Information & Cyber Security Engineer

We are looking for a passionate, highly motivated, technical, and detail-oriented individual from an Information Security background (or equivalent) to join our Information Security team. As an Information Security Engineer, you will play a vital role in ensuring the Confidentiality, Integrity, and Availability of the Organisation's data and systems. You will work closely with the current Information Security team, the IT Department, and stakeholders across the Organisation, to detect and mitigate potential threats, assess vulnerabilities, and implement appropriate controls and countermeasures.
In addition to ensuring business-as-usual operational tasks are completed in collaboration with the wider team, this role will also focus on delivering new security improvements as project work. This is an excellent opportunity to take the next step in Information Security and contribute to the protection of the Organisation.

Responsibilities

Working with the wider Information Security team:

+ Stay up to date with latest technologies, best practice, trends, and existing and emergent threats.
+ Security Design and Architecture
o Design, implement, and maintain security solutions, including Vulnerability Management, Identity and Access Management, Endpoint Defence and Response, and a variety of other solutions necessary to protect the Organisation
o Monitor and adjust signals, both independently and based on feedback from the Analyst/operations team(s), to refine security alerts
+ Incident Response
o Respond to Security Alerts/Events/Incidents/Breaches
+ Compliance and Auditing
o Conduct Security Assessments, including:
# Vulnerabilities
# Internal/External applications
# Third parties
o Conduct annual and major change audits of all systems in use across the business
+ Security Policy and Procedures: Create, maintain, and update all security policy, process, and documentation.
+ Collaborate with other teams in IT and the wider business to advise on security requirements/controls at all stages of the process (design, development, testing, and deployment)
+ Conduct Security Simulations (org wide and targeted) to assist the wider employee security awareness program.
+ Provide training and upskill staff (technical and non-technical) on new processes, emergent threats, and wider awareness on security topics.
+ Escalation point for IS Analyst and Operational teams

+ 2+ years minimum in an IS Analyst role / 5 years minimum in an IT operational role (or similar)
+ Cyber security certifications with related experience (SSCP, CEH, Sec+ or similar)
+ Intermediate knowledge of cyber security concepts
+ Previous experience with security tools (SIEM, Endpoint Security Tools, Security Email Gateway, Vulnerability scanners etc)
+ Experience delivering projects for both new systems and reviews/overhauls of existing platforms
+ Familiarity with common security frameworks, such as NIST CSF, CIS Controls, or similar
+ Understanding/experience of penetration test methodologies and tools
+ Excellent problem solving and analytic skills.
+ Strong written and verbal communications skills for both technical and non-technical audiences
+ Ability to work both independently and collaboratively with a variety of staff, both technical and non-technical
+ Ability to shift priorities on the go, based on both Security alerts and changing business priorities.

Desired:

+ Experience within the Retail sector, with exposure to PCI DSS and EPOS systems
+ DevOps knowledge/experience

Note: This description is indicative but not exhaustive, and additional tasks and responsibilities may be required. The organisation reserves the right to add, modify, or remove duties as necessary.

+ Competitive salary and benefits package
+ Holiday allowance
+ 50% staff discount & 25% for family and friends
+ Pension scheme