Business Unit: Cubic Transportation Systems Company Details: When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners. We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com. Job Details: Manages vendor-supplied penetration tests across Cubic customer programs to meet contractual and project requirements. Maintains current knowledge of malware attacks, and other cyber security threats. Help creates test cases using in-depth technical analysis of risks and typical vulnerabilities. Interprets, executes and documents testing procedures using agreed methods and standards. Records and analyses actions and results. Reviews test results and suggest modified tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. This position will work under general supervision and guidance. Essential Job Duties and Responsibilities: Manages information security penetration testing for new and existing business applications, IT infrastructure and/ or Company products, and provides advice and guidance on scope of penetration testing to meet relevant technical security controls (e.g. ISO27001 and/or the PCI security standards) Ensures penetration tests meet information security requirements Ensure that all VM Sec Ops processes are followed and ensure that all Security tools are maintained Develop and maintain VM Sec Ops reports and dashboards Ability to explain tool sets to auditors and customers alike. Expert knowledge of SIEM tools, vulnerability scanners Ensures all residual risk is documented for agreement by business service owners. May be required to work on other global Cubic sites and data centres Minimum Job Requirements: Qualifications Essential: Bachelor’s degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) or equivalent qualifications/experience Certification as an Information Security professional (e.g. IISP/CISA/CISM/CISSP/CCSP) Desirable: Master’s degree in a relevant subject (e.g. information security, encryption, computer science, maths, engineering) Payment Card Industry Security Standards Council certification (ISA/ QSA/ QSA P2PE) HMG IA qualifications/ CLAS/ CISPM ITIL v4/ Prince2 foundation level/ TOGAF 9 certifications Security and IT infrastructure/ networking vendors’ certifications Skills/Experience/Knowledge Essential: Demonstrable experience in managing penetration tests Demonstrable experience supporting PCI-DSS certified solutions Experience supporting secure development lifecycles (SDL) Good understanding of enterprise-scale security management process and infrastructure Detailed knowledge of enterprise IT infrastructure and tools (e.g. Microsoft, Cisco, Oracle Solaris, Linux) Superior network infrastructure and protocol knowledge Knowledge of cryptographic services, current ciphers and key management systems Experience of quality management systems and external audit standards e.g. ISO 9001, ISAE3402 Able to support an "on-call" out-of-business-hours service on a rotating basis with this responsibility spread across team members Desirable: Demonstrable experience supporting architecture/ compliance programs for information security, audit, risk and compliance standards and legislation e.g. PCI-P2PE, PCI-POI-PTS, ISO 22301, ISO27005, ISO31000, NIST security and risk frameworks, GDPR Experience of application security testing tools and DevOps frameworks, e.g. Sonarqube, JIRA, static & dynamic code analysis/ “fuzzing” Ability to provide and report key performance indicator metrics demonstrating product and/or security architecture compliance within DevOps and waterfall project methods, product development Coding skills within development tools/ environments; Java, Visual Studio, C# Experience of transactional revenue, embedded, smartcards and mobile payment systems Knowledge / experience of security architecture of major public cloud services e.g. Microsoft Azure, Amazon Web Services, Google Cloud, Cloud Access Service Brokers e.g. Okta In depth understanding of information security operations tools, e.g. Tenable.IO, Nessus, Qualys, Splunk, Trend Micro DeepSecurity, Imperva, TripWire, Cisco IPS, McAfee, Barracuda Personal Qualities Must be able to work effectively and uphold professional standards and confidentiality with Cubic internal and external customers as well as staff at all levels of the organisation. The role will also be required to work with security vendors, Cubic suppliers and customers. Must be able to travel globally at reasonable notice and be based internationally for assignments for several weeks’ duration Strong communication skills and able to rapidly acquire new knowledge and learn on the job Self-motivated, able to work on own initiative Condition of Employment: Successful outcome of a National Police Check The description provided above is not intended to be an exhaustive list of all job duties, responsibilities and requirements. Duties, responsibilities and requirements may change over time and according to business need. Worker Type: Employee Cubic creates and delivers technology solutions in transportation that make people’s lives easier by simplifying their daily journeys, and defense capabilities that help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global challenges through innovation and service to our customers and partners. We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). CTS is an industry-leading integrator of payment and information solutions and related services for intelligent travel applications. CTS delivers integrated systems for transportation and traffic management, delivering tools for travelers to choose the smartest and easiest way to travel and pay for their journeys, and enabling transportation authorities and agencies to manage demand across the entire transportation network. Cubic Defense provides networked Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) solutions, and live, virtual, constructive and game-based training solutions for both U.S. and Allied Forces. These mission-inspired capabilities enable assured multi-domain access; converged digital intelligence; and superior readiness for defense, intelligence, security and commercial missions. Cubic is proud to have a presence in over 60 countries and employ over 5,000 people worldwide. We are committed to hiring and retaining a diverse workforce and are proud to be an Equal Opportunity/Affirmative Action-Employer. We are committed to ensuring a workplace free of discrimination based on race, color, religion, age, disability, genetic information, sex, sexual orientation, gender identity, or national origin, military or veteran status, and any other basis protected by applicable law. For more information on Equal Employment please visit: http://www.cubic.com/Careers/Applicant-Help To learn more, visit Cubic.com. Follow us on LinkedIn!