_______________________
____________________
_____________________
______________________
_____________________
_____________________
____________________
___________________
___________________________
_________________________
?? Exciting Opportunity: Cyber Security Engineer ?? Are you ready to drive innovation and make a significant impact in the field of cyber security? Embrace a pivotal role where technology meets strategy! Role Highlights: Join a dynamic Cyber Security team focusing on Threat Detection and Response platforms. Your key responsibilities will include: Building & Maintaining: Deploy and manage robust enterprise security tools, specifically Delinea and Saviynt. Protecting: Enhance systems to safeguard organizational data. Advising: Provide technical expertise across incident management, risk mitigation, and more. Innovating: Support the design and implementation of cutting-edge security products and policies. Guiding: Mentor and guide the Digital Technology & Innovation (DTI) community. What's in it for You: Access to advanced cyber security tools and applications. Exposure to multiple cloud providers and security suites. Development opportunities within a multi-technology cyber team. Hands-on experience with AI technologies. Comprehensive benefits package, including: 25 days of holiday plus bank holidays. Private healthcare with Bupa. A non-contributory pension up to 12%. Life assurance of eight times your basic salary. Income protection. Hybrid working model - work from home up to 60% of the time! Ideal Candidate Profile: Proven experience in security engineering roles with expertise in SIEM systems and cloud computing environments. Familiarity with DevOps CI/CD pipelines and configurations. Hands-on engineering experience with Delinea and Saviynt, or comparable tools like CyberArk and SalePoint. Essential knowledge of Microsoft Entra. Preferred certifications: CISSP or CISM. Capable of managing incidents, problem investigations, patching, release management, and risk mitigation. Ability to obtain Security Clearance (SC). Morgan McKinley is acting as an Employment Agency and references to pay rates are indicative. BY APPLYING FOR THIS ROLE YOU ARE AGREEING TO OUR TERMS OF SERVICE WHICH TOGETHER WITH OUR PRIVACY STATEMENT GOVERN YOUR USE OF MORGAN MCKINLEY SERVICES.
About The Role The Continuous Security Testing service is a consultant led vulnerability identification and verification service which makes use of automated vulnerability scanning along with significant manual testing against a broad scope in a continuing engagement. The purpose of the service is to continually monitor a customer's external attack surface for new vulnerabilities, changes in the scope of the attack surface, and proactively inform customers of discovered issues along with recommended remediation; with the overall aim of reducing the lifetime of each vulnerability. Manual testing includes identification of issues which automation alone could not identify, exploitation of all issues, often chaining multiple findings together in order to determine the true impact of vulnerabilities for the customer. Pre-engagement activities including scoping of assessments and statements of work and determining customer requirements and restrictions. On boarding customers into the service including configuration of continual scanning and liaising with customer to resolve issues which may reduce the effectiveness of scanning. Monitoring of the customers' external perimeter for changes, and proactive discovery of new targets to include within the customer's scope. Manual identification and exploitation of vulnerabilities. Manual verification and exploitation of scanner findings. Detailed analysis of issues identified and exposure for the customer including proof of concept, reproduction steps, and recommended remediation. Communication of findings to the customer in a detailed, accurate and manageable manner both orally and through written vulnerability/scope notifications and periodic summaries. Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes. Continual professional development to maintain and develop knowledge and technical competencies. Maintain professional technical qualifications to demonstrate competency to our clients. Contributing to the writing and publishing of whitepapers and advisories. Undertaking projects and support tasks as appropriate to the role. About You Essential Technical: Core computing skills including but not limited to: Networking fundamentals - understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools. Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions. Strong knowledge of web application technologies and security assessment including but not limited to: REST APIs, SOAP APIs, XML and JSON formats. Vulnerability identification and exploitation (not limited to OWASP Top 10). Experience with common assessment tools such as MITM proxies (e.g. Burp Suite Pro) and SQLMap. Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to: Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualisation, databases, switches/routers, etc). Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools. Essential Experience: Providing remediation advice Producing accurate technical reports Working under pressure of deadlines and structuring workload accordingly Problem-solving, helping others to understand complex ideas Essential General: Client facing, able to confidently and professionally represent the company Must be self-motivated and able to work in an independent manner as well as part of a team Excellent written and oral communications skills Positive, collaborative and enthusiastic Appetite to shadow, train and develop to improve capabilities into all areas of security testing In addition, the following are highly desirable: CPSA, CRT, OSCP or equivalent reputable information security certifications Familiarity with testing cloud environments Public speaking experience