Information Security Analyst

  • Basis:  Full-Time
  • Closing Date:  13 Dec, 2020
  • Job Ref:  KMP-56394

Job Description

Company Description
Altenar is a provider of sportsbook software and services to licensed gaming operators. Ranging from ‘software-only’ product offers to the provision of a fully-managed sports betting platform stack, Altenar offers proven stability coupled with a flexible and personalised service. Our software is developed and operated in-house, whilst being powered by premium quality data feeds.

The Information Security Analyst shall work closely with the various Altenar teams to ensure that both security and compliance are maintained at all times. This shall be done through operational analysis and liaison with the operators of the software development lifecycle (Developers, DevOp Practitioners, service management role owners, for example) as well as liaison with all other actors in Altenar’s business. The role reports to the Head of Information Security within the Technology Operations.

The Information Security team is responsible for the design, maintenance and improvement of the overall security posture as well as ensuring technical compliance with relevant data protection and gaming regulatory legislation. The Information Security team also operates and continually improves the security systems and tools that assist in achieving the overall security posture.

The activities of an Information Security Analyst include but are not limited to:

  • Assisting in the design and implementation of the company information security framework;
  • Maintaining the SIEM system and monitoring and analysis of security alerts to identify irregular activity and security violations;
  • Performing and / or coordinating network and application penetration testing and vulnerability assessments across all assets;
  • Ensuring systems are up to date with security patches in response to every changing threat landscapes;
  • Regular auditing of systems and processes to ensure adherence to policies;
  • Deploying and operating tools to enhance information security such as the endpoint protection systems, host intrusion systems, and event detection and correlation systems;
  • Vetting of new hardware and software, and architectural design changes to identify potential risks;
  • Assisting system administrators with the implementation and configuration of security policies;
  • Performing security awareness training to educate employees on how to identify suspicious activity such as phishing attacks;
  • Participating in incident response and business continuity exercises;
  • Assisting with the ongoing maintenance of regulatory requirements.

Qualifications, experience and skills required:

  • Experience in information technology system design, implementation and maintenance;
  • Working with vulnerability assessment tools;
  • Experience with security tools such as endpoint security, SIEM, Kali Linux and / or other security scanning OS distributions;
  • Functional technical knowledge and expertise in the domains of information systems networking, identity management, authentication/authorization systems and protocols, development / build / deployment workflows and application communication protocols with a focus on vulnerability areas and their mitigation. Technical certifications in any of these areas would be highly desirable;
  • Appreciation of secure coding practices and knowledge of common coding vulnerabilities;
  • Knowledge of encryption technologies;
  • Proficiency in spoken and written English;
  • Meticulous attention to detail and tenacious sense of ownership.

Desirable skills:

  • Holding certifications such as Ethical hacking, CISSP, CISM, SANS GIAC would be highly desirable in supplementing technical knowledge and expertise etc.;
  • Familiarity with Devops toolchain elements such as Ansible, Nuget artifact management, Azure Devops build pipelines;
  • Knowledge of Google Cloud security models;
  • Experience with container security (detection/mitigation) approaches and tools;
  • Knowledge of gaming regulations such as MGA and UKGC;
  • Familiarity with the GDPR;
  • Previous experience working in ISO27001 certified environments;
  • Graduate-level education in computer ccience, engineering or other relevant fields;
  • Experience working with remote or distributed teams.