IT Security Engineer Contract - London

Recruiter
Square One Resources
Location
London (Greater)
Posted
10 Jan 2018
Closes
09 Feb 2018
Contract Type
Contract
Hours
Full Time

IT Security Engineer – Contract - London

Square One are looking for an IT Security Engineer to come on board for an initial 3 month contract in London

This is an initial 3 month contract, paying market rates.

Purpose:

·A key member of the Information Security, Risk & Compliance function with responsibility for ensuring the security of the client’s information systems and data.

The role will have responsibility for supporting delivery of Information Security related projects; establishing and embedding best practice Information Security processes and procedures within technology and ensuring that the technology teams are strictly adhering to defined Information Security processes.

Main Responsibilities:

·Develop and embed Information Security procedures, processes, standards and guidelines aligned with relevant information security standards and frameworks adopted by the clients (e.g. ISO27001, PCI DSS, and Cyber Essentials).

·Work with the Information Security Manager and Information Security team to identify emerging IT Security risks and manage new and existing risks according to established processes.

·Ensure that Operating System and Application patching is conducted in line with patching policy and anti-virus and malware protection is deployed and operational on all servers and endpoints.

·Support the network and infrastructure teams to ensure that appropriate technical network boundary protection is in place and monitored; IPS & IDP devices are deployed and effective and firewalls are correctly configured and configuration is regularly reviewed.

·Conduct/support external and internal penetration testing on the client’s infrastructure, network and applications working with colleagues and/or external security consultants. Conduct internal scanning and ensure that vulnerabilities are managed in accordance with defined vulnerability management processes and procedures.

·Working closely with the Information Security Manager, Head of IT Ops & Governance, Project Manager, external information security consultants, business and project teams to support delivery of the project, Lead on implementation of the technical security elements of the project, providing advice and expertise on technical decisions.

·Work with the Information Security Manager, and Networks and Infrastructure teams to implement CIS Critical Security Controls across the clients Technology estate on a risk/priority basis.

·Provide Information Security subject matter expertise and advice to other technology teams and wider IG, Legal and Audit teams as appropriate.

·Work with the InfoSec Manager and wider Information Security team members to support the Information Governance function is undertaking 3rd Party Information Security Supplier reviews.

·Assist in responding to inquiries regarding data security, policies, and procedures.

·Lead response to Information Security incidents ensuring that incidents are quickly responded to, threats are contained and root cause is established and remediated. Ensure that incidents are recorded in accordance with the clients Information Security incident Management policy and appropriate incident reports are produced and dispersed.

·Assist Risk & Recovery Manager in preparing and testing IT Disaster Recovery plans and IT Service Continuity plans as part of enterprise business continuity planning.

·Participate in planning, communication, testing, and implementation of disaster recovery procedures.

·Monitor all threat detection network traffic and make necessary recommendations on configuration and resourcing.

·Work with the network team to fully configure the Security Incident & Event Management (SIEM) system, ensuring that input feeds are being taken from all appropriate network and infrastructure devices.

·Monitor daily feeds into QRadar SIEM; highlight all significant threats and formulate and execute tactical responses.

·Lead of evaluation of new Information Security technologies and lead on implementation of chosen products.

·Work closely with the Information Governance function to ensure that IG compliance requirements are being effectively supported by the Information Security team

·Provide expert security guidance on analysis of network needs and contribute to design of network architecture, integration, and installation.

·Working with the networks and architecture teams, prepare and maintain documentation of network security configurations and architecture.

·Provide regular IT security reports to the Information Security Manager and Technology

Requirements/Skill set:

·Comprehensive understanding of LAN, WAN technologies

·Comprehensive understanding of current internet protocols (DHCP, DNS, FTP, HTTP(s), SMTP, SSH, Telnet, TLS/SSL, TCP, UDP, SNMP)

·Cisco L2/L3 switching and routing

·Firewall, IPS, IDS, other threat detection and prevention products

·Network optimisation tools and next gen firewalls

·Infrastructure Security and Hardening

·Deployment and management of vulnerability and patch management systems

·Comprehensive understanding of endpoint protection

·VOIP and VPN technologies

·Broad, current experience of Windows Server and Desktop technologies

·Experience of cloud technologies and security practices (e.g. Azure)

·Web Application Firewalls

·Relevant Information Security qualification desirable (e.g. CISSP; CISA; CISM)

Knowledge of:

·Experience of working with Security Incident & Event Management (SIEM) systems

·Experience working with regulatory compliance (PCI, ISO 27001 frameworks)

·Experience of vulnerability scanning software (e.g. Nessus; Qualys)

·Knowledge of Information Risk Management

·Knowledge of UK and EU data regulations including DPA & GDPR

·Experience of implementing cryptographic controls, website security and knowledge of WASP

·Experience of wireless and mobile security standards and technologies

·Working knowledge of virtual infrastructure technologies including VMware vSphere, Microsoft Hyper-V

·Working knowledge of network storage technology (e.g. EMC)

This is an initial 3 month contract, paying market rates.

IT Security Engineer – Contract - London

Notwithstanding any guidelines given to years of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.

Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally: Please see our website for our full diversity statement.


This job was originally posted as www.cwjobs.co.uk/job/79146882