Security Analyst

About Y TREE

We are a rapidly growing WealthTech business that is re-defining how individuals and families connect and engage with their money. We provide our clients with control over their personal finances, enhancing their ability to achieve their financial and life aspirations.

We are harnessing sophisticated portfolio analytics, innovative behavioural psychology and cutting-edge UX/UI to create a revolutionary experience and transformational outcomes for our users. The business was founded in 2017 by three successful entrepreneurs and business-builders with diverse experiences and skill-sets in Technology, Corporate Advice and Investment Management and is backed by some of Europe’s leading investors.

Team Overview

The role will be part of the Technology team and will report into the CTO. This role will work closely with multiple Technology disciplines and other internal and external teams to establish a strong set of cyber controls for the Y TREE business. 

This is a hands-on role with a wide range of responsibilities including monitoring, detection, response and remediation of security risks, threats and vulnerabilities. The ultimate goal is to holistically improve Y TREE’s security posture to meet the demands of its clients and its regulators. 

This is a great opportunity for the right individual to make their mark and support the growth of a scale-up organisation. 

The Role

• Being a hands-on Security analyst who closely interacts with multiple technology disciplines to collectively improve the security posture of Y TREE’s technologies. 

• Collaborate with an externally-managed SOC; triage and prioritise issues and manage issue lifecycle. 

• Carry out security scanning; detect and manage vulnerabilities to resolution and reduce operational risks using commercial (CrowdStrike) and open source technologies (Trivy) 

• Manage security monitoring and alerts to understand attack vectors and introduce mitigations 

• Use tools and automation to carry out common security operations tasks 

• Introduce and embed tools to enhance Y TREE’s internal capabilities for routine security testing activities 

• Maintain a register of security risks and remediations; work closely with Technology teams and with Risk and Compliance teams to track and close issues.

• Support Y TREE’s efforts in maintaining its current cyber security certifications and achieving higher accreditations 

• Maintain and enhance cyber policies and documentation as well as generate reports on cyber metrics 

• Elevate cyber security awareness across the organisation and champion best practices 

• Collaborate with external cyber security consultants for external reviews, audits and assessments

About You

• Experience with security focused frameworks (e.g. CIS, ISO etc.) 

• A track record of applying security controls in a regulated environment and understanding of key regulatory guidelines (e.g. GDPR) 

• Experience with Intrusion detection, prevention and management (eg. SIEM) 

• Experience with vulnerability management on cloud systems and applications 

• Experience with Incident management 

• Familiarity with pen testing of applications and infrastructure 

• Familiarity with OWASP principles and web application security. Equally familiar with security practices on native mobile apps (iOS and Android) 

• Familiarity with security-by-design principles 

• Familiarity with project management tools like 

• Confluence, Jira and ServiceNow 

• A good understanding of the threat landscape and risks from emerging technologies (like AI) 

• Experience working on large-scale projects, but not essential. 

• Experience working in a Fintech domain, but not essenital. 
  

What's in it for you?

• Once eligible, you'll be able to enroll onto our private healthcare plan through Vitality. This includes perks like 50% off premium gym memberships and access to their exclusive rewards programme.

• Support for your mental health and wellbeing through our employee assistance programme.

• 25 days of annual leave per year. This is 25 days each year where we expect you to turn your phone off and switch off; we would never ask you to book leave for a doctor's appointment or to see your children's school plays. 

• Regular team socials to help you switch off from work and get to know your colleagues in an environment away from your desk. We ensure socials are well-balanced and offer a variety of activities to suit different needs so you always feel welcome.

• A welcoming, dog-friendly London office with appropriate spaces to cater for those with varying needs in the form of various breakout spaces and silent booths.

• A 3% employer pension contribution as standard, with generous additional employer contributions if you choose to make your pension contributions via salary sacrifice

• As well as, a range of family-friendly policies, support towards professional qualifications, electric car schemes and more!

Our mission at Y TREE is to build diversity in our teams; diversity of thought, culture, backgrounds and perspectives. Please come as you are and let us know if there are any reasonable adjustments we can make to support you in your application process. Additionally, if you don't feel you meet 100% of the requirements please apply anyway if you feel you can demonstrate your suitability to the role. Please note, that sponsorship is not available for this role.