employee recruitment - permanent

As a Cyber Security Engineer, you will be responsible for assessing and mitigating security risks in our applications, conducting security reviews, implementing security best practices and collaborating with development, operations & business teams to enhance our security posture. This role will perform vulnerability assessments, recommend remediation actions, and ensure compliance with industry best practices and standards. The ideal candidate must have strong knowledge of security best practice, application/system vulnerabilities and security assessment/testing tools.

You will be a key driver of our cybersecurity strategy, responsible for orchestrating the development, implementation, and assurance of state-of-the-art cybersecurity practices. Your role will be pivotal in securing our organisation against emerging threats, maintaining compliance with industry standards, and aligning our security measures with strategic business objectives. This includes an emphasis on monitoring the threat horizon and technological advancements to ensure we keep pace with any changes in the threat.

Your main responsibilities will include:

• Implement automated security testing tools and frameworks to enhance the efficiency and effectiveness of security assessments.
• Manage a comprehensive vulnerability management program, identifying, prioritising, and remediating vulnerabilities across the organisation's digital landscape.
• Collaborate with engineering teams to ensure timely and effective vulnerability remediation, tracking the progress of remediation efforts.
• Stay informed about the latest threats and vulnerabilities, applying a strategic approach to mitigate risks.
• Support regular security assessments, audits, and penetration testing, translating findings into strategic enhancements for the organisation's cybersecurity posture.
• Support incident response efforts and guide strategic remediation actions in the event of a security breach, mitigating potential damage.
• Collaborate with cross-functional teams to integrate security measures into development, infrastructure, and business operations, emphasising the strategic impact of security.
• Maintain a forward-looking approach to identify and integrate emerging technologies and threat intelligence into our strategic cybersecurity architecture.
• Stay up to date with industry security standards, regulations, and frameworks relevant to security. Ensure compliance with security standards such as OWASP, PCI DSS, and GDPR, and participate in security audits and assessments as required.
• Contribute to the development and delivery of security awareness and training programs for the wider organisation, providing guidance on security standards and emerging security trends.
• Conduct regular horizon scanning of the cybersecurity landscape, staying informed about emerging threats, trends, and industry best practices.

• Bachelor's degree in Computer Science, Information Security, or a related field
• 6+ years of relevant experience
• Experience in cybersecurity engineering and assurance, with a proven track record of implementing and managing security solutions with strategic impact.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, CIS, and compliance requirements like GDPR is essential.
• Deep understanding of security technologies, tools, and techniques. This includes expertise in security testing methodologies, monitoring, threat modelling, encryption, anti-virus, and more.
• Ability to assess and prioritise security risks and develop strategies to mitigate them effectively.
• Knowledge of secure coding practices and application security to help prevent vulnerabilities in software and web applications.
• Expertise in securing networks, including firewall configuration, VPNs, and intrusion detection and prevention systems.
• Competency in identifying and addressing vulnerabilities through testing (Vulnerability Assessment and Penetration Testing) and assessment of systems and applications.
• Knowledge of securing cloud environments, concepts and technologies (AWS, Azure, or similar).
• Demonstrated experience in ensuring that an organisation adheres to relevant compliance requirements and passing security audits.
• Proficiency in using security tools such as SIEM (Security Information and Event Management) systems, threat intelligence platforms, and endpoint security solutions.
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Experience working with external partners and vendors to build security capabilities.
• Excellent communication skills and interpersonal skills, with a strong ability to effectively communicateboth internally andexternally at levelsup to Director and C Suite.
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence cross-functional teams on security best practices.
• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions.
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships including supplier relationships.
• Ability to demonstrate conflict resolution skills – driving resolution of any delivery conflict.