Full Description

JOB SUMMARY

The Security Testing and Assurance (STA) Analyst supports and executes the Bank’s technical security testing activities under the direction of the Section Head. The role provides hands-on assistance in vulnerability assessments, penetration testing, compromise assessments, red and purple team exercises, and threat monitoring. The Analyst may be tasked to handle specific projects or testing engagements, ensuring findings are validated, documented, and tracked to closure. The position also supports the administration of Darktrace NDR, maintains risk documentation, and contributes to incident response and policy improvement initiatives.

JOB DESCRIPTION

Execute and support security testing engagements including vulnerability assessments, penetration testing, application security reviews, red and purple team exercises, compromise assessments, and physical security testing, as directed by the Section Head, ensuring activities are conducted in line with the agreed scope and timelines. Validate and document results by reviewing initial findings from security testing engagements, confirming their accuracy, and preparing draft reports with supporting evidence for Section Head review. Coordinate with system owners, application teams, and vendors during testing projects to clarify requirements, resolve issues, and escalate critical matters to the Section Head for decision. Support vendor documentation and planning by assisting in the preparation of requirements, project scopes, and related documents needed for third-party testing engagements to ensure clarity of objectives and deliverables. Track vendor outputs by monitoring submissions and timelines, verifying completeness and accuracy of reports, and raising delays or deficiencies to the Section Head for resolution Provide Darktrace monitoring support by reviewing alerts and anomalies flagged by the NDR platform, performing initial assessments, and escalating suspicious activity to the MSOC or Section Head for further investigation. Log and distribute advisories by recording and circulating intelligence reports and threat notifications received from the BAP-CID Threat Intelligence and Collaboration Platform, ensuring relevant teams are promptly informed. Maintain testing records by keeping well-organized documentation of all testing engagements, including activity logs, remediation status, and revalidation outcomes, for compliance and audit purposes Support integration of testing results by coordinating with the RA&A and ITGC sections to ensure outputs from security testing are reflected in risk assessments and compliance requirements. Provide technical inputs to incident response by supplying validated technical data and findings from testing and threat monitoring to support investigations and response activities when assigned. Assist in policy updates by providing input to the review and updating of security testing-related policies, procedures, and technical standards, ensuring they reflect current practices and findings. Contribute to awareness initiatives by helping prepare materials and training inputs that reflect lessons learned from testing engagements and highlight emerging threat trends. Stay informed on emerging threats by continuously monitoring developments in attack techniques, vulnerabilities, and testing tools to improve technical knowledge and contributions. Perform other related tasks as may be assigned by the Section Head or CISO to support the overall objectives of the Security Testing and Assurance Section