Senior Security Engineer - Security Operations

Job Description

Senior Security Engineer - Security OperationsGlasgow - Fully Remote Working£40,000 - £45,000 + benefitsFantastic new permanent opportunity for an experienced Senior Security Engineer with a strong background within security engineering and security operations and for this specialist IT services provider. The position will initially be fully remote with onlya need to attend the office on occasion as and when required post pandemic.As Senior Security Engineer you will have proven experience of engineering and maintaining market leading security technology focused on the principles of privacy by design. You will have the opportunity to support and mentor others within the team as wellas the opportunity to be hands on and provide the autonomy to bring innovation to the table.This role will help the company understand security threats and help create strategies to protect the businesses assets and interests. The role will ideally suit someone with a strong background within IT Infrastructure or network engineering who has progressedinto security engineering with a strong focus towards security operations.Main responsibilities:

• Collaborating with the Head of Cyber Security to develop and implement the cyber security strategy.
• Developing new security capabilities to support delivery and ensure that the tools and approaches used are effective.
• Responsible for the Information Security Management Programme ensuring continued maintenance of ISO270001 and Cyber Essentials Plus accreditations as well as regulations such as UK Data Protection and EU GDPR regulations.
• Responsible information security management policies, processes and systems including the implementation and monitoring of all security controls.
• Responsible for building out the security incident management, breach response processes and playbooks.
• Responsible for designing and implementing secure configurations and security services to meet our control requirements.
• Responsible for the delivery of the Security Operations Centre service provided by a trusted third-party.
• Leading the assessment of security events and the investigation of security incidents to protect assets (e.g. facilities, data, network, server, access, people).
• Responsible for proactive vulnerability monitoring service ensuring that all known vulnerabilities are addressed in line with the requirements set out in our vulnerability management policy.
• Actively manage and monitor relevant threat intelligence feeds and where required assess, analyse and act including disseminating relevant intelligence in a timely manner to appropriate stakeholders.
• Responsible for planning and co-ordinating internal and third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems.
• Responsible for identifying, assessing, managing, remediating, and tracking information security risks through the risk management framework and ensuring key risks are reported through regular MI reporting and governance forums.

Skills Required:

• A proven background within IT Infrastructure and or Network Engineering as well as and Security Engineering and Security Operations.
• A good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Cyber Essentials, OWASP).
• Proven experience and understanding of security analysis tools, defensive technologies and other security technologies (e.g. SIEM, VAS, IDS/IPS, Firewalls, IAM, NAC, patch management, anti-malware).
• Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the business technology and security strategy.
• Expert knowledge of Information Security frameworks, supporting processes and toolsets plus will hold a relevant information security professional accreditation.
• Experience of mentoring and motivating junior team members to develop their knowledge in cyber security.
• Good understanding of managed hybrid cloud services including good awareness of underpinning private and public cloud infrastructure platforms.
• Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and / or complex security incidents.
• Excellent written and verbal communication skills with the ability to engage technical and business stakeholders at all levels.

For any further queries regarding the role, please contact Danny Palmer on or at