Senior Security Analyst

About The Position

Requirements

• CISSP (required)
• AZ-500 (required)
• +8 years in cybersecurity, with at least 5 years in a senior analyst position or senior consultant role.
• Demonstrated experience securing cloud-heavy, high-availability, mission critical environments (preferably trading or financial markets).
• Proven track record in incident response, cloud security, and security engineering.
• Cloud Security (Azure, AWS, cloud-native security tooling)
• Threat Detection & Incident Response
• Endpoint Detection & Response
• SIEM (Kibana, Sentinel)
• Vulnerability Assessment & Management
• Network & Endpoint Security
• Scripting & Automation
• Security Frameworks & Compliance
• Digital Forensics & Malware Analysis
• High adaptability and resilience in a fast-paced environment
• Strong analytical, problem solving and communication skills
• Proactive leadership and autonomy
• Ability to influence cross-functional stakeholders and drive change
• Detail-oriented, structured, and risk-aware mindset

Nice To Haves

• CISM (- preferred)
• CEH, OSCP, AWS Security Specialist (-advantageous)
• OSCP (nice to have)

Responsibilities

• Security Operations, Threat Detection & Incident Response Lead analysis and response activities for complex cybersecurity events, ensuring minimal impact to trading operations.
• Investigate incidents across cloud, on‑prem, network, endpoint, and identity layers.
• Drive containment, eradication, forensic analysis, recovery, and post‑incident improvement actions.
• Continuously refine detection engineering (custom SIEM rules, UEBA, automation playbooks).
• Cloud Security & Multi-Cloud Architecture Design and enforce security controls for Azure & AWS environments, ensuring unified governance across heterogeneous platforms.
• Implement identity‑centric security (Zero Trust, Conditional Access, IAM/PAM, role‑based access).
• Support secure deployment of cloud‑native workloads, infrastructure‑as‑code, and DevSecOps practices.
• Ensure compliance with industry best‑practice frameworks Project Security & Advisory Act as the security representative in strategic IT and business projects, from design through delivery.
• Perform architecture reviews, conduct threat modelling, and define risk‑based compensating controls.
• Vulnerability & Exposure Management Own the end‑to‑end vulnerability lifecycle: discovery, prioritization, risk assessment, remediation coordination, and reporting.
• Evaluate emerging threats (CVE analysis, threat intel correlation, exploit likelihood scoring) and drive prioritized mitigation.
• Security Monitoring & Analytics Manage SIEM, EDR, NDR/IDS, cloud monitoring tools, and security analytics platforms.
• Correlate multi‑source data to identify anomalies, insider risks, and advanced persistent threats.
• Governance, Risk & Compliance Contribute to internal and external audits, ensuring adherence to regulatory and corporate security standards.
• Apply industry standards and best practices (e.g. NIS, CIS) when necessary.
• Participate to the ISO 27k initiative toward the Group compliance objective.
• Develop and maintain security policies, standards and operating procedures.
• Produce metrics and dashboards to inform executives of risk posture and emerging trends.
• Security Awareness & Culture Champion cybersecurity culture within Trading and Corporate Functions.
• Support targeted training, phishing simulations, and best-practice awareness initiatives.
• Mentoring & Leadership Mentor junior analysts and coordinate with global counterparts across Geneva, Amsterdam, Singapore, and US.
• Build strong relationships with Front Office, IT Operations, Risk, Compliance, and third‑party security partners.