At Three we are moving to our new hybrid way of working, our employees will work both from home and our offices (based in Dublin  or Limerick)

The job in a nutshell
Reporting to the Technology Security Manager, the Threat and Vulnerability Security Specialist is primarily responsibility for identifying and classifying security threats and vulnerabilities in a large and complex environment covering infrastructure and applications across multiple technologies. This person will collaborate with colleagues in the Technology Security team as well as Technical Architects, Developers, Testers both in house and in Managed Service Provider teams to mitigate and remediate the threats and vulnerabilities identified. This role will help to ensure Three’s IT and Network systems and services are operated to the highest security standards and consistent with best industry practice.
What else it involve

• Help to build and lead the Vulnerability Management programme across all Technology assets
• Oversee and manage a suite of tools used to identify and classify threats and vulnerabilities across the environment
• Track all threats and vulnerabilities along with mitigations and remediation action plans
• Review, penetration testing and vulnerability research in conjunction with colleagues in the Technology Security Team.
• Analyse the security of web applications, companion native mobile applications, and APIs; where issues are discovered, work cross-functionally to prioritize resolution/mitigation
• Point out common areas in web and mobile applications where developers need to be particularly conscious of security risks; Provide guidance for how to address each risk on common web stacks
• Serve as a technical reference for Threats and Vulnerabilities
• Understand emerging threats and propose risk reduction strategies for Three Ireland
• Lead the use of Security Technologies such as Security Incident and Event Management (SIEM), Endpoint protection & Data Loss Prevention.
• Analyse, and share tactical intelligence extracted from targeted intrusions
• Identify, measure, prioritize, and communicate operational-level threats
• Coordinate efforts within the Cyber Threat Intelligence space
• Identify and help to fill any tactical and strategic intelligence gaps through circumspect analysis and fusion of external intelligence from peers and security vendors.
• Review and advise on the security design of new products and applications
• Identify and monitor appropriate security checkpoints in the systems development life cycle

The successful candidate will have some previous  experience in an Information Security Governance, Risk and Compliance role ideally with a corporate environment

• Strong understanding of Cyber Security Design and the ability to clearly articulate best practices.
• Proficient in standard security assessment and testing tools
• Proficient in threat response and responding to security incidents
• Knowledge of common application security issues and remediation techniques
• Experience in working with cloud infrastructures.
• Strong organizational and project management skills
• Ability to develop effective partnerships with peer organizations
• Strong written and verbal communication skills. Strong interpersonal skills, resourceful, responsive with strong follow through
• Experience with ISO 27001 is an advantage