SoCode has partnered with a global Software Engineering company who’re looking for a Senior Security Engineer to join their team.
You will work with the Head of Security to design/develop security architecture and lead technical solutions to mitigate security vulnerabilities. This is a senior hand on role, which would suit someone from a networking/infrastructure background. This role will be paying between £50,000 to £60,000 per annum DOE. You will be working within an open and collaborative team with a solution focussed approach.
Your new role will be to:
- Develop information security policy, process, and procedures.
- Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems following the architecture principles and governance of Enterprise Architecture function.
- Ensures compliance of security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed, maintained and effective through security metrics and Key Performance Indicators (KPI’s).
- Report security metrics and KPI’s to Information and Cyber Security Manager concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and non-compliance.
- Provide security input into business service, application and project lifecycles to assess security requirements and controls and to ensure that security controls are implemented as planned.
- Work with internal teams to identify, select and implement technical security controls.
- Identify and advise on security requirements and leading practises, by performing security architecture and risk assessments and business impact assessments.
- Research, evaluate and communicate with security advisories to identify threats to assets and people through an internal security awareness programme.
- Researches, evaluates and recommends information security related services, hardware and software, including developing business cases for security investments.
- 24/7 Incident Response - Be available to provide reactive support to critical security incidents outside standard business hours as part of a rota.
- Working with managed security service providers, vendors, and partners to ensure training, maintenance, support and continuous improvements for existing and emerging technology.
Knowledge, Skills and Experience Required:
- Minimum of five years information and cyber security experience, and experience in IT System Administration, Network Administration, Security Operations Centre or Application administration and development is an advantage.
- Bachelor's degree in information systems or equivalent work experience in relevant information and cyber security domain.
- Require at least one security certification from a recognised professional certifying organisation such as ISC2, CompTIA, ECCouncil, SANS Institute.
- Technology standard certification such as from Cisco, VMware, Microsoft is an advantage.
- Excellent technical knowledge of Microsoft Operating Systems. Knowledge and experience of Linux.
- Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary’s tactics and techniques and focus incident response.
- Experience in penetration testing methodology and tools, for security testing of applications and systems
- Experience using scripting, automation and API’s with languages such as PowerShell, Python, bash and shell scripting
- Experience using and managing Security Information and Event Management (SIEM) and analysing and reporting from multiple log data sources.
- Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
- Knowledge of and experience in developing and documenting security processes and plans.
- Knowledge and experience with implementing common information security management frameworks, such as International Organization for Standardization (ISO) 2700x series, AICPA SOC2 (Service Organization Control), ITIL, COBIT and National Institute of Standards and Technology (NIST) or Center for Internet Security (CIS) frameworks.
- Strong analytical, problem solving, written and verbal communication skills and a good attention to detail to identify patterns.
- Ability to work both independently and collaboratively as a team member, be curious and to ask questions and share knowledge.
- A strong customer and client focus, with the ability to manage expectations appropriately, to provide a superior customer and client experience and build long-term relationships.
- A strong passion for the security domain, be curious with a keenness to learn and develop own skills and knowledge outside of the daily work environment.
- Confident in recording and presenting key findings and conclusions to different levels of the business
- A salary between £45,000 up to £80,000 based on experience
- 10% bonus
- 25 days annual leave + Bank Holiday
- Pension – up to 10% employer contribution
- Life insurance
- Subsidised onsite restaurant
- Medical / Dental cover
At SoCode, we pride ourselves on an attractive referral scheme.
If you have Friends, Family or Colleagues looking for a new position in the near future tell them to contact us by either phone or email ensuring they provide us with your name. If we successfully find them a new position, we will provide you with thank you present to show our appreciation.
For further information, and to learn how you can become part of this company’s future please contact Bradleigh Barnes at SoCode by submitting your CV to Bradleigh@Socode.co.uk