This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Dotdigital is seeking an experienced and motivated Security Analyst to join our Information Security & Privacy team. This is a hands-on role focused on helping protect Dotdigital's people, products, platforms, and data. Working across the business, you will support the development, implementation and operation of security controls designed to prevent, detect, and respond to security threats while helping teams deliver secure and reliable services to our customers. Reporting to the Information Security & Privacy Director, you will work closely with Engineering, Product, Privacy, and Customer-facing teams. You will play an important role in maintaining our security posture across cloud environments, business systems, and customer-facing applications.
Job Responsibility
Monitor and investigate security alerts and events across security tooling, cloud environments, business systems, and applications
Support incident response activities including detection, analysis, containment, eradication, recovery, and lessons learned
Develop and improve security monitoring, alerting, playbooks, and operational procedures
Assist with threat hunting and proactive identification of security risks and suspicious activity
Maintain awareness of emerging cyber threats, vulnerabilities, and attack techniques relevant to SaaS businesses
Own day-to-day vulnerability management activities across infrastructure, cloud platforms, applications, and endpoints
Work with technology teams to prioritise and coordinate remediation activities
Track vulnerabilities through to resolution and provide reporting on remediation performance
Support penetration testing activities and coordinate remediation of findings
Support the security of cloud environments and SaaS platforms through implementation and monitoring of security controls
Assist with identity and access management initiatives, including privileged access management, role-based access control, and identity governance
Review cloud security recommendations and assist with remediation activities
Support security assessments of new technologies, platforms, and services
Partner with engineering teams to support secure software development practices
Assist with the identification, triage, and remediation of application security vulnerabilities
Support security testing activities including SAST, DAST, dependency scanning, and secrets detection
Contribute to threat modelling and secure design discussions where appropriate
Support the continued operation and improvement of the Information Security Management System (ISMS)
Assist with security audits, compliance activities, evidence collection, and control reviews
Contribute to the development and maintenance of security policies, standards, procedures, and guidance
Support risk assessments and assist with tracking risk treatment activities
Help maintain compliance with frameworks and standards including ISO 27001 and applicable data protection requirements
Respond to customer and prospect security questionnaires and due diligence requests
Support customer trust and assurance initiatives
Conduct security reviews of suppliers, partners, and third-party services
Maintain positive relationships with vendors and service providers
Produce security metrics, dashboards, and management reporting
Support security awareness and education initiatives across the business
Promote a positive security culture and help teams understand and manage risk effectively
Requirements
Experience in a Security Analyst, Information Security, Cyber Security, Systems Administration, Infrastructure, Cloud Operations, or DevOps role with demonstrable security responsibilities
Experience working within a security or compliance framework such as ISO 27001
Understanding of security operations and incident response processes
Experience with vulnerability management, remediation tracking, and security risk reduction
Knowledge of identity and access management principles
Understanding of cloud security concepts and security controls within major cloud providers
Hands-on experience of an array of core security technologies
Understanding of common application security risks and OWASP principles
Strong communication skills with the ability to engage technical and non-technical stakeholders
Ability to manage multiple priorities and work independently in a fast-paced environment
A pragmatic and business-focused approach to security
Nice to have
Experience supporting secure software development practices
Experience conducting supplier security reviews and risk assessments
Familiarity with automation or scripting using PowerShell, Python, or similar technologies
Understanding of data protection and privacy requirements
Experience working within a SaaS, technology, or cloud-first organisation
Security certifications such as Security+, SC-200, SC-300, AZ-500, SSCP, GSEC
What we offer
Commission & bonus opportunities
Annual leave that increases with service + option to buy more
Additional paid wellbeing days + annual wellbeing reward