OVERVIEW:

Gymshark is a global fitness apparel & accessories brand, manufacturer and online retailer in the United Kingdom, supported by over 4 million highly engaged social media followers and customers in 131 countries. Created in 2012 by teenager Ben Francis and a group of his high-school friends. Gymshark has grown from a screen printing operation in a garage, into one of the fastest growing and most recognisable brands in fitness. This growth comes from a devotion to producing innovative, effective performance wear and an ever-expanding social presence, and above all a commitment to the Gymshark vision. 

Our Tech team is wholly responsible for the running and development of our online stores, native applications, integrations and software. We are an agile team applying the company’s ethos, ‘Be a visionary’, to the Tech & Digital aspect of the business.  

As Gymshark’s InfraSec Incident & Threat Lead, you will be responsible for the discovery, management and assessment of incidents, threats and vulnerabilities affecting Gymshark’s systems and liaising with stakeholders to address the identified issues.  We have an ambitious strategy that will transform GymShark’s Incident response and Threat & Vulnerability capability. Therefore, this role will work closely with the programme work streams to help deliver tangible risk reduction outcomes to Gymshark.

WHAT YOU'LL BE DOING:
  • Act as the Incident Response leader to provide clear communications to stakeholders.
  • Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce Gymshark’s exposure to cyber-risks.
  • Develop and lead 'game day' exercises to test and validate incident response readiness.
  • Assist in designing and implementing a structured roadmap to cover the current and future needs or gaps of a rapidly expanding international business.
  • Partner with Technical and non-technical stakeholders to develop and agree effective mitigation plans for vulnerabilities.
  • Establish and lead task forces of cross functional technical resources to respond to highest risk/most complex vulnerabilities and contribute technical specialist knowledge where applicable.
  • Understand and stay current with the critical threats to our On Premise and Cloud based IT solutions by continually analysing cyber threat intelligence sources.
  • Provide Incident, Technical Threat and Vulnerability reports as result of reactive and proactive investigations in business risk terms, which highlights mitigating steps and/or solutions to resolve the risks.
  • Assist in Delivering a global SIEM logging and analysis tools to identify breaches or malicious activity on network or cloud infrastructure both internal and customer facing.
  • Identify technical and procedural enhancements and opportunities to improve the capability of the Incident Response, Threat & Vulnerability function.
  • Develop internal methodologies and processes, based on industry standards.
  • Promote a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
  • Produce executive level risk-based reporting of threat and vulnerability landscape.
WHAT YOU'LL NEED:
  • Own or work towards, an industry recognised qualification in Cyber/InfraSec.
  • Past experience within a Cyber Security/Infrastructure Security Team
  • Knowledge of OWASP Top 10, CVSS (Common Vulnerability Scoring System), CVE, Penetration Testing and vulnerability scanning techniques
  • Experience working in a SOC; preferably managing a team
  • General knowledge of current and emerging security technologies, Strong information security knowledge including web, network and endpoint protocols
  • Sound operational knowledge of SIEM, firewalls, intrusion detection and vulnerability management systems and security tools.
  • General High level of organisational skills
  • Experience in supporting a Mid-Sized HQ and Satellite Office user base in all Cyber/InfraSec related questions and queries
  • Experienced in cloud infrastructure and proprietary software
  • Experience in large volume data organisations focussed around PII
  • Ability to work collaboratively with other team members to deliver immediate tasks.
  • Commercial Awareness and a creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.css