Security Engineer - System & Infrastructure
Serco is a specialist at delivering vital services on behalf of European, National and Local Governments. Serco Europe employ's a large workforce in Belgium, Luxembourg, France, Switzerland, Germany, Holland, Spain, Italy and the UK. Our European operations have ca. 2,000 employees delivering critical services to public institutions throughout Europe. Serco's space heritage over the last 40 years has placed us in the Space News Top 50 Space Industry Manufacturing and Services Companies - We work alongside EUMETSAT and the European Space Agency, where we are the largest on-site service provider with ca. 300 staff. What connects the ever growing Serco workforce is a passion for delivering great service - To keep ahead we have to constantly evolve and enhance the way we deliver our services and everyone in Serco has a role to play here. Serco provide the right environment to encourage ideas and a comprehensive Best Practice support network that enables them to put their ideas into action. If you share our values then join with over 60,000 colleagues globally who are equally as passionate about delivering great service as you. Package description Full details on application Relocation assistance provided, (if applicable). Main responsibilities * Design and develop the requirements and technical specifications for the security framework in the area of Systems and IT infrastructure; * Contribute to develop a support framework for operational security activities including restoration of normal service, remedial plans and the selection of diagnostic toolsassociated with service protocols (HTTP, HTTPS, SSL, SSH, SMTP, POP3, DNS, FTP, TCP, etc.) in platforms such as Windows, UNIX, Database, Storage, Firewalls, Routers, etc.; * Prepare scripts and scenarios for the investigation, diagnosis and resolution of system securityrelated problems using available tools and referring to external suppliers if required, as well as procedures assisting 1st and 2nd-level support staff, such as: * Perform targeted security testing against internal systems; * Report the findings and recommend remediation actions; * Develop tests and training labs for internal technicians (knowledge transfer); * Lead-role security improvements and/or initiatives in systems; * Participate in IT secuirty projects during the complete project lifecycle for the development of IT services and systems (in particular in co-operation with business analysis) , such as technical specifications, evaluation and selection of new products, activity planning and reporting with a focus on security; * Contribution to IT projects in the implementation phase of IT services and systems (in particular in co-operation with business analysis), such as analysis, development, integration and testing (i.e. performing Operational Security testing and acceptance), maintenance, release, documentation with a focus on security; * Design procedures for identifying any need for preventive or remedial maintenance throughout the use of diagnostic tools; * Elaborate accurate and up-to-date technical documentation related to security based systems/components including operational requirement and release management plan, transfer knowledge to colleagues and ensure sufficient documentation is available for tasks to be assigned to 1st and 2nd-level support staff; * Elaborate plans, coordination and document maintenance activities (such as patches and software upgrades) which are required to keep system running at optimised security condition. Ideal candidate Education and qualifications: * Advanced university degree in Computer Engineering, Computer Science; * Certified Ethical Hacker certification or equivalent; * SANS, EC-COUNCIL CISSP, CCNA and CISA certifications would be an advantage; * Depending on the expertises required, specific Windows, Unix, Network, Database or Storage certifications would be an advantage; Knowledge and skills: * Excellent knowledge of IT security processes, features, issues and solutions associates with operating systems, applications infrastructure and networking devices security such as but not limited to Windows, UNIX, Database, Storage, Firewalls, Routers, etc; * Excellent knowledge of Linux command line, debug and monitoring tools and kernel calls; * Excellent knowledge of Windows Active Directory and MS Exchange; * Experience in performing security testing on infrastructure platforms (such as Windows and UNIX-based OS, firewalls, routers, etc.) and infrastructure applications (such as Oracle and SQL databases, J2EE, .NET, Apache, IIS, etc); * Experience in testing practices on authentication, authorisation and session management, HTML injection, input validation, information leakage and denial-of-service; * Experience in performing operational acceptance processes under time and resource constraints; * Good knowledge in ethical penetration test methodologies (OSSTMM, OWASP) and best practices; * Good knowledge in data recovery techniques, encryption, service protocols and computer privacy; * Knowledge and experience with commercial testing tools (Nessus, Core Impact, WebInspect, etc) as well as open source tools such as Metasploit, Nmap, Nikto, Paros, Burp, etc.; * Knowledge and experience with software development and scripting languages such as Perl and Python, C/C++, Java programming experience would be an advantage; * Ability to linking IT security with business processes; * Experience in process analysis including definition of Standard Operating Procedures; * Ability to research security topics and produce briefing notes (technical and non-technical); * Strong interpersonal skills and result-oriented approach; * Good writing skill and ability to explain complex ideas clearly and concisely; * Teaching and technical training experience is an advantage. ----------------- Important Any offer of employment is contingent upon you providing documents to verify your identity and employment eligibility, as required by law. Applicants are reminded that they will be requested to produce such documentation during the recruitment process. Please contact a member of the recruitment team if you require further details of acceptable types of documentation required for verification of identity and work authorization. For positions located within the Darmstadt Support Office please note that only applicants with no family affiliation within the Company will be considered. Data Protection: When creating a profile on the Serco Career Centre you agreed to the Data Protection policy, a copy is available upon request. You may submit a written request revoking your consent to this agreement at any time. .................... Important Any offer of employment is contingent upon you providing documents to verify your identity and employment eligibility, as required by law. Applicants are reminded that they will be requested to produce such documentation during the recruitment process. Please contact a member of the recruitment team if you require further details of acceptable types of documentation required for verification of identity and work authorization. For positions located within the Darmstadt Support Office please note that only applicants with no family affiliation within the Company will be considered. Data Protection: When creating a profile on the Serco Career Centre you agreed to the Data Protection policy, a copy is available upon request. You may submit a written request revoking your consent to this agreement at any time. About the company Serco Services GmbH, part of the Serco group, A FTSE250, Multi-national Service Provider with over 60,000 employees worldwide.
This job was originally posted as www.jobsite.co.uk/job/959256384
This job was originally posted as www.jobsite.co.uk/job/959256384