This is an exciting and challenging role to help ensure that the company’s information and information systems are secure from unauthorised access. You will be a key member of the Security Engineering team, and will be a subject matter expert in hands on security engineering with the ability to communicate with stakeholders at all levels to ensure propositions are deployed to meet business goals.
Reporting to the Security Lead, this role will primarily be responsible for ensuring that the company’s information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction. This will be through the implementation of properly managed security solutions, and continued application of effective security controls.
The successful applicant will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions. They will also be a key member of the Security Engineering team, ensuring alignment to the Information Security reference and governance frameworks, enterprise security architecture, relevant regulatory requirements and best practice.
Your remit will include the following;
· Being a key member of the Security Engineering team, responsible for technical security solutions, and helping to ensure that these are implemented effectively in conjunction with the Infrastructure Engineering and Service Operations teams and 3rd parties, whilst working closely with the Hastings Risk team.
· Engineering support of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, playing an integral part in all information security related projects.
· Evaluating new security technologies and products and performing engineering work and analysis to determine if solutions should be pursued, and subsequent implementation as required.
· Contributing to the Security Technology roadmaps.
· Supporting the delivery of new projects by helping to ensure that these are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles.
· Assisting in the development and maintenance of security policies, standards and procedures to support the Group's risk management framework and business strategy.
· Ensure security controls continue to be effective by implementing an ongoing roadmap of work to review and remediate.
· Implementing the penetration test and vulnerability management process and schedule and working with relevant stakeholders such as Infrastructure Engineering, DevOps and 3rd parties to remediate effectively and properly in accordance to their criticality.
· Responsible for assisting with the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk, including RAG based status tracking, security dashboard reporting and trending for ExCo and Risk Management audience.
· Identify and assisting with the implementation of opportunities for innovation and continuous improvement in the delivery of appropriate Information security solutions.
· Interpreting the information security reference and governance frameworks and liaise with all relevant parties to ensure solutions are delivered securely and appropriately.
· 5 years hands-on security engineering experience of Operating Systems, Active Directory, DNS, Group Policy, Network Protocols, PKI, proxies, access management, etc.
· 3 years implementation and administration experience of a wide range of security products such as access audit tools, anti-virus, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
· Experience of implementing and monitoring SIEM systems and managing associated incident response processes.
· Working knowledge of host hardening techniques including Windows/UNIX/Linux.
· An understanding and practical experience (preferred but not essential) of enterprise information security and knowledge of some standards including Cyber Essentials, ISO 27001, PCI-DSS, Data Protection Act and GDPR.
· Understanding and willingness to learn tools and techniques used by ethical hackers including vulnerability testing tools and methodologies.
· Ability to demonstrate an interest in Information Security generally, including knowledge of current and evolving Cyber threats.
· Experience with security testing tools, development of threat assessments and security testing methodologies is desirable.
Benefits for you
Please find some of the great benefits we have to offer at Hastings Direct;
• Competitive basic salary which will be shared with you upon short listing, but do feel free to email the recruitment team for more information in advance of your application- email@example.com
• Car allowance
• Up to 10% bonus
• Flexible and remote working opportunities
• 27 days holiday
• Private medical
• Life assurance
• Competitive pension
• Flexible benefits- buy or sell holidays, dental, health care cash plan
• Discounted Hastings Direct products