We are seeking a skilled, proactive, and dedicated Cybersecurity Engineer to work within our clients growing cyber team.
You will be expected to aid in the effective selection, implementation, management, and monitoring of various systems and processes, as well as overseeing Security Incident management and response.
This role is ideal for someone with a solid technical background who also possesses strong written and verbal communication skills to effectively lead and support initiatives.
A minimum of three years of experience as an internal cybersecurity professional or consultant is required.
Key Responsibilities:
- System Ownership & Enhancement: Manage and optimize existing cybersecurity systems to align with evolving business needs, including creating procedures and delivering training as needed.
- Continuous Improvement: Enhance systems for data leakage prevention, vulnerability management, anti-malware, patching, and more, ensuring alignment with ISMS policies.
- Project Support: Assist in defining, planning, and implementing cybersecurity projects, and regularly update stakeholders on progress, challenges, and successes.
- Security Reference Architecture: Contribute to the development and maintenance of security reference architecture documents to guide the secure development of new products and services, working closely with the Product Engineering and DevOps Teams.
- Vulnerability Management: Conduct vulnerability, endpoint, and configuration management scans, ensuring results are communicated and resolved, while maintaining system effectiveness.
- Reporting: Build comprehensive reports across all systems, highlighting key metrics for the Head of Information Security & Data Protection and other business leaders.
- Procedure Development: Assist in creating Information Security procedures and Use Case runbooks, ensuring familiarity with the MITRE ATT&CK Framework.
- Incident Response: Support the refinement and execution of security incident response procedures, including evaluating and reporting on the business impact of security threats.
- Monitoring & SOC Support: Actively monitor systems and incidents, distinguishing critical issues, and support the expansion of a 24/7 SOC with third-party assistance.
- Threat Modeling: Perform threat modeling, documenting risks, mitigations, systems, and controls.
- Policy Management: Assist in updating and managing the ISMS in relation to new standards, best practices, and compliance requirements.
- Risk Management: Contribute to risk management efforts by articulating and documenting cybersecurity risks in the enterprise risk register.
- Strategic Input: Use your expertise to support the development of the Salary Finance Information Security Strategy.
Qualifications:
- Experience & Education: Proven experience within an information security team in a commercial setting, with a degree in a computer science-related field.
- Technical Expertise: Strong technical knowledge across IT and security systems, with the ability to quickly adapt to new technologies.
- Hands-On Experience: Practical experience with AWS, DevOps, and IT Teams in implementing and managing security systems, controls, and alerts.
- System Configuration & Management: Experience with Qradar, SentinelOne, Google Workspace Admin, Wiz, Netskope, ESET Cloud, and other security tools.
- Control Administration: Skilled in managing system and network controls, including firewalls, IPS, endpoint protection, IAM, RBAC, DLP, CASB, web filtering, MFA, WAF, SACLs, SIEM, and more.
- SIEM Integration: Experience in integrating disparate systems into a unified SIEM as part of a comprehensive information security strategy.