Security Engineer

Location City of London
Discipline: Technology
Job type: Permanent
Job ref: AS - Security Engineer
Published: 18 days ago
Expiry date: 21 Mar 2024 23:59

We present an exciting opportunity to join a prominent organization in the financial services sector. They actively seek an experienced Security Operations Engineer to ensure the company's adherence to security standards.


Responsibilities:


  • Collaborate with technology and business teams to implement security processes, technologies, and controls, serving as the authority for security-related inquiries.

  • Define, design, implement, and maintain security solutions tailored to the business's requirements.

  • Support the definition, execution, and continuous improvement of key cybersecurity processes, including vulnerability and patch management, security incident response, monitoring, endpoint security, identity and access management, network security, and cryptography.

  • Assist in developing and maintaining security policies, processes, incident response management plans, and playbooks.

  • Create and document standard operating procedures and protocols.

  • Provide expertise on security requirements for core technology processes, such as asset management, change management, third-party management, technology development and acquisition, configuration management, etc.

  • Contribute as a team member in projects and change initiatives aimed at enhancing enterprise security capabilities, such as identity and access management, log aggregation, etc.


Required experience:


  • Minimum of 3 years of experience in a Security Engineer/Analyst role, focusing on designing, implementing security solutions, and managing security infrastructure.

  • Previous experience in a financial services environment with a working understanding of relevant regulations.

  • Experience and in-depth technical knowledge of deploying, maintaining, and configuring various security technologies within a large and complex environment (anti-malware/EDR, SIEM solutions, vulnerability scanners, patch management, CASB, DLP, penetration testing tools, etc.).

  • Knowledge of TCP/IP and related network protocols, including standard protocols like TCP, ARP, ICMP, DHCP, DNS, HTTP, SNMP, VPN, etc., and proficiency in accompanying protocol/packet analysis/manipulation tools.

  • Understanding of key operating systems and network appliances, with the ability to assess their security posture based on their configuration and deployment.

  • Experience in effectively collaborating with stakeholders from diverse technology and business teams.

  • Strong verbal and written communication skills.


Desirable experience:


  • Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM).

  • In-depth knowledge of Operating System security and system hardening concepts, such as CIS Benchmarks.

  • Experience in working with information security frameworks and regulatory requirements, including ISO27001, NIST, PCI DSS, GDPR, Cyber Essentials.

  • Experience in general IT audit processes and conducting risk assessments.