Vacancy Name
IT Security Engineer
Vacancy ID
VN2805
Location
UK - Abingdon
Created Date
10/14/2024 1:50 PM
Description
As an IT Security Engineer, you will be responsible for protecting systems, networks and data from cyber threats and ensuring compliance with security standards. Identification of vulnerabilities, responding to security incidents and conducting regular assessments of the Achilles security posture.
Key Responsibilities
SECURITY OPERATIONS Threat Monitoring: Monitor network traffic for suspicious activity, detect and respond to potential threats, and provide recommendations for mitigation. Security Audits: Conduct internal audits of Achilles teams to ensure ISO 27001 requirements are met. Firewall and VPN Management: Configure and manage firewalls, VPNs, and related network security devices to ensure optimal protection. Collaboration: Work with other IT teams to ensure security is embedded in infrastructure designs and processes. Patch Management: Ensure timely updates and patches to network devices to mitigate vulnerabilities. Documentation: Maintain detailed documentation of network configurations, security incidents, and changes made to systems. INFORMATION SECURITY Compliance and Audits: Ensuring that the organisation complies with ISO 27001 requirements and other related standards. Preparing for internal and external audits. Incident Management: Handling security incidents and breaches, ensuring proper reporting and analysis. Ensuring that corrective actions from security incidents are implemented and that lessons learned are incorporated into future improvements. Vendor and Third-Party Management: Ensuring that third-party vendors and service providers comply with the organisation's security policies and ISO 27001 requirements. Continuous Improvement: Monitoring the effectiveness of the ISMS and implementing improvements as needed. Collaboration: Working closely with IT, legal, compliance, and other departments to ensure a unified approach to security. PERSONAL DEVELOPMENT Taking personal responsibility for skills development, particularly to enhance security capabilities. Actively participating in the performance management process and taking responsibility for delivering agreed objectives. RELATIONSHIPS Manage and develop relationships with third party providers and internal stakeholders. Being a security 'go to person'. Qualifications
IT Diploma level or equivalent experience. ISO 27001 Lead Auditor desirable. CISSP, CEH, CCNA Security, or other relevant security certifications are highly desirable. Person Specification
COMPETENCIES DECISION MAKING: Identifies and evaluates the range of options open to them; articulates the assumptions made and the risks involved in decisions taken. ACHIEVING RESULTS: Focuses on performance outcomes despite uncertain or difficult circumstances; actively links own efforts to those of others within the team. MANAGING CHANGE: Responds constructively and quickly to shifting goalposts or changing requirements. DRIVE & MOTIVATION: Addresses multiple demands without losing focus or energy. CREATIVE CAPACITY: Uses initiative to resolve recurring problems in own role or team. KNOWLEDGE Understanding of ISO 27001 principles, threat modelling, vulnerability assessments, and risk treatment methodologies. Deep understanding of network security principles (e.g., firewalls, VPNs, intrusion detection systems, SIEM), and network protocols. Knowledge of encryption methods, access control mechanisms, and endpoint security tools. Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI DSS) and best practices. Knowledge and experience with securing cloud environments (AWS, Azure, GCP). Knowledge of network architectures. EXPERIENCE Minimum of 3-5 years of experience in IT Security, with a proven track record in a similar role. Technical skills: Strong understanding of network protocols, including TCP/IP, DNS, routing, and switching. Experience with network security tools (e.g., Wireshark, Snort, Nmap) and SIEM solutions. Familiarity with cloud security (AWS, Azure, GCP) is a plus. Soft skills: Strong problem-solving and analytical skills; excellent communication skills, both verbal and written. Preferred skills: Experience in conducting penetration testing and threat hunting; scripting experience (e.g., Python, PowerShell) for automation of security tasks.
#J-18808-Ljbffr
SECURITY OPERATIONS Threat Monitoring: Monitor network traffic for suspicious activity, detect and respond to potential threats, and provide recommendations for mitigation. Security Audits: Conduct internal audits of Achilles teams to ensure ISO 27001 requirements are met. Firewall and VPN Management: Configure and manage firewalls, VPNs, and related network security devices to ensure optimal protection. Collaboration: Work with other IT teams to ensure security is embedded in infrastructure designs and processes. Patch Management: Ensure timely updates and patches to network devices to mitigate vulnerabilities. Documentation: Maintain detailed documentation of network configurations, security incidents, and changes made to systems. INFORMATION SECURITY Compliance and Audits: Ensuring that the organisation complies with ISO 27001 requirements and other related standards. Preparing for internal and external audits. Incident Management: Handling security incidents and breaches, ensuring proper reporting and analysis. Ensuring that corrective actions from security incidents are implemented and that lessons learned are incorporated into future improvements. Vendor and Third-Party Management: Ensuring that third-party vendors and service providers comply with the organisation's security policies and ISO 27001 requirements. Continuous Improvement: Monitoring the effectiveness of the ISMS and implementing improvements as needed. Collaboration: Working closely with IT, legal, compliance, and other departments to ensure a unified approach to security. PERSONAL DEVELOPMENT Taking personal responsibility for skills development, particularly to enhance security capabilities. Actively participating in the performance management process and taking responsibility for delivering agreed objectives. RELATIONSHIPS Manage and develop relationships with third party providers and internal stakeholders. Being a security 'go to person'. Qualifications
IT Diploma level or equivalent experience. ISO 27001 Lead Auditor desirable. CISSP, CEH, CCNA Security, or other relevant security certifications are highly desirable. Person Specification
COMPETENCIES DECISION MAKING: Identifies and evaluates the range of options open to them; articulates the assumptions made and the risks involved in decisions taken. ACHIEVING RESULTS: Focuses on performance outcomes despite uncertain or difficult circumstances; actively links own efforts to those of others within the team. MANAGING CHANGE: Responds constructively and quickly to shifting goalposts or changing requirements. DRIVE & MOTIVATION: Addresses multiple demands without losing focus or energy. CREATIVE CAPACITY: Uses initiative to resolve recurring problems in own role or team. KNOWLEDGE Understanding of ISO 27001 principles, threat modelling, vulnerability assessments, and risk treatment methodologies. Deep understanding of network security principles (e.g., firewalls, VPNs, intrusion detection systems, SIEM), and network protocols. Knowledge of encryption methods, access control mechanisms, and endpoint security tools. Knowledge of compliance frameworks (ISO 27001, SOC 2, PCI DSS) and best practices. Knowledge and experience with securing cloud environments (AWS, Azure, GCP). Knowledge of network architectures. EXPERIENCE Minimum of 3-5 years of experience in IT Security, with a proven track record in a similar role. Technical skills: Strong understanding of network protocols, including TCP/IP, DNS, routing, and switching. Experience with network security tools (e.g., Wireshark, Snort, Nmap) and SIEM solutions. Familiarity with cloud security (AWS, Azure, GCP) is a plus. Soft skills: Strong problem-solving and analytical skills; excellent communication skills, both verbal and written. Preferred skills: Experience in conducting penetration testing and threat hunting; scripting experience (e.g., Python, PowerShell) for automation of security tasks.
#J-18808-Ljbffr
