Senior Cloud Security Operations Engineer Salary - (Apply online only)k + 30-50% Bonus + Benefits Location - London (required in office 3 days per week) I'm currently working with one of the most innovative, tech-driven Investment Management firms who are looking to bring in a Security Operations Engineer. Having recently gone through a major divestiture, they've gained full autonomy of their entire enterprise estate and effectively have a blank canvas to build out a best-in-class security infrastructure capability, whilst remaining the number 1 player within their market. Working alongside the Head of SecOps, who has an incredible track record in building genuinely next generation technical Cyber Defence functions for some of the most reputable and technologically advanced firms worldwide, you will be responsible for building out their internal monitoring and detection function. You'll work closely with an MDR partner who will look after the initial monitoring and triage, innovating and automating wherever possible to maximise the capability and partnership. The ability to read and write code will be essential as you'll be working closely with the wider platform / software dev teams; as well as a proven track record of working with and influencing senior stakeholders across the business, translating technical concepts into relevant risks. This is genuinely an incredible opportunity to join the most established organization within this industry and have a blank canvas to build out their SecOps capability from the ground up; with freedom to build and innovate as you see fit and genuinely impact a truly elite Investment Management firms enterprise estate. Responsibilities Own and consistently develop the monitoring detection and response tooling, automating and fine-tuning wherever possible. Utilize and ingest relevant threat intel feeds mapped out against their estate and MITRE ATT&CK framework Perform hands-on security threat modelling, risk assessment and vulnerability remediation Work closely with Development teams to ensure secure software development lifecycle Report to and influence senior stakeholders across the organization, translating technical concepts into relevant associated risks Requirements Experience building security monitoring and detection tooling using open source tooling Depth of knowledge working within hybrid cloud environments - AWS / Azure in particular Strong proficiency in coding/scripting/development languages (this will be tested) Prior experience working with/within MSSPs and an understanding of how to maximise their functionality (not essential, just a bonus) Ability to work with and influence wider teams and stakeholders across the business If you're an experienced Cyber Security Engineer and looking to join an organisation which will provide you the platform and freedom to build and develop freedom to build a technical SecOps capability from the ground up, whilst working alongside and learning from one of the most respected leadership teams within this space, then click apply or get in touch directly with your up to date CV - (url removed) Lawrence Harvey is acting as an Employment Business in regards to this position. Visit our website and follow us on Twitter for all live vacancies (lawharveyjobs)
Nov 17, 2024
Full time
Senior Cloud Security Operations Engineer Salary - (Apply online only)k + 30-50% Bonus + Benefits Location - London (required in office 3 days per week) I'm currently working with one of the most innovative, tech-driven Investment Management firms who are looking to bring in a Security Operations Engineer. Having recently gone through a major divestiture, they've gained full autonomy of their entire enterprise estate and effectively have a blank canvas to build out a best-in-class security infrastructure capability, whilst remaining the number 1 player within their market. Working alongside the Head of SecOps, who has an incredible track record in building genuinely next generation technical Cyber Defence functions for some of the most reputable and technologically advanced firms worldwide, you will be responsible for building out their internal monitoring and detection function. You'll work closely with an MDR partner who will look after the initial monitoring and triage, innovating and automating wherever possible to maximise the capability and partnership. The ability to read and write code will be essential as you'll be working closely with the wider platform / software dev teams; as well as a proven track record of working with and influencing senior stakeholders across the business, translating technical concepts into relevant risks. This is genuinely an incredible opportunity to join the most established organization within this industry and have a blank canvas to build out their SecOps capability from the ground up; with freedom to build and innovate as you see fit and genuinely impact a truly elite Investment Management firms enterprise estate. Responsibilities Own and consistently develop the monitoring detection and response tooling, automating and fine-tuning wherever possible. Utilize and ingest relevant threat intel feeds mapped out against their estate and MITRE ATT&CK framework Perform hands-on security threat modelling, risk assessment and vulnerability remediation Work closely with Development teams to ensure secure software development lifecycle Report to and influence senior stakeholders across the organization, translating technical concepts into relevant associated risks Requirements Experience building security monitoring and detection tooling using open source tooling Depth of knowledge working within hybrid cloud environments - AWS / Azure in particular Strong proficiency in coding/scripting/development languages (this will be tested) Prior experience working with/within MSSPs and an understanding of how to maximise their functionality (not essential, just a bonus) Ability to work with and influence wider teams and stakeholders across the business If you're an experienced Cyber Security Engineer and looking to join an organisation which will provide you the platform and freedom to build and develop freedom to build a technical SecOps capability from the ground up, whilst working alongside and learning from one of the most respected leadership teams within this space, then click apply or get in touch directly with your up to date CV - (url removed) Lawrence Harvey is acting as an Employment Business in regards to this position. Visit our website and follow us on Twitter for all live vacancies (lawharveyjobs)
Engineering, London, Full Time, £100,000 - £120,000 / year Job Description In May 2023 Reward Gateway was acquired by Edenred. Edenred is a leading digital platform for services and payments for people at work, connecting 52 million users and 2 million partner merchants in 45 countries via close to 1 million corporate clients. With our shared missions of ' Making the World a Better Place to Work ' and ' Enriching connections, For good ', you'll contribute to improving employee engagement and building better, stronger, and more resilient organisations to improve people's daily lives. Our shared mission guides our actions and charts a sustainable path to a better future. Due to expansion, an opportunity has become available for a Head of Site Reliability Engineering to join our team to help us transform our existing operational workloads to an SRE approach. Key Responsibilities Establishing and managing our new SRE function Operating and modernising our existing cloud infrastructure Partnering with our DevOps team to ensure fast & supportable platform updates Maintaining the highest standards for our customer-facing systems Balancing the desire for innovation with stability and delivery for our customers Ensuring our availability and performance are maintained at the highest levels Acting as a key Incident Commander and escalation point Liaising closely with our SecOps teams to ensure timely vulnerability management Educating teams in SRE practices and maintaining high standards of compliance Implementing world-class observability standards utilising SLI/SLO/Error Budgets Continually evolving our observability platforms for greater coverage Liaising with Product & Engineering teams for constant evolution of metrics Aligning SRE Sprints & Backlog with our roadmaps to meet business expectations Guiding our teams in a more Agile approach to demand management Actively taking part in our daily stand-ups and keeping our Sprints on track Keeping up-to-date documentation in our JIRA & Confluence tools Owning and maintaining our SRE Incident Management processes Ensuring a focus on cost efficiency for our platforms & services Removing obstacles and fostering team collaboration Communicating with our stakeholders Skills Demonstrated leadership and management experience as a Senior Manager or Head of SRE within a global organisation Experience with AWS preferred (or another cloud provider) Enterprise infrastructure experience in high-availability environments Automation skills through Terraform, Python, Bash or similar Fast-releasing environments with automated pipelines and QA Wide-reaching SRE skills and a deep understanding of SRE practices SRE leadership skills with an ability to drive SRE adoption A strong understanding of SQL, PHP, Kubernetes, CI/CD Observability product experience (eg: New Relic, Datadog) Strong facilitation and servant leadership skills Ability to work both independently and as part of a team Ability to work under pressure and be highly reliable Leadership, time management, and organisational skills Adaptability and flexibility to change in a fast-moving environment An ability to learn new tools and processes quickly and impart that knowledge The Interview Process Screening video interview with the Senior Talent Partner Interview with the Director of Infrastructure and Head of Development Final interview with the Director of Engineering & CTO Be comfortable. Be you. At Reward Gateway, we want our employees to feel comfortable bringing their passion, creativity, and individuality to work. We value all cultures, backgrounds, and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work. We hire BETTER. From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways' approach to benefits, equality, talent, technology, and empathy, and what you'll get in return for joining our Mission at rg.co/lifeatrg.
Nov 11, 2024
Full time
Engineering, London, Full Time, £100,000 - £120,000 / year Job Description In May 2023 Reward Gateway was acquired by Edenred. Edenred is a leading digital platform for services and payments for people at work, connecting 52 million users and 2 million partner merchants in 45 countries via close to 1 million corporate clients. With our shared missions of ' Making the World a Better Place to Work ' and ' Enriching connections, For good ', you'll contribute to improving employee engagement and building better, stronger, and more resilient organisations to improve people's daily lives. Our shared mission guides our actions and charts a sustainable path to a better future. Due to expansion, an opportunity has become available for a Head of Site Reliability Engineering to join our team to help us transform our existing operational workloads to an SRE approach. Key Responsibilities Establishing and managing our new SRE function Operating and modernising our existing cloud infrastructure Partnering with our DevOps team to ensure fast & supportable platform updates Maintaining the highest standards for our customer-facing systems Balancing the desire for innovation with stability and delivery for our customers Ensuring our availability and performance are maintained at the highest levels Acting as a key Incident Commander and escalation point Liaising closely with our SecOps teams to ensure timely vulnerability management Educating teams in SRE practices and maintaining high standards of compliance Implementing world-class observability standards utilising SLI/SLO/Error Budgets Continually evolving our observability platforms for greater coverage Liaising with Product & Engineering teams for constant evolution of metrics Aligning SRE Sprints & Backlog with our roadmaps to meet business expectations Guiding our teams in a more Agile approach to demand management Actively taking part in our daily stand-ups and keeping our Sprints on track Keeping up-to-date documentation in our JIRA & Confluence tools Owning and maintaining our SRE Incident Management processes Ensuring a focus on cost efficiency for our platforms & services Removing obstacles and fostering team collaboration Communicating with our stakeholders Skills Demonstrated leadership and management experience as a Senior Manager or Head of SRE within a global organisation Experience with AWS preferred (or another cloud provider) Enterprise infrastructure experience in high-availability environments Automation skills through Terraform, Python, Bash or similar Fast-releasing environments with automated pipelines and QA Wide-reaching SRE skills and a deep understanding of SRE practices SRE leadership skills with an ability to drive SRE adoption A strong understanding of SQL, PHP, Kubernetes, CI/CD Observability product experience (eg: New Relic, Datadog) Strong facilitation and servant leadership skills Ability to work both independently and as part of a team Ability to work under pressure and be highly reliable Leadership, time management, and organisational skills Adaptability and flexibility to change in a fast-moving environment An ability to learn new tools and processes quickly and impart that knowledge The Interview Process Screening video interview with the Senior Talent Partner Interview with the Director of Infrastructure and Head of Development Final interview with the Director of Engineering & CTO Be comfortable. Be you. At Reward Gateway, we want our employees to feel comfortable bringing their passion, creativity, and individuality to work. We value all cultures, backgrounds, and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work. We hire BETTER. From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways' approach to benefits, equality, talent, technology, and empathy, and what you'll get in return for joining our Mission at rg.co/lifeatrg.
Senior Cloud Security Engineer 90,000 per annum + benefits Hybrid working The Role You will be responsible for designing and delivering security solutions in various environments based on security standards, governance, and control practices. You will conduct technical research when necessary to contribute to setting security direction and strategy. You will assist others on your own team, or other teams where applicable, on security projects or security-relevant tasks on technical projects. We're building a world class security function in a cloud native environment and are looking for ambitious security engineers to come on the journey with us. WHO WE ARE LOOKING FOR You are a cybersecurity and technical expert in cloud technology. You enjoy identifying possible security weaknesses and working to research, develop, and implement technical solutions to address those weaknesses. In your role as Senior Cloud Security Engineer, you will design and deliver cybersecurity solutions in Cloud infrastructure based including security standards, governance and control practices. You conduct technical research when necessary and contribute to setting cloud security direction and strategy. You will assist others on cloud security projects or security-relevant tasks on technical projects. Key responsibilities will include: Design, develop, and implement new cloud security technologies to support business and technology solutions Act as a subject matter expert (SME) for security tools, applications, and processes Manage and maintain the cybersecurity posture of company system Advise organization leaders on cybersecurity-related topics Provide guidance to other teams for cybersecurity-related efforts Mentor other members of the team Act as an escalation point for security incidents WHAT YOU BRING Expert understanding of security concepts and how to implement those concepts with tangible solutions. Strong verbal and written communications skills. Risk-based approach to prioritizing and implementing solutions. Knowledge of compliance policies relating to cybersecurity and the financial sector. Broad knowledge of various cybersecurity tools such as SIEM solutions, alerting systems, vulnerability scanning solutions, and patch management solutions. Experience with cloud platforms such as AWS and Azure. Experience with Scripting languages (eg Unix Shell, Python), build deployment tools (eg Jenkins, Terraform) and solving problems with code rather than clicks. A strong fit to our values
Feb 01, 2024
Full time
Senior Cloud Security Engineer 90,000 per annum + benefits Hybrid working The Role You will be responsible for designing and delivering security solutions in various environments based on security standards, governance, and control practices. You will conduct technical research when necessary to contribute to setting security direction and strategy. You will assist others on your own team, or other teams where applicable, on security projects or security-relevant tasks on technical projects. We're building a world class security function in a cloud native environment and are looking for ambitious security engineers to come on the journey with us. WHO WE ARE LOOKING FOR You are a cybersecurity and technical expert in cloud technology. You enjoy identifying possible security weaknesses and working to research, develop, and implement technical solutions to address those weaknesses. In your role as Senior Cloud Security Engineer, you will design and deliver cybersecurity solutions in Cloud infrastructure based including security standards, governance and control practices. You conduct technical research when necessary and contribute to setting cloud security direction and strategy. You will assist others on cloud security projects or security-relevant tasks on technical projects. Key responsibilities will include: Design, develop, and implement new cloud security technologies to support business and technology solutions Act as a subject matter expert (SME) for security tools, applications, and processes Manage and maintain the cybersecurity posture of company system Advise organization leaders on cybersecurity-related topics Provide guidance to other teams for cybersecurity-related efforts Mentor other members of the team Act as an escalation point for security incidents WHAT YOU BRING Expert understanding of security concepts and how to implement those concepts with tangible solutions. Strong verbal and written communications skills. Risk-based approach to prioritizing and implementing solutions. Knowledge of compliance policies relating to cybersecurity and the financial sector. Broad knowledge of various cybersecurity tools such as SIEM solutions, alerting systems, vulnerability scanning solutions, and patch management solutions. Experience with cloud platforms such as AWS and Azure. Experience with Scripting languages (eg Unix Shell, Python), build deployment tools (eg Jenkins, Terraform) and solving problems with code rather than clicks. A strong fit to our values
The worldwide data management software market is massive (According to IDC, the data management software market is forecast to be $94 billion in 2023 growing to approximately $153 billion in 2027, representing a 13% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team:MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB's Information Security Program, specifically focusing on the development of Application Security systems.The MongoDB Security Team is responsible for the Information Security Program for MongoDB Incl. helping to reduce risk in our systems, and company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.Role Description:MongoDB is looking for an experienced professional to join our security team. The ideal candidate will have at least 2 years+ of experience in Information/Cyber Security AND ability to develop software in order to create innovative applications to address security gaps.The primary focus of this role centers on internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.The secondary focus will be helping our applications to be more secure - e.g. by helping application owners to understand full application release lifecycles, penetration testing, assistance with code reviews and more.This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.Candidate Profile:Candidates for this role should have experience in software development and possess a deep understanding of programming languages and software development best practices. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.The ideal candidate for this role will have:2+ years of software development experience with at least one programming language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++Minimum 2 years of hands-on experience in cyber securityDemonstrated success in completing development projects in previous rolesAbility to develop applications from scratch using ReactJS/JS/Python.Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptographyCertifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS coursesDemonstrated success completing complex projects in previous rolesBe familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)Strong experience with application architecture reviewsExperience with vulnerability management tools and processesDemonstrated ability to create scripts and automated processesHave a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper managementExcellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadershipHave at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and releaseUnderstanding of networking protocolsPosition Expectations:Develop and maintain custom InfoSec tools and systems, including but not limited to tools focused on automation and automation of asset inventory.Continuously assess and improve existing internal tools for performance, scalability, and security, with a special emphasis on enhancing automation capabilities and maintaining an accurate asset inventory.Cross-collaborate with other team members to understand security needs and translate them into functional software solutions.Rapidly understand and assess new technologiesParticipate in code reviews, contribute to best practices, and maintain documentation related to the development and deployment of InfoSec tools.Ability to work with geographically distributed teams and multitasking are essentialCommunicate security threats, assessments and risks as well as make recommendationsEducate Engineers and Product teams on the important of Application Security and Vulnerability ManagementAbility to quickly learn new systems and architecturesWillingness to learn new technologies and adapt to a modern, fast-paced organisationWork Cross functionally with multiple teams on establishing new processes and improving existingAbility to create documentation when needed as well as defend and execute on findingsSuccess Measures:The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:People: Collaborate to secure our products with fellow engineers in various departmentsOrganization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritizationCommunication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.Creative: Find creative yet simple solutions to complex problems with technical requirements.This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we're looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office or remote.This position will report directly to the Manager of Application Security (EMEA based).MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.
Feb 01, 2024
Full time
The worldwide data management software market is massive (According to IDC, the data management software market is forecast to be $94 billion in 2023 growing to approximately $153 billion in 2027, representing a 13% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team:MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB's Information Security Program, specifically focusing on the development of Application Security systems.The MongoDB Security Team is responsible for the Information Security Program for MongoDB Incl. helping to reduce risk in our systems, and company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.Role Description:MongoDB is looking for an experienced professional to join our security team. The ideal candidate will have at least 2 years+ of experience in Information/Cyber Security AND ability to develop software in order to create innovative applications to address security gaps.The primary focus of this role centers on internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.The secondary focus will be helping our applications to be more secure - e.g. by helping application owners to understand full application release lifecycles, penetration testing, assistance with code reviews and more.This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.Candidate Profile:Candidates for this role should have experience in software development and possess a deep understanding of programming languages and software development best practices. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.The ideal candidate for this role will have:2+ years of software development experience with at least one programming language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++Minimum 2 years of hands-on experience in cyber securityDemonstrated success in completing development projects in previous rolesAbility to develop applications from scratch using ReactJS/JS/Python.Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptographyCertifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS coursesDemonstrated success completing complex projects in previous rolesBe familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)Strong experience with application architecture reviewsExperience with vulnerability management tools and processesDemonstrated ability to create scripts and automated processesHave a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper managementExcellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadershipHave at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and releaseUnderstanding of networking protocolsPosition Expectations:Develop and maintain custom InfoSec tools and systems, including but not limited to tools focused on automation and automation of asset inventory.Continuously assess and improve existing internal tools for performance, scalability, and security, with a special emphasis on enhancing automation capabilities and maintaining an accurate asset inventory.Cross-collaborate with other team members to understand security needs and translate them into functional software solutions.Rapidly understand and assess new technologiesParticipate in code reviews, contribute to best practices, and maintain documentation related to the development and deployment of InfoSec tools.Ability to work with geographically distributed teams and multitasking are essentialCommunicate security threats, assessments and risks as well as make recommendationsEducate Engineers and Product teams on the important of Application Security and Vulnerability ManagementAbility to quickly learn new systems and architecturesWillingness to learn new technologies and adapt to a modern, fast-paced organisationWork Cross functionally with multiple teams on establishing new processes and improving existingAbility to create documentation when needed as well as defend and execute on findingsSuccess Measures:The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:People: Collaborate to secure our products with fellow engineers in various departmentsOrganization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritizationCommunication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.Creative: Find creative yet simple solutions to complex problems with technical requirements.This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we're looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office or remote.This position will report directly to the Manager of Application Security (EMEA based).MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
Feb 01, 2024
Full time
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
Overview: The Senior Infrastructure Analyst will manage and participate in the delivery and support of IT infrastructure and IT infrastructure security for new and existing systems and solutions. You will support team members in the provision of 2nd and 3rd line technical IM&T support (Desktop, Software, Infrastructure and Telephony maintaining and delivering a high degree of customer service for all RSSB IM&T support queries. Responsibilities: Proactively respond to security vulnerabilities identified by monitoring tools, performing remediation tasks Responsible for monitoring and reporting for on-premise and cloud infrastructure systems, for the early identification of issues Ensure RSSB infrastructure is secure and adheres to Cyber Security standards Act as escalation point for technical issues Responsible for the administration and operation of the RSSB cloud and onsite physical infrastructure environments Management and oversight of the network infrastructure, including network switches, routers, firewalls and virtualised environment. Manage internal and external stakeholders and supplier relationships Analyse and make recommendations to improve infrastructure, network, and reliability of systems, threats and vulnerabilities to improve security posture of IT systems Apply IT best practice to achieve effective management of change (Requests for Change) whilst mitigating risk of system failures / outages Responsible for system and data backups, restores and DR tests, taking ownership of data integrity enabling DR processes and business continuity Maintain governance over endpoint device management solutions (e.g. Intune) where they have an impact on security of the IT environment Work with the wider IM&T Team, business, internal and external business partners to ensure that security is factored into the evaluation, selection, installation, delivery and configuration process of solutions and systems Plan, manage and communicate infrastructure change with IT Operation Team Leads, Information Security manager and wider IM&T / business departments Mentor and coach colleagues and provide peer to peer advice, as required Qualifications: Computer science, Microsoft, CompTIA or related field qualifications / certifications or relevant demonstrable experience Proactive with a willingness to take ownership and responsibility for work tasks and issues, delivering a high standard of work Proficient in Windows Server v2008/2012/2019+ management to include Active Directory (AD) and Group Policy (GPO) and SQL Server Deploy patches and software applications using InTune / WSUS Knowledge of administering and supporting Azure AD, Azure IaaS/PaaS Management of backup/recovery solutions (g. Veeam, Arcserve) Experience with operating system hardening, vulnerability assessments, security audits, penetration testing, intrusion prevention systems and other security control systems for example PAM, SIEM, IDR etc. Practical experience with endpoint security, content filtering, vulnerability scanning and anti-malware Knowledge of at least one scripting language (e.g., PowerShell) MS InTune device management (mobile and Windows 10 OS) Effective communication, stakeholder' and supplier management skills Ability to work in Teams and individually using own initiative and capable of self-managing workload. Demonstrable knowledge of common vulnerabilities and exploitation techniques would be beneficial Familiarity with Cyber Essentials/Plus or ISO 27001 and ITIL best practice - Incident, Problem and Change management would be beneficial We value diversity and equal opportunities in employment and are committed to creating a workplace which is inclusive to everyone. As a member of the Disability Confident Scheme, we encourage candidates with disabilities who meet the minimum criteria, to apply for our jobs. If you have applied under the Disability Confident Scheme, please let us know in advance by emailing If you require any reasonable adjustments with respect to our selection process including information in an alternative format, please contact us at We understand the importance of work-life balance and we offer our staff the flexibility to work within our core hours and the option to vary their location between both the office and home. If you are looking for further flexibility, speak to us at interview stage so that we can consider your request. We value our staff and we offer a competitive benefits package to ensure our staff can achieve their best throughout their journey with us. This includes 30 days annual leave (plus bank holidays); a holiday buy and sell scheme; private medical and dental cover; a season ticket loan and travel subsidy; access to a cycle to work scheme; volunteer leave; a performance related bonus and pension.
Dec 18, 2022
Full time
Overview: The Senior Infrastructure Analyst will manage and participate in the delivery and support of IT infrastructure and IT infrastructure security for new and existing systems and solutions. You will support team members in the provision of 2nd and 3rd line technical IM&T support (Desktop, Software, Infrastructure and Telephony maintaining and delivering a high degree of customer service for all RSSB IM&T support queries. Responsibilities: Proactively respond to security vulnerabilities identified by monitoring tools, performing remediation tasks Responsible for monitoring and reporting for on-premise and cloud infrastructure systems, for the early identification of issues Ensure RSSB infrastructure is secure and adheres to Cyber Security standards Act as escalation point for technical issues Responsible for the administration and operation of the RSSB cloud and onsite physical infrastructure environments Management and oversight of the network infrastructure, including network switches, routers, firewalls and virtualised environment. Manage internal and external stakeholders and supplier relationships Analyse and make recommendations to improve infrastructure, network, and reliability of systems, threats and vulnerabilities to improve security posture of IT systems Apply IT best practice to achieve effective management of change (Requests for Change) whilst mitigating risk of system failures / outages Responsible for system and data backups, restores and DR tests, taking ownership of data integrity enabling DR processes and business continuity Maintain governance over endpoint device management solutions (e.g. Intune) where they have an impact on security of the IT environment Work with the wider IM&T Team, business, internal and external business partners to ensure that security is factored into the evaluation, selection, installation, delivery and configuration process of solutions and systems Plan, manage and communicate infrastructure change with IT Operation Team Leads, Information Security manager and wider IM&T / business departments Mentor and coach colleagues and provide peer to peer advice, as required Qualifications: Computer science, Microsoft, CompTIA or related field qualifications / certifications or relevant demonstrable experience Proactive with a willingness to take ownership and responsibility for work tasks and issues, delivering a high standard of work Proficient in Windows Server v2008/2012/2019+ management to include Active Directory (AD) and Group Policy (GPO) and SQL Server Deploy patches and software applications using InTune / WSUS Knowledge of administering and supporting Azure AD, Azure IaaS/PaaS Management of backup/recovery solutions (g. Veeam, Arcserve) Experience with operating system hardening, vulnerability assessments, security audits, penetration testing, intrusion prevention systems and other security control systems for example PAM, SIEM, IDR etc. Practical experience with endpoint security, content filtering, vulnerability scanning and anti-malware Knowledge of at least one scripting language (e.g., PowerShell) MS InTune device management (mobile and Windows 10 OS) Effective communication, stakeholder' and supplier management skills Ability to work in Teams and individually using own initiative and capable of self-managing workload. Demonstrable knowledge of common vulnerabilities and exploitation techniques would be beneficial Familiarity with Cyber Essentials/Plus or ISO 27001 and ITIL best practice - Incident, Problem and Change management would be beneficial We value diversity and equal opportunities in employment and are committed to creating a workplace which is inclusive to everyone. As a member of the Disability Confident Scheme, we encourage candidates with disabilities who meet the minimum criteria, to apply for our jobs. If you have applied under the Disability Confident Scheme, please let us know in advance by emailing If you require any reasonable adjustments with respect to our selection process including information in an alternative format, please contact us at We understand the importance of work-life balance and we offer our staff the flexibility to work within our core hours and the option to vary their location between both the office and home. If you are looking for further flexibility, speak to us at interview stage so that we can consider your request. We value our staff and we offer a competitive benefits package to ensure our staff can achieve their best throughout their journey with us. This includes 30 days annual leave (plus bank holidays); a holiday buy and sell scheme; private medical and dental cover; a season ticket loan and travel subsidy; access to a cycle to work scheme; volunteer leave; a performance related bonus and pension.
Here at SmallWorld Financial Services, we know how important it is to be able to support friends and family from abroad. Put simply, we believe that the more people we can help transfer money to overseas family, friends and businesses, the smaller the world becomes. Our employees are as diverse as our customer base and we value the sharing of skillsets and cultures that come with a truly international company present in several countries. SmallWorld is one of the largest money transfer companies in the world. We have a network of over 253,000 pick-up locations and a global team of over 1000 people who are responsible for over 15 million worldwide transactions each year. Are you passionate about working for a global company that celebrates differences? Do you want to empower people and families to support each other regardless of distance? Then join us! Let's make this big world into SmallWorld. Purpose of role: Reporting to the Chief Internal Auditor (CIA), we are seeking a highly experienced and qualified IT and Change SME Auditor to provide assurance over the Group's IT and Change risks. This will be a new role within our Group Internal Audit team and the successful candidate will have ownership for developing and executing a portfolio of internal audits primarily focused on IT and Change risks. This role provides the opportunity to shape as well as lead audits in accordance with the Group Internal Audit plan and global IA methodology, harnessing a deep understanding of technology risks to provide high quality independent assurance on the effectiveness of controls. The role will focus on major technology transformation programmes as well as on business change andtransformation. Role details: Managing and delivering a portfolio of IT and Change internal audit portfolio. Being agile and working across a range of different subjects and projects. Developing a risk assessment and audit universe and an annual plan of work under area of responsibility. Delivering Internal Audit engagements from planning through to execution and reporting. Communicating risk findings, verbally and written, to key stakeholders in a pragmatic and helpful manner. Engage proactively with Digital, IT and Change C-level and Senior leadership and second line of defence teams to identify critical functions and key controls. Draft, review, finalize and communicate audit deliverables, including audit findings, memos and audit reports to CIA, senior and executive management. This includes follow-up reviews on audits conducted and tracking for all audit issues. Prepare relevant risk and audit reporting to key stakeholders including executive management, CIA and governance committees. Participate as a non-voting member of various IT and Change sub-committees, management working groups, promoting balanced discussions and encouraging challenge and debate. Influence effective and sustainable improvements to processes and controls through insights gained based on risk and control expertise. Provide insight on the evolving industry and best practice environment and interact with local or international regulators as appropriate. Stay abreast of industry matters and efficiently and effectively apply applicable new developments in audit projects. Person specification: ACA / ACCA / CIA / CISA or a Bachelors / Master's Degree with a STEM focus (Science, Technology, Engineering or Math) Strong experience of information technology infrastructure components required to operate and manage enterprise IT environments including, hardware, software, networking components, operating systems, and data storage environments. Experience of activities required for the CIDO / IT function to deliver IT and Information Security services and solutions. Comfortable with cloud-based architectures and services delivered as Infrastructure-as-a-Service (IaaS) and Software- as-a-Service (SaaS). Cyber security experience including application security, PEN testing, IAM, vulnerability management best practices and security strategy required. Demonstrated knowledge of modern software development processes and practices. Experience with modernizing and migrating applications/clients to strategic architectures. Experience of working on large scale technology and cloud transformation programmes, either through programme delivery or auditing. The ability and skills to effectively manage C-level stakeholder relationships and demonstrating strong communication, technology and change auditing skills and business understanding. The ability to work with multi-disciplinary teams - collaboration skills are key to achieving the Group and function's objectives. Experience of data analytics. Knowledge of Change and Programme management methodologies Experience of writing detailed formal internal audit reports suitable for Executive audience. Excellent verbal, written, and presentation skills. Ability to communicate with internal stakeholders, third parties, clients and regulators. Experience of reporting and presenting to Board, Executive Committee or to the Audit Committee. Good understanding of global internal audit standards, practices and methodologies. Desirable Skills CISSP, CISA, CISM, CRISC or CEH Certifications or equivalent. Specialist system experience (i.e. SAP, Oracle, SQL, Python). Broad experience across a variety of applications, technologies, and domains in the payments industry Relevant experience migrating key product flows from heritage platforms onto next gen technology Experience building hybrid cloud architectures leveraging Java, Kafka, Mongo, OSE and AWS. Experience designing and implementing payments processing solutions using GPP-SP and its underlying tech stack (Java, Websphere, MQ, OracleDB)
Dec 15, 2022
Full time
Here at SmallWorld Financial Services, we know how important it is to be able to support friends and family from abroad. Put simply, we believe that the more people we can help transfer money to overseas family, friends and businesses, the smaller the world becomes. Our employees are as diverse as our customer base and we value the sharing of skillsets and cultures that come with a truly international company present in several countries. SmallWorld is one of the largest money transfer companies in the world. We have a network of over 253,000 pick-up locations and a global team of over 1000 people who are responsible for over 15 million worldwide transactions each year. Are you passionate about working for a global company that celebrates differences? Do you want to empower people and families to support each other regardless of distance? Then join us! Let's make this big world into SmallWorld. Purpose of role: Reporting to the Chief Internal Auditor (CIA), we are seeking a highly experienced and qualified IT and Change SME Auditor to provide assurance over the Group's IT and Change risks. This will be a new role within our Group Internal Audit team and the successful candidate will have ownership for developing and executing a portfolio of internal audits primarily focused on IT and Change risks. This role provides the opportunity to shape as well as lead audits in accordance with the Group Internal Audit plan and global IA methodology, harnessing a deep understanding of technology risks to provide high quality independent assurance on the effectiveness of controls. The role will focus on major technology transformation programmes as well as on business change andtransformation. Role details: Managing and delivering a portfolio of IT and Change internal audit portfolio. Being agile and working across a range of different subjects and projects. Developing a risk assessment and audit universe and an annual plan of work under area of responsibility. Delivering Internal Audit engagements from planning through to execution and reporting. Communicating risk findings, verbally and written, to key stakeholders in a pragmatic and helpful manner. Engage proactively with Digital, IT and Change C-level and Senior leadership and second line of defence teams to identify critical functions and key controls. Draft, review, finalize and communicate audit deliverables, including audit findings, memos and audit reports to CIA, senior and executive management. This includes follow-up reviews on audits conducted and tracking for all audit issues. Prepare relevant risk and audit reporting to key stakeholders including executive management, CIA and governance committees. Participate as a non-voting member of various IT and Change sub-committees, management working groups, promoting balanced discussions and encouraging challenge and debate. Influence effective and sustainable improvements to processes and controls through insights gained based on risk and control expertise. Provide insight on the evolving industry and best practice environment and interact with local or international regulators as appropriate. Stay abreast of industry matters and efficiently and effectively apply applicable new developments in audit projects. Person specification: ACA / ACCA / CIA / CISA or a Bachelors / Master's Degree with a STEM focus (Science, Technology, Engineering or Math) Strong experience of information technology infrastructure components required to operate and manage enterprise IT environments including, hardware, software, networking components, operating systems, and data storage environments. Experience of activities required for the CIDO / IT function to deliver IT and Information Security services and solutions. Comfortable with cloud-based architectures and services delivered as Infrastructure-as-a-Service (IaaS) and Software- as-a-Service (SaaS). Cyber security experience including application security, PEN testing, IAM, vulnerability management best practices and security strategy required. Demonstrated knowledge of modern software development processes and practices. Experience with modernizing and migrating applications/clients to strategic architectures. Experience of working on large scale technology and cloud transformation programmes, either through programme delivery or auditing. The ability and skills to effectively manage C-level stakeholder relationships and demonstrating strong communication, technology and change auditing skills and business understanding. The ability to work with multi-disciplinary teams - collaboration skills are key to achieving the Group and function's objectives. Experience of data analytics. Knowledge of Change and Programme management methodologies Experience of writing detailed formal internal audit reports suitable for Executive audience. Excellent verbal, written, and presentation skills. Ability to communicate with internal stakeholders, third parties, clients and regulators. Experience of reporting and presenting to Board, Executive Committee or to the Audit Committee. Good understanding of global internal audit standards, practices and methodologies. Desirable Skills CISSP, CISA, CISM, CRISC or CEH Certifications or equivalent. Specialist system experience (i.e. SAP, Oracle, SQL, Python). Broad experience across a variety of applications, technologies, and domains in the payments industry Relevant experience migrating key product flows from heritage platforms onto next gen technology Experience building hybrid cloud architectures leveraging Java, Kafka, Mongo, OSE and AWS. Experience designing and implementing payments processing solutions using GPP-SP and its underlying tech stack (Java, Websphere, MQ, OracleDB)
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Sep 21, 2022
Full time
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Dec 06, 2021
Full time
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Dec 06, 2021
Full time
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.