Information Security Engineer

Location: London

Contract Type: Permanent Full Time

Closing Date: 05 March 2018

Salary: Competitive Salary + Excellent Benefits

Information Security Engineer

Primarily responsible for day to day activities within the Information Security Team and working with Delivery and Engineering teams including other members of the Information Security Team, Architects and Product Owners to ensure that Technology projects are delivered securely, protecting client and employee data and ensuring compliance with Information Security policies and standards. The role will coordinate Penetration Testing and other security testing in support of in-house development and manage remediation of identified vulnerabilities and participate in the full risk management lifecycle.

 

Key Role Responsibilities:

  • Define Security Non Functional Requirements for each project and ensure that they are fulfilled prior to going into service
  • Ensure the relevant technology standards are applied to specific projects
  • Provide end to end engagement on a wide range of IT projects ensuring that security is built in, they deliver securely and client and employee data is protected
  • Attend Programme/Project meetings, CAB and various design authority meetings, and represent Information Security, giving advice as required
  • Manage all information security tools to ensure risk is managed appropriately. Tools include:
    • Qualys, CloudLock, Sophos Endpoint, SecureDrop, SIEM provider, Malwarebytes, Veracode
  • Update information security policies as appropriate and in line with governance processes
  • Manage all ad hoc information security requests that are raised through the service desk system
  • Working with BC/DR specialists to ensure that information security requirements are appropriately managed
  • Manage external resources to ensure that penetration testing is carried out to a suitable standard on time and within budget
  • Scope and manage Penetration Testing including the production of a plan to remediate vulnerabilities identified during any tests in a timely manner
  • Liaise with the Engineering Team to ensure that Code Reviews, Application Scanning and Infrastructure Scanning is conducted in support of In-House Development utilising Agile delivery methodologies as part of a Secure By Design philosophy.
  • Responsible for ensuring that any vulnerabilities identified are processed in accordance with the latest Information Security Risk Management process including; risk analysis, identifying and applying appropriate controls, recording, reviewing and approval

Additional Responsibilities

  • Review architectural and design documents including Solution Outline Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams etc.
  • Produce resource estimates for Information Security engagement on projects and record your time on the current resource management tool
  • Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike
  • Carry out PCI impact assessments on projects where appropriate

 

Key Skills and Experience:

  • Experience of risk management
  • Knowledge and skills to manage Penetration Testing processes and remediation
  • Has a broad knowledge and understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management etc.
  • Knowledge of secure software engineering practices, including  OWASP, tools and methodologies
  • Some knowledge of PCI, DPA, NIST800 and ISO27001
  • Ability to code or script in a modern programming language is highly desirable.
  • Knowledge of operating within a regulated consumer business
  • Ability to provide IT/IS Security assurance on projects with a view to taking on complex projects after gaining the requisite experience
  • Demonstrates knowledge of good security practice ensuring that all aspects of confidentiality, Integrity and availability are adhered to
  • Knowledge of methods and techniques for risk management
  • Experience of reviewing system design documentation; including Detailed Infrastructure Designs, Service Acceptance Criteria, Non-Functional Requirements etc.
Apply now