Cyber Security Engineer
The Security Product & Service engineer function sits within the Risk & Security organisation and is taking part in ensuring that UK IT has a holistic, cross functional and customer focused approach to the management of the information security tools, products & services that it provides to UK IT and the business.
The Security Product & Service Engineer function is responsible for ensuring that each tool, product or service is managed as an entity in its own right, having an agreed role, description, stated customer base, and is held to good practice and standard.
A Security Product & Service Engineer is responsible for integrating the tools and technologies to provide necessary information to security analysis and incident response teams within Enterprise Information Security & Assurance. They are tasked with performing advanced configuration, tuning and reporting for the security tool set and identifying methods to leverage the tools for enhanced protection, and assist with incident response activities when necessary.
About the roleA Security Product & Service Engineer will agree with the Enterprise Information Security & Assurance Lead which activities they will have specific responsibility for in relation to the information security services, tools and products within the Team Portfolio.
These activities may include:
Provides information on technology developments and the firm’s IT strategy to assist in the planning process
Understands the business units’ IT plans that are dependent on, or may impact, the service
Actively ensures fullest alignment of services, tools and technologies with those employed other aligned member firms
Accountable for the creation and maintenance of the knowledge of the service, including purpose, capabilities, components that make up the service, applications and limitations of the service, technical requirements, dependencies, local operating / administration requirements, user training requirements, support requirements, run book, code, escrow, smoke/ sanity test scripts
Undertakes product vendor management, including service reviews, analysing and communicating the competitive positioning of products and services available in the market and providing recommendations on future sourcing options
Maintains relationship with product / service supplier, working with business / vendors to develop new product features and functions
Creates and maintains product and service roadmaps (in conjunction with CTO):
Improvement ideas / opportunities
Product upgrades (e.g. ensuring remain within support / maintenance agreements
Potential new markets and applications
Longer term plans for the service, including envisaged life span, exit routes, potential replacement
Ensure service recovery and availability for tools and services is realistic and kept up to date
Participates in escalated incident and problem management activities (including war rooms)
Manages the service across the user base
Understands the service, how it works, interactions with other services and the business context in which the service is used
Ensures the service meets the business needs in the most cost effective manner
Defining and agreeing the measures of service quality and value of the products
Maintains a good understanding of any planned changes (including those generated by Change, Release and Problem Management) to any components within the service and advises on impact
Reviewing and Approving IT Changes (RFC) to the portfolio landscape to ensure that impacts are warranted and understood
Works with capacity management to ensure that the service has sufficient capacity to cater for the customer base and how the service is used (e.g. anticipated growth of usage, content etc.)
Maintains awareness of break-fix activities
Contributes to, and maintains entries in the service catalogue (inc. service summary and cost)
To be able to work with product owners to understand and analyse the end-to-end benefits and limitations of the enterprise/strategic product(s) and to identify opportunities for improvement
To be able to construct, agree and oversee the implementation of Service improvement plans (SIPs)
The ability to build relationships and work collaboratively and influence IT contacts, in both the UK and other member firms, business contacts and 3rd party product providers
Be able to take a holistic view of how IT services operate and apply this to the planning/structuring of the live services and products
Be a proactive and willing to challenge operational norms and propose solutions and alternative operating modes to complex IT issues
Be well organised and have good oral and written communication capabilities
Be able to collate, analyse, report and present technical and statistical information in a way that is meaningful and relevant to their audience
Undergraduate Degree (e.g., BA, BS) or equivalent experience
Microsoft Certified Systems Engineer
Certified Information Systems Manager
Certified Secure Software Lifecycle Professional
Certified Information Systems Auditor and/or Certified Information Systems Security Professional
Hold an ITIL Foundation qualification or demonstrate an understanding of ITIL principles and a willingness to undertake further ITIL trainingTechnical skills
This person should have a thorough knowledge of Information Technology in order to support dynamic security engineering initiatives for the team
Thorough knowledge and ability to analyse new networking solutions, identify potential security concerns, develop approaches that can be used to mitigate identified risks, and work with IT teams to implement recommendations
Demonstrate thorough knowledge and direct experience developing tools/programs utilizing programming/scripting techniques
Technical knowledge of firewalls, Active Directory, Windows operating systems, intrusion detection/prevention systems, proxy servers, endpoint forensics, breach indicators, and log aggregation technology to conduct analysis and how these solutions help enterprises defend themselves against cyber-attacks
Strong knowledge of logging and/or monitoring solutions such as one or many of the following: SNORT, SourceFire, RSA Netwitness, RSA Security Analytics, RSA enVision, EnCase Enterprise, FireEye, McAfee ePO, Hadoop, Splunk. Data Loss Prevention systems such as Symantec, Websense etc. Internet gateway solutions such as Websense, Bluecoat etc
Thorough knowledge and ability to quickly learn about new security technologies, the implementation requirements of those technologies, and how to integrate those technologies into a larger solution
General understanding of the following programming languages or technologies: Hadoop, HIVE, LUA, ESPER, FreeMarker, PIG, HAWQ, SQL, .NET, Powershell
Internal firm services
In order to deliver a first-class service to our clients, we need first-class support internally. Internal firm services is a network of specialist support professionals and includes marketing, recruitment, human capital, finance, technology, learning and development, procurement, to name but a few. Each team plays a vital role in making sure we have all the right resources, services and technology across our business.
The skills we look for in future employees
All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, ‘The PwC Professional’ and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships.
Learn more here www.pwc.com/uk/careers/experienced/apply
We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool, as well as those who reflect the diverse nature of our society. And we aim to encourage a culture where people can be themselves and be valued for their strengths. Creating value through diversity is what makes us strong as a business and as an organisation with an increasingly agile workforce, we're open to flexible working arrangements where appropriate.
Learn more here www.pwc.com/uk/diversity