IT Security Engineer
IT Security Engineer
Fully Remote Working
Up to ??46,000 + benefits
Fantastic new permanent opportunity for an experienced IT Security Engineer with strong background within network security and security engineering and for this large financial services company based in Bristol. The position will be fully remote.
As a key member of the Planning, Architecture & Security services team, the role will be at the forefront of the companies security strategy, ensuring the confidentiality, integrity and availability of all their information and information systems.
This role will focus on security and quality control in the IT department and will include designing, building and securing, scalable and robust systems. This role will help the company understand security threats and help create strategies to protect the businesses assets and interests. The role will ideally suit someone with a strong background within network engineering and has progressed into security engineering.
- Determine security requirements based on company needs and/or strategies, and use this evaluation to research solutions, tools, and other items that may need to be procured or enhanced to protect the company.
- Develop and implement tools to assist in the detection, prevention and analysis of security threats and ensure these tools continue to provide effective and up to date security controls.
- Work closely with the solution architects to ensure POCs and solution selection is done with relevant SMEs and within architectural guardrails.
- Identify, draft and maintain security policies, guidelines, procedures, processes, baselines and documentation based on known industry standards and best practice.
- Use up-to-date technical insight on current security threats and attack vectors to identify vulnerabilities and risks in the design of system components (eg networks, systems, applications) and use this information to draft, discuss, design and implement solutions in conjunction with the Architecture and Governance team.
- Conduct appropriate security scans (vulnerability, baseline), vulnerability analysis and risk assessments.
- Investigate Security Incidents and provide technical resolutions either independently or with suppliers and other third parties.
- A proven background within Network and Security Engineering.
- A good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP).
- Knowledge and adherence to data protection legislation and regulatory requirements (eg GDPR, FCA SYSC, PCI DSS).
- Experience in designing secure components (eg networks, systems, applications, security technologies).
- Comprehensive knowledge of network design, defence-in-depth principles and network security architecture.
- Extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (eg SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
- Strong working knowledge of authentication technologies (eg two-factor, multifactor).
- Foundational knowledge of "BeyondCorp" principles (eg limiting access to confidential information, limiting remote access to applications, differentiating between corporate and personal devices, trusted endpoints).
- Confident using Active Directory (eg GPO, DNS, DHCP).
- Knowledge of endpoint security solutions (eg HIDS, anti-malware, file integrity, DLP).
- AWS and cloud platforms (eg SaaS, IaaS, PaaS).
- System administration, supporting multiple platforms and applications.
For any further queries regarding the role, please contact Danny Palmer at (see below)