We are the leading global information services company, providing data and analytical tools to our clients around the world. We help businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. We also help people to check their credit report and credit score, and protect against identity theft.
In 2017, for the fourth consecutive year, Experian has been named to Forbes Magazine’s Top 100 list of the “World’s Most Innovative Companies.”
We employ approximately 17,000 people in 37 countries and our corporate headquarters are in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
This position is a part of the Global Security Office (GSO). The GSO sets and ensures that the Information Security policy and standards are implemented across Experian.
The Information Security Specialist provides consulting and assurance services to business. The position requires a strong ability to interface with technical and business experts and articulate the risk in business terms and has a focus on application security. The specialist will work with DevOps teams to ensure that security requirements and secure development are incorporated into processes, as well as evaluate the likelihood and impact of application vulnerabilities, provide consultancy around mitigation approaches, advise on remediation guidelines for developers and business application owners, articulate risk and support risk management practices.
- Perform periodic security assessment for existing environments - applications, systems/servers, network infrastructure, database and other technologies and processes
- Perform deep dive security assessments for existing applications, technology or processes by following how each control is implemented and obtaining evidence as desired
- Work with program specialist team to develop and deploy a process to perform assessments and deliver formal assessment reports to business
- Perform security assessments for new projects – new application development projects, data center build, network enhancements, or any other new technology or infrastructure build/enhancements
- Partner with businesses and technology to research and provide security guidance for strategic projects involving new technologies or concepts
- Escalate risks and details to business partners and Regional Information Security Officers (RISOs) as they appear.
The successful candidate will have:
- Bachelor’s degree in computer science or relevant field or equivalent demonstrable experience
- 3 years of experience in security field specially around security assessments or audit field
- Hands-on experience of vulnerability management, static and dynamic code analysis
- Strong knowledge of web and mobile application security testing frameworks and methodologies
- Experience with assessing multiple programming languages and secure coding practices
- GSEC, GCIH, CISA, CISM, CISSP, or comparable certifications preferred but not required
- Excellent verbal and written communication skills
- Process driven, and has eye for detail, automation and efficiency to improve programs/processes
- In-depth knowledge of the OWASP top 10 vulnerabilities, SANS Top 25 and CWE (exploitability, prevalence, detectability as well as understanding of business and technical impacts, attack vectors and relevant threat actors)
- Personal Development - career pathway for professional growth supported by learning and development programs and unlimited access to online educational training courses, learning materials & books
- Work environment - excellent work conditions with friendly environment, recognized strong team spirit, and fun and quality recreation time
- Social benefit package - life insurance, food vouchers, additional health insurance, corporate discounts, Multisport card, and a Share options scheme
- Work-life balance - 25 days paid vacation and 3 additional paid days for participation in Social responsibility events
If you find this opportunity interesting, please apply through the button below.
Please attach a recent resume and fill the form. Note that only your name and e-mail are required to complete the application.
Only shortlisted candidates will be contacted.
Knowledge, Experience & Qualifications