IT Security Engineer
IT Security Engineer
The ideal candidate will be able to identify, design and implement. having good project management attributes is key for this role.
A key member of the Information Security, Risk & Compliance function with responsibility for ensuring the security of my clients information systems and data. The role will have responsibility for supporting delivery of Information Security related projects; establishing and embedding best practice Information Security processes and procedures within technology and ensuring that the technology teams are strictly adhering to defined Information Security processes.
- Develop and embed Information Security procedures, processes, standards and guidelines aligned with relevant information security standards and frameworks adopted by my client(e.g. ISO27001, PCI DSS, Cyber Essentials).
- Work with the Information Security Manager and Information Security team to identify emerging IT Security risks and manage new and existing risks according to established processes.
- Ensure that Operating System and Application patching is conducted in line with patching policy and anti-virus and malware protection is deployed and operational on all servers and endpoints.
- Support the network and infrastructure teams to ensure that appropriate technical network boundary protection is in place and monitored; IPS & IDP devices are deployed and effective and firewalls are correctly configured and configuration is regularly reviewed.
- Conduct/support external and internal penetration testing on my cleints infrastructure, network and applications working with colleagues and/or external security consultants. Conduct internal scanning and ensure that vulnerabilities are managed in accordance with defined vulnerability management processes and procedures.
- Working closely with the Information Security Manager, Head of IT Ops & Governance, Project Manager, external information security consultants, business and project teams to support delivery of the project, Lead on implementation of the technical security elements of the project, providing advice and expertise on technical decisions.
- Work with the Information Security Manager, and Networks and Infrastructure teams to implement CIS Critical Security Controls across my clients Technology estate on a risk/priority basis.
- Provide Information Security subject matter expertise and advice to other technology teams and wider IG, Legal and Audit teams as appropriate.
- Work with the InfoSec Manager and wider Information Security team members to support the Information Governance function is undertaking 3rd Party Information Security Supplier reviews.
- Assist in responding to inquiries regarding data security, policies, and procedures.
- Lead response to Information Security incidents ensuring that incidents are quickly responded to, threats are contained and root cause is established and remediated. Ensure that incidents are recorded in accordance with mu clients Information Security incident Management policy and appropriate incident reports are produced and dispersed.
- Assist Risk & Recovery Manager in preparing and testing IT Disaster Recovery plans and IT Service Continuity plans as part of enterprise business continuity planning.
- Participate in planning, communication, testing, and implementation of disaster recovery procedures.
- Monitor all threat detection network traffic and make necessary recommendations on configuration and resourcing.
- Work with the network team to fully configure the Security Incident & Event Management (SIEM) system, ensuring that input feeds are being taken from all appropriate network and infrastructure devices.
- Monitor daily feeds into QRadar SIEM; highlight all significant threats and formulate and execute tactical responses.
- Lead of evaluation of new Information Security technologies and lead on implementation of chosen products.
- Work closely with the Information Governance function to ensure that IG compliance requirements are being effectively supported by the Information Security team
- Provide expert security guidance on analysis of network needs and contribute to design of network architecture, integration, and installation.
- Working with the networks and architecture teams, prepare and maintain documentation of network security configurations and architecture.
- Provide regular IT security reports to the Information Security Manager and Technology Leadership Team.
Person Specification - Essential
- Comprehensive understanding of LAN, WAN technologies
- Comprehensive understanding of current internet protocols (DHCP, DNS, FTP, HTTP(s), SMTP, SSH, Telnet, TLS/SSL, TCP, UDP, SNMP)
- Cisco L2/L3 switching and routing
- Firewall, IPS, IDS, other threat detection and prevention products
- Network optimisation tools and next gen firewalls
- Infrastructure Security and Hardening
- Deployment and management of vulnerability and patch management systems
- Comprehensive understanding of endpoint protection
- VOIP and VPN technologies
- Broad, current experience of Windows Server and Desktop technologies
- Experience of cloud technologies and security practices (e.g. Azure)
- Web Application Firewalls
- Relevant Information Security qualification desirable (e.g. CISSP; CISA; CISM)
- Experience of working with Security Incident & Event Management (SIEM) systems
- Experience working with regulatory compliance (PCI, ISO 27001 frameworks)
- Experience of vulnerability scanning software (e.g. Nessus; Qualys)
- Knowledge of Information Risk Management
- Knowledge of UK and EU data regulations including DPA & GDPR
- Experience of implementing cryptographic controls, website security and knowledge of WASP
- Experience of wireless and mobile security standards and technologies
- Working knowledge of virtual infrastructure technologies including VMware vSphere, Microsoft Hyper-V
- Working knowledge of network storage technology
IT Security Engineering - 4/4
Network Infrastructure & Management - 3/4
Endpoint Security 4/4
Risk management 2/4
Application Security 3/4
Information Governance & Compliance 3/4
Values and Behaviour
We demand better:
- a) delivering results, b) making decisions
We are open: Acting as one team We are Personal: Enabling people
We Inspire others: Communicating and influencing
We are Practical Experts: Learning and Improvement
Definition of skill level:
- Basic understanding through minimal experience or training
- Good working knowledge and ability in simple context
- Sound knowledge and ability in variety of contexts
- Expert skills and an ability to provide coaching to other
This job was originally posted as www.jobsite.co.uk/job/959513191