Senior Security Vulnerability Analyst

Company Description

We’re the world’s leading sports technology company, at the intersection between sports, media, and betting. More than 1,700 sports federations, media outlets, betting operators, and consumer platforms across 120 countries rely on our know-how and technology to boost their business.

Job Description

Job Title:                     Senior Security Vulnerability Analyst

Reports To:                 Senior Manager – Attack Surface Management & SSD teams

Job Description:

All software and systems contain defects or vulnerabilities in them. This role is concerned with the management of vulnerabilities that are known about, so to ensure an effective remediation strategy is in place to avoid them being exploited by threat actors.

The Senior Security Vulnerability Analyst role in Sportradar's Attack Surface Management team is to be responsible for identifying, assessing the risk they pose and prioritising vulnerabilities for remediation in conjunction with the system owners, employing a risk-based approach. Thereafter actively reporting on their status and managing them to resolution thus reducing the overall risk to the business.

As a Security Subject Matter Expert (SME), Senior Security Vulnerability Analysts are required to be technically equipped to understand the different types of vulnerabilities, assessing and prioritise them based upon their exploitabilitiy, severity and other relevant factors including exposure and business criticality.

They will also be good communicators and work collaboratively with the system owners and other members of the Security group so that the risk posture can be easily understood with vulnerabilities being remediated effectively and in a timely manner.

As a senior analyst, they will also be expected to mentor more junior analysts as well as communicate findings and outcomes to key stake-holders.

The Senior Security Vulnerability Analyst is a key member of the Attack Surface Management Team (part of the wider Sportradar Security group) and reports into the Head of Secure Software Development and Attack Surface Management.

He / She will be be a team-player and always seek to learn and improve.

Accountabilities and Activities:

• Monitoring a variety of tools and systems for the identification of vulnerabilities of various types.
• Triage findings for true and false positives based on a variety of factors.
• Assess the risk of the vulnerability in the context of the system architecture, its data, business criticality, and the availability of exploits for that vulnerability.
• Communicating the results of the analysis effectively to key stakeholders in order to create a realistic remediation plan.
• Creating metrics and KPI reports to ensure that findings are being addressed in a timely manner and overall risk to the business is reduced.
• Becoming a Subject Matter Expert on the various tooling to ensure that it is returning optimal results.
• Assisting investigations into security incidents, and acting as subject matter expert for the vulnerability management domain.
• Identifying opportunities to improve effective vulnerability management across Sportradar.
• Contribute to the development and implementation of security policies related to vulnerability management, ensuring application security principles are applied during design and into business as usual processes to reduce risk, drive adoption and adherence to policies, standards and guidelines by the wider business.
• Maintaining and developing documentation for internal processes, security procedures, and remediation guidelines, and ensuring adherence to them.
• Clearly articulating security issues to Sportradar internal teams, both verbally and in written format as well as presenting information to management stakeholders to both technical and non-technical audiences.
• Troubleshooting and helping to resolve security issues for Sportradar teams.
• Acting as subject matter expert and primary point of contact for security questions from Sportradar internal teams.
• Develop and manage relationships with strategic third-party Information Security suppliers, partners and industry forums
• Training and mentoring other analysts in the team around the development of their cybersecurity knowledge, security specialisation area, and ongoing understanding of the current threat landscape.
• Generating bespoke reporting from the Sportradar monitoring solution in line with business requirements, ongoing investigations, or senior stakeholder requests.
• Provide advice and guidance on procedural and technical security controls.
• Provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge.
• Work with the technical and solution architects to provide domain/specialist security expertise to IT projects in line with security strategy; contributing to and reviewing project documentation as necessary.
   

Required Experience:

• 5+ years experience working in an enterprise security environment, preferably in a senior technical security role.
• Strong knowledge of common operating system & cloud computing platforms, software development frameworks, network protocols, and security architecture.
• Strong knowledge of industry standard vulnerability management tools usage and implementation.
• Advanced knowledge of current vulnerabilities and attacks.
• Experience in one or more high-level programming or scripting language.
• Excellent oral and written communication skills for both technical and non-technical audiences.
   

Desired Experience:

• Experience working in as a penetration tester or bug-bounty hunter.
• Experience and knowledge of implementation and analysis of Threat Intelligence feeds and reports.
• A track record of technical delivery working within a fast paced and pressured environment.
   

Qualifications, Education and Certifications:

• Bachelor’s or Master’s Degree in Computer Science, Information Technology, Information Security or similar, or equivalent industry experience.
• Industry certifications (or currently working towards them) such as:
• Security certs e.g. CISSP, CISM, CEH, OSCP, SANS etc
• Vendor certs e.g. AWS, Microsoft, Google, etc
• Other relevant certifications.

Additional Information

Sportradar is an Equal Opportunity Employer. We are committed to encourage diversity within our teams. All qualified applicants will receive consideration without regard to among other things, your background, status, or personal preferences