Cyber Security Engineer

Recruiter
PWC 1
Location
London (Greater)
Posted
07 Oct 2017
Closes
05 Nov 2017
Contract Type
Permanent
Hours
Full Time
About the teamUK IT is accountable for the delivery of IT services to the UK firm, to other organisation member firms, and occasionally (through client facing teams) clients. The Information Risk & Security team is a key interface between the information protection community within the business and IT, and is responsible to the business for the delivery and operation of information security solutions, tools and services provided by UK IT, in line with agreed business and technology strategies.

The Security Product & Service engineer function sits within the Risk & Security organisation and is taking part in ensuring that UK IT has a holistic, cross functional and customer focused approach to the management of the information security tools, products & services that it provides to UK IT and the business.

The Security Product & Service Engineer function is responsible for ensuring that each tool, product or service is managed as an entity in its own right, having an agreed role, description, stated customer base, and is held to good practice and standard.

A Security Product & Service Engineer is responsible for integrating the tools and technologies to provide necessary information to security analysis and incident response teams within Enterprise Information Security & Assurance. They are tasked with performing advanced configuration, tuning and reporting for the security tool set and identifying methods to leverage the tools for enhanced protection, and assist with incident response activities when necessary.
About the roleA Security Product & Service Engineer will agree with the Enterprise Information Security & Assurance Lead which activities they will have specific responsibility for in relation to the information security services, tools and products within the Team Portfolio.

These activities may include:

Provides information on technology developments and the firm’s IT strategy to assist in the planning process

Understands the business units’ IT plans that are dependent on, or may impact, the service

Actively ensures fullest alignment of services, tools and technologies with those employed other aligned member firms

Accountable for the creation and maintenance of the knowledge of the service, including purpose, capabilities, components that make up the service, applications and limitations of the service, technical requirements, dependencies, local operating / administration requirements, user training requirements, support requirements, run book, code, escrow, smoke/ sanity test scripts

Undertakes product vendor management, including service reviews, analysing and communicating the competitive positioning of products and services available in the market and providing recommendations on future sourcing options

Maintains relationship with product / service supplier, working with business / vendors to develop new product features and functions

Creates and maintains product and service roadmaps (in conjunction with CTO):

  • Improvement ideas / opportunities

  • Product upgrades (e.g. ensuring remain within support / maintenance agreements

  • Capacity planning

  • Potential new markets and applications

  • Longer term plans for the service, including envisaged life span, exit routes, potential replacement

Ensure service recovery and availability for tools and services is realistic and kept up to date

Participates in escalated incident and problem management activities (including war rooms)

Manages the service across the user base

Understands the service, how it works, interactions with other services and the business context in which the service is used

Ensures the service meets the business needs in the most cost effective manner

Defining and agreeing the measures of service quality and value of the products

Maintains a good understanding of any planned changes (including those generated by Change, Release and Problem Management) to any components within the service and advises on impact

Reviewing and Approving IT Changes (RFC) to the portfolio landscape to ensure that impacts are warranted and understood

Works with capacity management to ensure that the service has sufficient capacity to cater for the customer base and how the service is used (e.g. anticipated growth of usage, content etc.)

Maintains awareness of break-fix activities

Contributes to, and maintains entries in the service catalogue (inc. service summary and cost)

Range of Impact

To be able to work with product owners to understand and analyse the end-to-end benefits and limitations of the enterprise/strategic product(s) and to identify opportunities for improvement

To be able to construct, agree and oversee the implementation of Service improvement plans (SIPs)

The ability to build relationships and work collaboratively and influence IT contacts, in both the UK and other member firms, business contacts and 3rd party product providers

Be able to take a holistic view of how IT services operate and apply this to the planning/structuring of the live services and products

Be a proactive and willing to challenge operational norms and propose solutions and alternative operating modes to complex IT issues

Be well organised and have good oral and written communication capabilities

Be able to collate, analyse, report and present technical and statistical information in a way that is meaningful and relevant to their audience

Essential skills and experienceQualifications

Undergraduate Degree (e.g., BA, BS) or equivalent experience

One of the following technical qualifications is preferred -

Microsoft Certified Systems Engineer

Certified Information Systems Manager

Certified Secure Software Lifecycle Professional

Certified Information Systems Auditor and/or Certified Information Systems Security Professional

Hold an ITIL Foundation qualification or demonstrate an understanding of ITIL principles and a willingness to undertake further ITIL training

Technical skills

This person should have a thorough knowledge of Information Technology in order to support dynamic security engineering initiatives for the team

Thorough knowledge and ability to analyse new networking solutions, identify potential security concerns, develop approaches that can be used to mitigate identified risks, and work with IT teams to implement recommendations

Demonstrate thorough knowledge and direct experience developing tools/programs utilizing programming/scripting techniques

Technical knowledge of firewalls, Active Directory, Windows operating systems, intrusion detection/prevention systems, proxy servers, endpoint forensics, breach indicators, and log aggregation technology to conduct analysis and how these solutions help enterprises defend themselves against cyber-attacks

Strong knowledge of logging and/or monitoring solutions such as one or many of the following: SNORT, SourceFire, RSA Netwitness, RSA Security Analytics, RSA enVision, EnCase Enterprise, FireEye, McAfee ePO, Hadoop, Splunk. Data Loss Prevention systems such as Symantec, Websense etc. Internet gateway solutions such as Websense, Bluecoat etc

Thorough knowledge and ability to quickly learn about new security technologies, the implementation requirements of those technologies, and how to integrate those technologies into a larger solution

General understanding of the following programming languages or technologies: Hadoop, HIVE, LUA, ESPER, FreeMarker, PIG, HAWQ, SQL, .NET, Powershell

Location
London


Internal firm services


In order to deliver a first-class service to our clients, we need first-class support internally. Internal firm services is a network of specialist support professionals and includes marketing, recruitment, human capital, finance, technology, learning and development, procurement, to name but a few. Each team plays a vital role in making sure we have all the right resources, services and technology across our business.


The skills we look for in future employees


All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, ‘The PwC Professional’ and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.


Learn more here www.pwc.com/uk/careers/experienced/apply


Diversity


We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool, as well as those who reflect the diverse nature of our society. And we aim to encourage a culture where people can be themselves and be valued for their strengths. Creating value through diversity is what makes us strong as a business and as an organisation with an increasingly agile workforce, we're open to flexible working arrangements where appropriate.


Learn more here www.pwc.com/uk/diversity