Cyber Security Specialist (AppSec)
Share
Job Location:
Monthly Salary:
Posted on:
Yesterday
Vacancies:
1 Vacancy
Job Summary
Wood Mackenzie is the global leader in analytics insights and proprietary data across the entire energy and natural resources landscape.
For over 50 years our work has guided the decisions of the worlds most influential energy producers utilities companies financial institutions and governments.
Now with the worlds energy system more complex and interconnected than ever before sector-specific views are no longer enough. Thats why weve redefined whats possible with Intelligence Connected.
By fusing our unparalleled proprietary data with the sharpest analytical minds all supercharged by Synoptic AI we deliver a clear interconnected view of the entire value chain. Our trusted team of 2700 experts across 30 countries breaks siloes and connects industries markets and regions across the globe.
This empowers our customers to identify risk sooner spot opportunities faster and recalibrate strategy with confidence whether planning days weeks months or decades ahead.
Wood Mackenzie
Intelligence Connected
Wood Mackenzie Values
- Inclusive we succeed together
- Trusting we choose to trust each other
- Customer committed we put customers at the heart of our decisions
- Future Focused we accelerate change
- Curious we turn knowledge into action
Position Overview
We are seeking an experienced Cyber Security Specialist to join our security team. The ideal candidate will have a minimum of 5years cyber security experience and 3 years in application security (DevSecOps). This is a senior hands-on role requiring an individual who has previously established or significantly matured AppSec functions within modern software engineering environments.This role will form a collaboration with product engineering teams in Edinburgh and must be capable of driving cultural change promoting secure coding practices and ensuring vulnerabilities (in code and architecture) are identified and remediated effectively
Key Responsibilities
Design and implement the Application Security Strategy tooling roadmap governance model and SDLC integrations from ground up.
Evaluate new AppSec tools (e.g SAST/DAST/SCA/Runtime protections).
General cyber security expertise to assist Head of Cybersecurity implement strategic roadmap and strategy.
Additional Responsibilities
Monitor and analyze security events across cloud and on-premises environments using SIEM and security analytics tools
Develop and maintain incident response playbooks and procedures
Experience with threat intelligence platforms and threat hunting
Experience with security orchestration automation and response (SOAR) platforms
Understanding of data protection and encryption technologies
Experience in regulated industries (financial services healthcare energy)
Background in offensive security or penetration testing
Design implement and maintain security controls across cloud platforms (AWS Azure GCP)
Conduct cloud security assessments and architecture reviews
Ensure compliance with cloud security best practices and frameworks (CIS Benchmarks CSA CCM NIST)
Manage cloud-native security tools including CSPM CWPP and cloud WAF solutions
Implement and maintain identity and access management (IAM) policies and controls
Lead cyber security programs and coordinate remediation efforts
Collaborate with DevOps teams to integrate security into CI/CD pipelines (DevSecOps)
Stay current with emerging threats vulnerabilities and security technologies
Contribute to security awareness training and documentation
Facilitate Supplier Management and security input into bids
Support compliance initiatives (SOC 2 ISO 27001 PCI-DSS GDPR etc.)
Develop and enforce security policies standards and procedures
Conduct security audits and risk assessments
Maintain security documentation and metrics reporting
Required Qualifications
5 years of experience in cybersecurity roles
3 years of hands-on experience with cloud security (AWS Azure or GCP)
Proven experience leading security incidents and coordinating response efforts
Experience with security frameworks such as NIST CSF MITRE ATT&CK or Zero Trust architecture
Technical Skills
Strong expertise in cloud security services and tools (AWS & Azure)
Experience working with SIEM platforms (Splunk Sentinel)
Understanding of network security firewalls IDS/IPS and VPN technologies
Familiarity with security testing tools (vulnerability scanners SAST/DAST penetration testing tools)
Experience with endpoint detection and response (EDR) solutions
Certifications (one or more preferred)
CISSP (Certified Information Systems Security Professional)
CCSP (Certified Cloud Security Professional)
AWS Certified Security - Specialty
Microsoft Certified: Azure Security Engineer Associate
Soft Skills
Strong analytical and problem-solving abilities
Excellent written and verbal communication skills
Ability to explain complex security concepts to technical and non-technical audiences
Leadership capabilities and experience mentoring team members
Strong attention to detail and ability to work under pressure
Collaborative mindset with cross-functional teams
Business Partnering experience
Education
Bachelors degree in Computer Science Information Security or related field (or equivalent experience)
Working Conditions
Some flexibility for remote work 2 days minimum in office (Edinburgh preferred)
#LI-DB1
Equal Opportunities
We are an equal opportunities employer. This means we are committed to recruiting the best people regardless of their race colour religion age sex national origin disability or protected veteran status. You can find out more about your rights under the law at
If you are applying for a role and have a physical or mental disability we will support you with your application or through the hiring process.
Required Experience:
IC
Key Skills
About Company
Empower strategic decision-making in global natural resources with quality data, analysis and advice. Discover the latest insights and reports online.
