Security Engineer

Location: Basingstoke

Department: Group IT

Reporting to: Chief Security and Information Officer

Job Objective

• Acknowledge, analyse and validate incidents triggered from correlated via analysis and various tools
• Acknowledge, analyse and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
• Collection of necessary logs that could help in the incident containment and security investigation
• Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers
• Escalate validated and confirmed incidents to CISO
• Undertake first stages of false positive and false negative analysis
• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, appliances, AV and antimalware software, email security etc.
• Open incidents. Analyst should properly include for each incident on all details related to the logs, alarms and other indicators identified, with the intervention protocol.
• Track and update incidents
• Research and analyse security incidents and provide insight into how to detect and resolve them
• Report infrastructure issues to the infrastructure team.
• Help develop platforms and tools to automate and improve security posture across the group
• Help improve and develop documentation.

Skills and Competencies Required

• Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, EDR/XDR, mail filtering and other security products
• Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM preferred
• Should have expertise on TCP/IP network traffic and event log analysis
• Network Troubleshooting skills required.
• Knowledge and hands-on experience in penetration testing/vulnerability scanning, security tools like tenable Nessus, kali Linux
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management
• Experience of infrastructure design and management in mission critical environments preferred.
• Understanding of Virtual Infrastructure and windows environments preferred
• Effective communication, organizational, problem-solving and presentation skills
• Self-motivated and, in time while supported, able to work with minimal supervision.
• Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership.
• Knowledge of ISO27001, CE, CE+

Key Tasks

• Security assessments:Create and perform security assessments and threat models
• Security standards:Develop, implement & maintain security standards and plans
• Vulnerability Management:Research weaknesses and find ways to counter them
• Security incident response:Respond to attack vectors and security incidents, and coordinate incident response across teams
• Security software testing:Test company software, firmware, and firewalls
• Security software design:Design software security systems like intrusion detection systems and firewalls
• Security system maintenance:Maintain and proof network security systems
• Security system analysis:Analyse security systems and seek improvements on a continuous basis