IT Security Engineer

Social network you want to login/join with:

Glasgow – Hybrid working 3 days per week in the office

Fantastic new permanent opportunity for an experienced IT Security Engineer with a broad background within IT Infrastructure, Security Engineering and Operations for this specialist technology business based in Glasgow.

As a specialist IT Security Engineer, you will work as part of their DevSecOps team based in Glasgow. The role will involve working closely with the wider technology teams to enhance their cyber maturity. Furthermore, it provides the opportunity to contribute towards the implementation and management of various security technologies.

Main responsibilities:

• Analysing security events and incidents relating to internal and customer assets.
• Designing and developing SIEM security use cases.
• Designing and implementing security controls and secure configurations.
• Maintaining proactive vulnerability scanning ensuring that all known vulnerabilities are addressed in line with policy.
• Collaborating with development teams to implement secure development practices.
• Configuring and maintaining security tooling across the infrastructure.
• Collaborating on maturing security incident management processes and playbooks.
• Collaborating with third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems.
• Identifying, assessing, managing, remediating, and tracking information security risks through our risk management framework and ensuring key risks are reported to the CISO.
• Performing regular internal security audits aligned to ISO/IEC 27001 and SOC2 controls.
• Developing our security awareness training programme aligned with internal security policies.
• Comfortable engaging with customers and internal stakeholders to discuss security related matters.

Skills Required:

• Proven hands-on experience as a Security Engineer or similar working with tools such as SIEM, vulnerability management, endpoint detection & response (EDR), applications security, identity, and access management, etc.
• Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the security strategy.
• A security engineer with experience of learning, adapting and utilising different security technologies, including but not limited to private and cloud infrastructure.
• Technical knowledge and experience with SIEM, SOAR, IDPS, DDoS, Malware Protection, Vulnerability Management, and Application Security tooling, etc.
• Knowledge of Information Security frameworks (CIS, NIST, NCSC CAF), supporting processes and toolsets.
• Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and / or complex security incidents.
• Knowledge and experience of threat hunting and problem-solving through reviewing logs and identifying anomalous activities.