Gerrard White is currently looking for an Enterprise Security Engineer on a contract basis for 6 months initially Inside IR35.
The role will be responsible for the engineering of security solutions for the protection of computer systems, networks and data, from the identification of requirements and evaluation of solutions, through to design and implementation.
Determine requirements, and research and evaluate security solutions; provide recommendations for licensing.
Design, implement and support security solutions.
Prepare and document standard operating system procedures
Configure and troubleshoot security infrastructure devices
Develop technical solutions and new security tools to help mitigate security vulnerabilities and to automate repeatable tasks
Write comprehensive reports, including assessment-based findings, outcomes and propositions for further security system enhancement
Provide consulting and advice to CISO team, Engineering team and agency IT teams in research and design of secure solutions.
Liaise with suppliers during professional services engagements.
Enhance and evangelize the usage of threat modelling tools and procedures in the organization.
Determine the scope of penetration tests; coordinate with suppliers; review test results and prepare a report for stakeholders.
Recommend enhancements to Enterprise Security Architecture tools and procedures
Suitable candidates will have:
Designing and implementing security systems and controls in conformance with security policy, security standards and best practices
Conducting product evaluations, proofs of concept and pilots
Identity and access management concepts such as multi-factor authentication, single sign-on and privileged account management.
Enterprise software, containers, operating systems and server virtualization
Microsoft technologies such as Active Directory, Office 365, SQL Server and Windows.
Web security, including web application firewalls, web services security and API gateways
E-mail security, including secure email gateways, anti-phishing, DMARC, and account takeover mitigation.
Cloud services security, including Amazon Web Services and Microsoft Azure security controls
Endpoint device protection tools such anti-virus, EDR and XDR.
Mobile device security, such as mobile threat detection
Database security solutions such as encryption, hashing, digital signatures, data tokenization, masking and monitoring.
Network security concepts such as DNSSEC, firewalls, IDS/IPS, network access control, proxies, public key infrastructure, SSH, TLS, VPN, etc.
Network security assessment tools such as NMAP and Nessus and of how to address security weaknesses identified.
Network penetration testing methods, of interpretation of penetration test reports, and of provision of recommendations to address findings.
PowerShell or other scripting language