- You are proactive with incorporating security into all aspects of our deliveries.
- You take ownership of security and ensure it is considered from the outset and throughout the change cycle.
- You are focused on collaboration, thinking creatively and working with other teams.
- You are data-driven and bring evidence-based decision-making to explain the 'why'.
- You are intellectually curious and love learning new skills and capabilities.
- You understand safe coding and have the ability to teach these practices to colleagues.
- You have broad knowledge of technical security operations and best practices to support others and provide ways to help them achieve their goals.
- You have a strong ability to respond and adapt in a fast-changing environment, take initiative, work well under pressure, and be confident in engaging with stakeholders at all levels of the organisation.
- You can use, manage, and maintain various cybersecurity tools, including Microsoft security products and investigation security tools.
- You have strong verbal communication, with the ability to explain security requirements and essential security concepts clearly.
- You have experience analysing cloud and on-premises infrastructure events, incidents, and threats.
- You are enthusiastic about security and always keen to promote and improve security awareness.
- You grow your own skills and knowledge and identify opportunities to learn and apply the necessary skills to meet our business needs and your goals to develop your security expertise.
- You know, common cyber security threats and application of countermeasures.
- You know of Tactics, Techniques and Procedures (TTP), e.g., MITRE Framework.
- Background in security engineering, operations, architecture, or related field.
- Experience operating cloud platforms like Azure.
- Experience working with containers, cloud infrastructure, cloud security and APIs.
- Knowledge of security benchmarks such as STIG or CIS benchmarks
- Strong understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection and Prevention, vulnerability scanning, etc.
- M365 Threat Protection technologies including Microsoft Defender.
- Azure Security technologies including but not limited to Microsoft Defender for Cloud, Key Vault, Azure DDoS Protection.
- Microsoft 365 compliance technologies including Advanced eDiscovery, Data Retention, and Insider Risk Management.
- Understanding of Identity and Access Management technologies and protocols, particularly Azure AD, Conditional Access, Identity Governance, SAML, OAUTH 2.0, MFA, and Role Based Access Control (RBAC).
- Understanding of cyber security concepts and systems/solutions such as MDM, IDM, EDR, DLP, SIEM.
- Strong understanding of operating systems including Windows 10/11, Windows Server, and Linux, along with associated security tooling and methods to further secure each operating system.
- Good IaaS and PaaS security skills and experience to secure virtual workloads (virtual machines, networks, WAF, DDoS, containers, key vaults, etc) in cloud environments including Microsoft Azure and AWS.
- Pensions knowledge
- DevSecOps experience to facilitate the automation of security operations activities, including the ability to work within an agile security team and be able to use tools such as Git, and integrate operations with CI/CD pipelines.
- Experience of interacting with APIs as part of security operations automation.
Group Security Engineer - Bristol, United Kingdom - Procentia
Description
Job Description
Group Security Engineer – Pension Software – Bristol
Location: Emersons Green (Hybrid working)
Salary: £70,000 - £75,000 + bonus + benefits
Start date: from 1st July
No agencies
The Company
You're crucial to unlocking the potential of our market leading software (as voted for by our Clients – UK's no.1 pensions admin software 2022 and Yes, we're ahead of the game with what our software does, yes, we pride ourselves on reacting quickly to our changing environment, but without you, our long list of blue chip and household name clients don't get any of that good stuff.
Our flagship product is IntelliPen, a state-of-the-art, Internet
browser-based pensions and benefits administration system, encompassing
workflow, document management, payroll, accounting, reporting and all of the
functionality a modern pensions department will demand.
The Job
As a Group Security Engineer, you will report to the Head of Security, Risk and Compliance and support and collaborate with all colleagues in the business, including Head of IT and Infrastructure, Head of Development and Head of Architecture to deliver secure products and systems our clients can rely on.
You will be stepping into our first dedicated Security Engineering role, pivotal in maintaining and improving the security of our product, client environments, people and organisation.
Working at Procentia is an opportunity to have a long-standing impact by improving our security strategy, leading to impactful change for our business and clients.
From day one, you'll shape opportunities to empower our team by implementing, maintaining and improving the security of our tools and working practices to ensure we remain compliant with security frameworks while safeguarding the confidentiality of our client's data. Success hinges on collaboration as you build solid and trusted relationships across teams.
What you'll bring to the team:
Skills and experience required:
Desirable skills:
If you think you have most of what we are looking for, then go ahead and apply. We'd love to hear from you
Procentia is committed to fair and accessible employment practices. If selected for an interview, we will be happy to work with you to ensure your interview is accessible and accommodation is provided. When your interview is being scheduled, please advise us of how we might be able to support your participation.