ICT Security Engineer
£23-£33k + Benefits
Our client is a local authority who are currently looking for a Security Engineer to join their ICT team in Worcestershire.
Their staff are at the heart of what they do, and as a result they are always looking to recruit, develop and retain the very best talent they can find. That's why, as well as a satisfying job, they offer a range of attractive benefits, such as flexible working arrangements, generous holiday entitlements, a great pension scheme, plenty of opportunities for personal development as well as discounted childcare and gym membership.
Our client pride themselves on being a progressive, forward thinking organisation who spend their time and energy on what matters to their customers, residents and communities. Duties will inevitably develop and change as the work of our client changes to meet the needs of their customers.
- Perform regular vulnerability scans of all ICT systems and devices.
- Produce work plans providing details of all critical and high vulnerabilities that need to be addressed. Ensuring that vulnerabilities are addressed within prescribed timescales.
- Ensure that patches for critical vulnerabilities are applied within 14 days of identification.
- Ensure that patches for high vulnerabilities are applied within 14 days of identification.
- Organise annual ICT health check.
- Produce action plan to address any vulnerabilities identified by ICT health check.
- Review reports from PCI compliance organisation (currently Securitymetrics).
- Acting on reports and ensuring any vulnerabilities are addressed within prescribed timescales.
- Maintain awareness of requirements for PCI compliance and ensure that any measures are implemented.
- Ensure Cyber Essentials accreditation is maintained.
- Confidentially carry out investigations and produce reports on Internet usage, Email usage, Account activity and any other ICT related investigation.
- Monitoring SIEM and manage SIEM systems in place to ensure they provide proactive reports of security breaches.
- Monitoring of security information from external sources.
- Maintain list of all applications and other software in use including maintenance support and end of life (unsupported) dates if appropriate.
- Work with business application team to ensure all applications in use meet appropriate security levels.
- Work with infrastructure team to ensure all infrastructure in use meets appropriate security levels.
- Maintain awareness of areas of vulnerability in security of web based applications.
- Work with web and self-service team to ensure all web and self-service applications in use meets appropriate security levels.
- Ensure that appropriate incident response procedure is in place to handle critical ICT security incidents.
- Carry out six monthly exercises to ensure procedure can handle current threats effectively.
Key & Technical Skills
- Good working knowledge of ICT security standards and requirements to ensure that all data is effectively managed with a good working knowledge of requirements such as PSN/PCI.
- Good working knowledge of cyber security risks and the mitigations required.
- Good working knowledge of ICT infrastructure ideally including Microsoft Active Directory group policy.
- Good working knowledge of voice and data networks ideally including Cisco firewalls.
- Good working knowledge of web based applications and web security certificates.
- Good working knowledge of ICT security tools ideally including Nessus Vulnerability Scanner and Sophos Endpoint protection.
- Good working knowledge of ICT security vulnerabilities of software applications, web based applications, and infrastructure.
- Good working knowledge of SIEM tools and SIEM systems.
- Puts the customer at the heart of all solutions and approaches proposed.
- Confident and self-motivated.
- Effective negotiation skills.
- Ability to work with due regard to appropriate Project/Development standards.
- Builds confidence in others and is able to demonstrate business benefits to approaches being recommended.
- Resilient and tolerant of pressure.
- Smart, polite, confident.
- Flexibility over working hours to provide occasional support to business functions out of normal working hours (including evenings and weekends).
- Willingness and ability to travel to other locations as required.
Experience & Qualifications
- At least 1 years’ experience in IT Security
- A relevant degree in IT or IT Security
- ITIL Foundation (not essential)
If you are interested in applying for this position then please email Jonny Duggan at firstname.lastname@example.org or call him on 01908 886 038. Junior candidates will be considered for this position so please feel free to apply.