The primary responsibility for the Information Security Engineer position will be maintaining, evaluating, and testing the security of all our systems, infrastructure and applications. They will assist with the ongoing protection of digital assets, and the maintenance and expansion of the security architecture. They will also be a key part in R&D projects, so a genuine interest in new technologies is a must.
The successful candidate will show a passion for security, have meticulous attention to detail, outstanding problem-solving skills, work comfortably under pressure, have excellent interpersonal skills, demonstrate Advanced written and oral communications, be a team player and independent worker, highly adaptive and deliver on rapidly changing deadlines. The successful candidate may also be required to work outside of the contracted hours including but not limited to weekends.
The candidates must be residing in the UK and can both work remotely and in office.
Responsibilities include:
- Responding to and resolving cyber incidents efficiently.
- Manage and monitor security systems.
- Support in reviews to improve security within the business/systems.
- Liaise with the infrastructure team to maintain a secure environment.
- Assist infrastructure / team lead in ongoing and new projects.
- Conduct cyber incident testing.
- Assisting with the development and implementation of security policy, standards, guidelines, and procedures to ensure ongoing improvement and maintenance of security posture.
- Maintaining documentation at a high standard.
- Assisting the development team with their QA and Software Development Life Cycle (SDLC) to ensure best security practices are followed at all times.
Required Skills:
- Experience with deploying and using a Security Information and Event Management (SIEM).
- Knowledge of current operating systems i.e., Windows Server 2016-2019, Windows 10, Mac OS and Linux.
- Microsoft Policy & Security – GPO’s, Patching (WSUS), Defender Antivirus & Firewall.
- Penetration Testing exposure/awareness.
- Experience performing technical analysis involving security event data and evaluating malicious activity.
- Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP, VPN etc., and accompanying protocol/packet analysis/manipulation tools.
- Strong analytical and problem-solving skills.
- Knowledge of delivering and maintaining compliance and security standards – such as GDPR, ISO 27001, and those published by the NCSC.
- Strong knowledge of security technologies, including MFA, RADIUS, NGFW (Next Gen Firewall), WAF (Web Application Firewall), IPS (intrusion prevention), IDS (intrusion detection)
- Relevant certifications such as SSCP.
- Minimum 3 years’ experience in cyber security and strong interest in the field.
Desirable Skills and Experience:
- Experience with Cloud Infrastructures – AWS/Azure.
- Experience with virtualised systems such as hypervisors i.e. VMware
- Desirable certificates include: Security+, CySA+, GIAC.
