Location - Fully remote working from home
We are looking for an articulate and professional Information Security Analyst & Security Engineer to join our team.
The project is delivering a Service Hub, Data Hub and Integration Hub. We are looking for a Security Analyst & Engineer that can provide expertise across the work streams working collaboratively across the organisation and interfacing with the multiple disciplines.
In order to be suitable for this role you must be an accomplished technology professional with great communication skills and a passion for cyber security.
Working directly with Group Security and the Project Team you will play a key role in maintaining and developing information security policies and procedures, ensuring that effective security controls are implemented, and reporting mechanisms are in place.Security EngineerYou will have experience of the identification, implementation and management of vulnerabilities and remediation, security monitoring integration for SOC / SIEM and have good knowledge of ISO 27001 Information Security Standard, have the ability to evaluate technical controls to ensure they meet the requirements for data and information security have a keen eye for attention to detail and have strong customer service and interpersonal skills.Security AnalystYou will have experience in the design lifecycle for cyber technologies and controls and proven expertise in the integration of these technologies for security monitoring, vulnerability management, identity management, passive analysis, access control and application security. You will have the ability to define security requirements and deliver technical controls to ensure they meet the requirements for data and information security and have a keen eye for attention to detail and have strong customer service and interpersonal skills.
In order to be considered for this role, you must have proven experience of the following:
- Proven hands-on systems, applications and network support skills which will enable you to become the SME for security issues within the project team.
- Experience of risk management methodologies, frameworks and standards, such as: ISO27001, ISO31000, ITIL, COBIT and NIST.
- Demonstrate experience in delivery of risk assessments and business impact analysis.
- Demonstrable expertise in the support, management and development of secure software development lifecycles that match industry recognised patterns for cloud native development, operations and technical security controls.
- Demonstrable expertise in the support, management and development of security systems, including: firewalls, host and network intrusion detection/ prevention, web filtering, AV (security suites) and technical security controls.
- Demonstrable expertise in the support, management and development of active directory to support Identity and Authorisation for Applications.
- Demonstrable expertise in the support, management and development of hardening guides to applicable new technologies.
- Demonstrable expertise in the development of use cases for logging and security KPI's forthe hub designs.
- Understand existing arrangements, design for integration of the hub designs
- Demonstrable expertise in the support, management and development of software defined network design and management (segmentation, clustering, external access, internal load balancing and WAF).
- Proven experience of scoping, management and remediation planning of penetration tests.
- Demonstrable expertise in the support, management and development of Verification and Validation assuring the delivery of the hubs meets the predefined security requirements.
Professional security certifications, such as: CISM, CISSP, ISO27001 Lead Implementer/Auditor and/or CISA would be advantageous to your application but is by no means essential.