Cyber Security Engineer

Job Description

Role: Cyber Security EngineerCompany: AWAZE (Cottages.com | Hoseasons | Novasol)Welcome to AWAZETo deliver on our promise of "everyday amazing holidays", were investing heavily in new tech to UNIFY our brands, TRANSFORM the experience of our Guests & Owners and CREATE something special for the vacation rentals market.Home to some of the continents most trusted travel brands, including Cottages.com, Hoseasons, and Novasol, weve never been busier and its safe to say that everybody has definitely had enough of staying at homeand cant wait to get away for a familystaycation .Weve hired some great people since October (50+) and were continuing to move full steam ahead with our growth plans with more key hires to be made within our engineering teams.Do you fancy joining us on our journeyWhat will you be doing in your roleThe role will encompass technical security operational activities to address cyber and privacy risks to the business through the application of threat analysis, security testing and assessment, incident response.Working closely with our CISO, youll be taking ownership of daily operational activities centred around security monitoring, vulnerability assessment, incident response assistance, IT change approvals and participating in secure product development activities,ensuring acceptable and compliant standards for information and cyber security risk are maintained and improved in the business.With this wide-ranging brief, the role will influence and support the objectives of protecting our websites, portals and infrastructure, enforce PCI DSS compliance activities and the protection of personal data as it relates to the GDPR.The security team play a pivotal role working with the legal teams and wider business functions to ensure the Groups technology, processes and services meet the requirements of regulation to which we are bound across Europe. The Information Security Analystwill also have input into assessments and audit support to assist the IT teams meet the necessary control requirements.Main responsibilities

• Administrating and maintaining a spectrum of new and established security technologies including vulnerability scanning, SIEM tools, EDR, web and mail protection.
• Collaborating with the Product teams to provide advisory and coordinate iterative on-demand testing
• Reporting on risk exposure and provide risk prioritized remediation advisories and tracking progress.
• Coordinate penetration tests with penetration testing partners, IT and Development teams, acting as key point of contact for all security activities and advisories in relation to remediation and mitigation.
• Assist in the coordination and response to security and privacy incidents.
• Oversee and maintain the overall security technology stack to ensure it is operating and delivering the required security protections as intended working with the Security Champions across the group.
• Implementing security controls in compliance with legislation and regulatory frameworks (e.g. DPA, PCI-DSS, GDPR) and the Group Information Security Policies.
• Identifying and prioritising IT and security compliance risks and recommend appropriate mitigating controls.
• Implementing security methodologies and industry standards (e.g. NIST CSF, OWASP, Mitre ATT&CK ).

What key skills do you needIts important in this role to be adaptable, be proactive and prioritise effectively, The businesses have varying levels of information security maturity, a cool calm consultative approach is essential to ensure business buy-in and achieve the objectiveof both protecting and educating the business. With this in mind we are looking for:

• Minimum 3 years experience in a hands-on security role in an online ecommerce driven business.
• Experience of working within a product development environment (Agile/Scrum) framework.
• Exposure to multi-tier, multi-tenant environments utilising cloud compute services (AWS, Azure).
• Exposure to applying security principles and controls to Software Defined Networks(SDN), IAC (Terraform) and containerisation.
• Practical experience of security technologies (e.g. EDR, SIEM, IPS, F/W, SSO, DLP and MDM solutions).
• Application of security assessment frameworks, e.g. threat modelling (Mitre Att&CK), controls assessment, risk assessment (NIST, OWASP, CVSS).
• Practical experience in supporting investigations into security incidents, escalating issues where necessary.
• Hands-on experience within security assessment tools including vulnerability scanning tools, SIEM, DLP and EDR.
• Working within an ITIL framework.
• Experience in developing, managing and improving operational risk and compliance processes.
• Team oriented with communicating effectively, both written and spoken.
• Ability to deal with ambiguity and rapid change in what can be a pressurised environment.
• Ability to manage conflicting priorities, multitask and meet tight deadlines.
• Must be very proactive in understanding and staying up-to-date in current security technologies and industry technology trends.
• Certifications and qualifications: CISSP, CEH, OSCP, CompTIA, GIAC, CISM and other IT related qualifications.
• Desirable languages: German, Dutch, Danish in addition to English.

What we will give youNot only will you be joining a brand new international team, youll also have the freedom to inform the best way of working to get the job done and play a key role in helping us shape the culture of our new, City Centre office.We also provide:

• Competitive salary plus bonus
• 18% Discount (Awaze holidays)
• Flexible working
• Matched pension scheme
• Life assurance
• 25 days annual leave + bank holidays
• Perkbox subscription

Lets talkIf youre interested in transforming the industry and reinventing how our technology powers everyday amazing holidays, apply now!

Keyskills :
EcommerceProduct DevelopmentScrumAgile Methodologies