Senior Security Engineer
Hastings Direct is a fast growing, agile, data and digitally focused general insurance provider to the UK market, with over 2.6 million customers and employing over 3,000 colleagues at sites in Bexhill, Leicester and Newmarket. We have built our business by championing the customer by providing refreshingly straightforward service and products and offer car, motorcycle, van and home insurance directly to the public.
We now have an opportunity within our IT department for a Senior Security Engineer. This position is based from our head office in Bexhill.
Reporting to the Head of Technology, the primary purpose of the role of Senior Security Engineer is to ensure that the Company's information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction, through the implementation of properly managed security solutions, and continued application of effective security controls. You will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions, and will ensure alignment to the Information Security reference and governance frameworks, enterprise security architecture, relevant regulatory requirements and best practice.
Responsibilities will also include:
Being the product owner for security solutions, ensuring they are implemented effectively in conjunction with the Infrastructure Engineering, Service Operations teams and 3rd parties
Ownership of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, and leads all information security related projects
Evaluating new security technologies and products and performs engineering work and analysis to determine if solutions should be pursued, and subsequent implementation as required
Contributing to and managing the Security Technology roadmaps
Supporting the delivery of new projects, ensure that new projects are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles
Co-ordinating all PCI DSS requirements with respect to IT requirements and be the single contact for PCI compliance for IT
Assisting in the development and maintenance of security policies, standards and procedures to support the Group's risk management framework and business strategy
In order to be considered for this role you will have:
- Proven track record of information technical security experience and to be seen as a subject matter expert
- Hands-on security engineering experience of Operating Systems, Active Directory, Group Policy, Network Protocols, PKI, proxies, access management, etc.
- Extensive implementation experience of a wide range of security products such as access audit tools, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
- Experience of implementing and monitoring SIEM systems and managing associated incident response processes
- Working knowledge of host hardening techniques including Windows/UNIX/Linux
- Detailed understanding of tools and techniques used by ethical hackers including vulnerability testing tools and methodologies
- Ability to demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats
- Experience working with or in a Computer Security Incident Response Team (CSIRT)
- Experience with security testing tools, development of threat assessments and security testing methodologies is desirable
- Experience working with security controls in cloud services e.g. AWS, Office 365, etc. and XaaS providers
In return for your skills and experience, you will receive a competitive salary along with an annual bonus, contributory pension, life assurance, along with Hastings Direct discounts and reward schemes.
If the above looks and sounds like you then please do not hesitate and apply today!