• Communicate complex security concepts and findings to technical and non-technical stakeholders, including senior leadership.
• Ensure compliance with regulatory requirements, industry standards, and internal information security policies.
• Develop and maintain security documentation, including policies, procedures, and incident response plans.
• Provide guidance to internal teams on security-related matters and support audit and compliance activities.
• Promote a strong culture of security awareness and shared responsibility across the organisation.
• Support knowledge sharing and skills development within the Cyber Security team.
• Collaborate respectfully and effectively with cross-functional teams to embed security into everyday operations.
• Model professional conduct, accountability, and ethical behaviour in all security engagements.
• Conduct threat and vulnerability assessments with actionable remediation recommendations.
• Investigate, document, and report information security incidents and emerging risks.
• Analyse and respond to newly identified hardware and software vulnerabilities.

• Strong knowledge of penetration testing and vulnerability assessment techniques.
• Ability to analyse complex security risks and recommend effective controls.
• Strong interpersonal and communication skills
• High attention to detail and investigative mindset.
• Ability to work independently and collaboratively within technical teams.
• Cloud technology competency.

• Bachelor’s degree in Computer Science or a related discipline from a recognised institution.
• Information Security certifications such as CEH, OSCP, CompTIA PenTest+, or CRTP.
• Networking certifications such as MCSE, CCNA, or CCNP.
• IT Service Management certification (ITIL).
• Cloud technology competency.