Information Security Consultant
As an Information Security Engineer you will focus on implementing IT Security best practices for a major project and its requirements. This role requires proven experience with security telemetry, security intelligence, anomaly hunting and incident response. You must leverage intuition, security knowledge and use a broad of array of tools and advanced security techniques to help us uncover and stay alert to malicious activity.
The Information Security Engineer role is key to the success of the project. Ensuring we meet all customer requirements, on time and within budget. Working in a fast paced environment you will work in the UK Security department reporting to the UK Security Manager/CISO. The role demands interaction with all levels of the business both locally, with customers and with our Corporate Security Team.
- You will define and implement the SIEM solution into a critical production environment, ensuring all security elements are considered and addressed.
- You will define and implement the Vulnerability scanner solution in the production environment.
- You will perform both internal and external security audits. Communicate clearly audit findings and recommendations to the local CISO. Ensure that audit recommendations are properly implemented.
- You will monitor all implementation processes for various security systems and ensure compliance to policies and procedures. Collaborate with Information Technology, Development and business team members to provide effective solutions.
- You will keep up to date on current cyber security developments, discuss trade-offs, think about context and understand what threat modelling is.
- You will monitor security access, conduct security assessments through vulnerability testing and risk analysis.
- You will oversee third party and customer internal and external audit programmes for logical security audits. Conduct audits/reviews of information system environments in line with the agreed timetable or as directed. This must ensure both compliance with the Information Security Policy and that the necessary controls are in place to satisfy external audits.
- You will identify high-risk security issues associated with the information systems environments and escalate to UK Security Manager as required.
- You will investigate IT related complaints / incidents in conjunction with the Security Manager, local Security Officers and/or Departmental Managers and providing input for Remedial Action Plans when required.
- You will ensure closure of all penetration testing non-conformities through provision of sound remedial actions via local IT / ISS resources.
- You will work with staff implementing systems to ensure that security considerations are fully taken into account and inherent within the design of systems being implemented.
- You will provide training to employees in IT Security controls and best practice.
- You will provide support to other sites in the UK; some travel will be expected.
Skills & Experience:
To succeed at this job, you must have good Knowledge of TCP/IP and related network protocols: knowledge of standard network protocols like TCP, ARP, ICMP, DHCP, DNS, HTTPS, SNMP etc., and accompanying protocol/packet analysis/manipulation tools.
You must demonstrate an understanding of DLP/IDS/IPS/Firewall technologies, ability to construct custom signatures and investigate intercepted traffic/logs.
We would like someone to join our team who is a lead auditor for CISA, CISM and ISO 27001. CISSP certification is also desirable.
We are looking for someone with 3 years’ + IT Security experience, ideally in a large enterprise environment. Development / Configuration experience with any industry leading SIEM platform. Experience performing technical analysis involving security event data and evaluating malicious activity. Solid experience in ISO/IEC 27001:2013 framework. Experience of performing Penetration testing is highly desirable. Experience in at least three of the technologies listed below is preferred:
- Active Directory Federation Services
- Active Directory Domain Services
- Active Directory Certificate Services
- Microsoft Identity Manager
- Windows Server Operating Systems
- Securing Windows Servers and Clients
- Microsoft VDI Security
- Windows 7 Security
- Windows 10 Security
Due to the nature of this client individuals with a current SC or DV clearance are strongly encouraged to apply.
If you have any questions regarding the above role do not hesitate to contact me by phone or email
(01908 030 130 / firstname.lastname@example.org)