Analyst – Cyber Design Assurance & Product Management (DA&PM)

Analyst – Cyber Design Assurance & Product Management (DA&PM)

The Design Assurance & Product Management (DA&PM) function supports the integration of cybersecurity into products, platforms, cloud services, and enterprise infrastructure throughout their lifecycle. DA&PM contributes to technical design assurance, governance activities, product assurance, and security enablement initiatives to help ensure secure-by-design implementation across enterprise technologies.

This role works closely with architecture, engineering, cloud, infrastructure, identity, and product teams to support secure delivery, operational alignment, and continuous improvement of cybersecurity controls and practices.

Key Responsibilities

• Support the integration of secure design principles into product, platform, infrastructure, and cloud environments during planning, design, and implementation phases.

• Support security design reviews, technical assessments, control validations, threat modelling activities, and architecture assurance exercises across enterprise technologies and platforms.

• Contribute to governance activities including control assessments, standards alignment, exception tracking, and lifecycle assurance across security and technology platforms.

• Assist in evaluating, onboarding, operationalizing, and reviewing cybersecurity tools across cloud, identity, application security, infrastructure, and data protection domains.

• Work with engineering, platform, cloud, hosting, and cyber defence teams to support secure implementation, remediation planning, telemetry enablement, and operational alignment.

• Support identification of security risks, control gaps, configuration issues, and exposure scenarios across enterprise systems, cloud environments, and platforms.

• Assist in preparing dashboards, assessment summaries, risk metrics, usage insights, and reporting related to security controls, product assurance, and governance activities.

• Help maintain security guidance, reusable assessment templates, design assurance checklists, and secure-by-default implementation standards.

• Contribute to initiatives related to Zero Trust, cloud security, identity security, API security, DevSecOps, and enterprise security transformation programs.

• Collaborate with product owners, architecture teams, engineering teams, operations teams, and vendors to support delivery of secure and scalable enterprise solutions.

Minimum Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related technical field.

• 2–5 years of experience in cybersecurity, cloud security, infrastructure security, application security, or security engineering functions.

• Working knowledge of cloud platforms such as Microsoft Azure and Google Cloud Platform (GCP), including security controls, identity and access management, networking, monitoring, and cloud-native security principles.

• Familiarity with cybersecurity concepts including IAM, network security, endpoint security, application security, vulnerability management, and data protection principles.

• Understanding of security standards and frameworks (e.g., NIST CSF, CIS Benchmarks, OWASP, MITRE ATT&CK, Zero Trust).

• Experience supporting security assessments, governance activities, engineering functions, or operational security processes.

Preferred Skills

• Familiarity with DevSecOps practices and integrating security into CI/CD pipelines.

• Exposure to security technologies across the stack (e.g., CNAPP, CSPM, SIEM/SOAR, EDR/XDR, PAM/PIM, SAST/DAST, API Security, Data Classification/Labeling).

• Basic scripting or automation knowledge (e.g., PowerShell, Python, Bash) is beneficial.

• Strong analytical, troubleshooting, and problem-solving capabilities.

• Good communication and stakeholder collaboration skills.

• Ability to work in a fast-paced, federated environment supporting secure delivery and operational alignment.

• Interest in modern cybersecurity practices aligned to Zero Trust, secure-by-design, cloud-native security, and enterprise transformation initiatives.

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.

People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.

Inclusion at GSK:

As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.

Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.