Security Risk Analyst

Rate: £500-£550 per day Inside IR35

Duration: 6 months initially (will extend, 6 month rolling)

Location: Ipswich 3 days, 2 days remote

Position Summary:

We are seeking a highly skilled Security Risk Analyst with a strong background in application security, vulnerability management, and risk assessment. In this role, you will be responsible for conducting security diagnostics across a suite of applications, identifying potential vulnerabilities, and delivering detailed risk assessment reports to the CISO. This position does not involve remediation but plays a critical role in uncovering and reporting risks within the organization’s application landscape.

Key Responsibilities:

  • Conduct security risk diagnostics on enterprise applications to identify vulnerabilities, weaknesses, and compliance gaps.
  • Perform comprehensive vulnerability assessments and penetration testing to evaluate application-level security posture.
  • Develop detailed risk reports and vulnerability findings, including risk impact and likelihood, and deliver to the CISO.
  • Collaborate with cross-functional teams to collect necessary data and context for risk assessments, while maintaining an independent risk evaluation.
  • Support the organization’s GRC (Governance, Risk, and Compliance) objectives by aligning assessments with security frameworks and standards.
  • Assist with security audits and help prepare documentation for internal or external reviews.
  • Apply industry-recognized standards and frameworks such as NIST, ISO 27001, CIS Controls, in assessments and recommendations.
  • Leverage past penetration testing, vulnerability management, and incident response experience to identify and contextualize threats effectively.
  • Partner with and provide direct insights to CISOs and senior security leadership, contributing to overall security strategy and risk posture awareness.

Required Skills & Qualifications:

  • Senior profile with experience in security risk analysis, application security, or vulnerability management.
  • OSPC or CISP
  • Proven experience with security frameworks such as NIST, ISO 27001, CIS Controls – nice to have.
  • Strong knowledge of vulnerability scanning tools (e.g., Qualys, Tenable, Nexpose, Burp Suite).
  • Solid understanding of risk assessment methodologies and ability to communicate technical risks in business terms.
  • Hands-on background in penetration testing, incident response, or vulnerability management with a move into risk analysis preferred.
  • Experience collaborating with or reporting to CISOs and senior security stakeholders.
  • Excellent analytical, documentation, and presentation skills.

Preferred Qualifications:

  • Security certifications such as CISSP, CISM, CRISC, OSCP, CEH, or equivalent.
  • Experience working in regulated industries (e.g., finance, healthcare, government).
  • Familiarity with risk scoring methodologies (e.g., CVSS, FAIR).
Apply Now
Apply Now

Job Details

Company
Auxo Talent
Location
Ipswich, England, United Kingdom
Posted