About the job You are required to be onsite 3 times per week in our Canary Wharf office, London At EY, you will have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we are counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The financial services industry is currently undergoing a period of unparalleled change. Since the financial crisis, banks and financial institutions have been subjected to more stringent regulations, increased supervision, and overall global economic instability. These changes have not come without a cost and has made these institutions re-evaluate the way they have been doing business traditionally. Moreover, the proliferation of technological advances including disruptive technologies and digital are compounding the pressures of maintaining competitiveness, being adaptable and increasing profit margins. It is an exciting time for our Financial Services Cyber and Resilience practice. We are looking for Cyber Architect Managers to join our ever-expanding team of professionals to help continue contributing to client engagements. The opportunity EY's Financial Services Cyber and Resilience practice is growing fast. For you, that means great opportunities to work on a range of projects covering the breadth of the Cyber and Resilience landscape including cyber threat management, cyber program management, strategy development, cyber transformation, identity and access management, maturity assessments, data protection, privacy, and operational Resilience. EY's EMEIA Cyber Practice is rapidly growing and the UK team is looking for a Cyber Architect (Manager) who can create, assess, advise and architect cyber and cloud security based services. This role will see you take a key position in developing EY's cyber security capabilities. You will also be expected to take a supporting role in building out EYs cyber security services, working with alliance partners and advise clients on the current market trends. You will join an expanding team of over 1,000 Cyber professionals across EMEIA and align to the UK team dedicated to providing Cyber advisory services to leading Financial Services organisations. We are part of a global cyber team of almost 8,000 professionals focused on developing and delivering cutting edge security transformation programmes, cyber threat management, identity and access management, security architecture, data protection and privacy, and resilience services. At EY, we have large scale plans to expand our already market leading Cyber Security practice and anticipate continued growth throughout the next five years. We need excellent people to join us and be part of our exciting growth strategy . Your Key Responsibilities UK Financial Services Cyber Security professionals draw upon their knowledge and experience to manage client engagement teams, act as an advisor to a variety of clients and contribute to business development activities on strategic and global priority accounts. Drawing on their industry knowledge and experience, professionals provide innovative commercial insights for clients, adapt methods and practices to fit operational team and cultural needs and contribute to thought leadership. Professionals also actively improve operational efficiency on projects and internal initiatives, in line with EY's commitment to quality. Your role will require you to manage teams or parts of teams on engagements of different sizes under the guidance of Senior Managers, Directors and Partners. Your team will look to you to anticipate and identify risks and raise any issues with them as appropriate. As an influential member of the team, you will help to create a positive learning culture and will coach and counsel junior team members to assist in their professional development. You will lead by example and act as a role model for our people in the way that you live our values. Client ResponsibilitiesManaging a portfolio of Cybersecurity engagements with our clients, responsible for the day-to-day running of the engagements including meeting quality, time and budget targets Working with prospective clients to agree, scope and plan the delivery phase of engagements Contributing to developing the market for cybersecurity services across all sectors, identifying sales opportunities and working with senior practice leaders and market leaders in the creation of proposals and marketing material Leading and developing team members by sharing knowledge, acting as mentor and coach to them and leading by example Creating thought leadership and market materials for selling and promoting EY Cybersecurity offerings Assist in managing financial aspects of engagements by organising staffing, tracking fees and communicating issues to engagement partners People ResponsibilitiesDevelop people through effectively supervising, coaching, and mentoring staff Conduct performance reviews and contribute to performance feedback for staff Contribute to people initiatives including recruiting, retaining, and training Cyber professionals Recognise the value of teamwork, facilitating and encouraging collaboration amongst team members and motivate teams to maximise performance Skills And Attributes For Success To qualify for the role you must haveExperience in advising Financial Services organisations on what good cybersecurity looks like based on the cybersecurity threats and risks they face Broad cybersecurity experience with a combination of technology involvement, business knowledge and risk awareness (incl. on topics like cryptography, network design, application security, data protection, identity and access management, cloud security) Ability to analyse complex problems and to deliver insightful, practical and sustainable solutions and translate security and risk management terminology into business terms. Demonstrated ability to impact security architecture and engineering decisions for critical business services Adaptive communication skills to influence cross functionally and negotiate with business to balance risk with business opportunity, while ensuring ongoing compliance and regulatory needs Knowledge of current security best practices, common exploits, and threat landscape Understanding of the Financial Services Cyber Security threat landscape and the UK Financial Services regulatory landscape (e.g., PRA, FCA, BoE, ECB, MAS) Experience working with a range of security governance frameworks and standards e.g., ISO27001, NIST SP800-53, PCI-DSS Security and Cloud related qualifications e.g., CISSP, CCSP, CCSK, TOGAF, SABSA, and/or vendor architectural qualifications in AWS, Azure and/or GCP Experience in supporting winning proposals and RFP responses, and working in complex multinational engagements Ideally you'll also have:Professional services experience working as a client-facing consultant with market leading organisations in the delivery of their Cloud security solutions. Cybersecurity architecture design and implementation experience, including Cloud Security assessments qualifications related to threat, vulnerability and penetration testing What We Look For We look for candidates with experience in the industry, which can prove their knowledge of Cyber regulations and frameworks in the UK. We are looking for people with the motivation and ambition to lead teams and the communication skills required to interact with clients. What we offer We offer a competitive remuneration package where you will be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers and promotions. Plus, we offer:Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be embraced for who you are and empowered to use your voice to help others find theirs. If you can demonstrate that you meet the criteria above, please contact us as soon as possible. The exceptional EY experience. It's yours to build. Apply now. EY Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
Apr 18, 2025
Full time
About the job You are required to be onsite 3 times per week in our Canary Wharf office, London At EY, you will have the chance to build a career as unique as you are, with the global scale, support, inclusive culture, and technology to become the best version of you. And we are counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. The financial services industry is currently undergoing a period of unparalleled change. Since the financial crisis, banks and financial institutions have been subjected to more stringent regulations, increased supervision, and overall global economic instability. These changes have not come without a cost and has made these institutions re-evaluate the way they have been doing business traditionally. Moreover, the proliferation of technological advances including disruptive technologies and digital are compounding the pressures of maintaining competitiveness, being adaptable and increasing profit margins. It is an exciting time for our Financial Services Cyber and Resilience practice. We are looking for Cyber Architect Managers to join our ever-expanding team of professionals to help continue contributing to client engagements. The opportunity EY's Financial Services Cyber and Resilience practice is growing fast. For you, that means great opportunities to work on a range of projects covering the breadth of the Cyber and Resilience landscape including cyber threat management, cyber program management, strategy development, cyber transformation, identity and access management, maturity assessments, data protection, privacy, and operational Resilience. EY's EMEIA Cyber Practice is rapidly growing and the UK team is looking for a Cyber Architect (Manager) who can create, assess, advise and architect cyber and cloud security based services. This role will see you take a key position in developing EY's cyber security capabilities. You will also be expected to take a supporting role in building out EYs cyber security services, working with alliance partners and advise clients on the current market trends. You will join an expanding team of over 1,000 Cyber professionals across EMEIA and align to the UK team dedicated to providing Cyber advisory services to leading Financial Services organisations. We are part of a global cyber team of almost 8,000 professionals focused on developing and delivering cutting edge security transformation programmes, cyber threat management, identity and access management, security architecture, data protection and privacy, and resilience services. At EY, we have large scale plans to expand our already market leading Cyber Security practice and anticipate continued growth throughout the next five years. We need excellent people to join us and be part of our exciting growth strategy . Your Key Responsibilities UK Financial Services Cyber Security professionals draw upon their knowledge and experience to manage client engagement teams, act as an advisor to a variety of clients and contribute to business development activities on strategic and global priority accounts. Drawing on their industry knowledge and experience, professionals provide innovative commercial insights for clients, adapt methods and practices to fit operational team and cultural needs and contribute to thought leadership. Professionals also actively improve operational efficiency on projects and internal initiatives, in line with EY's commitment to quality. Your role will require you to manage teams or parts of teams on engagements of different sizes under the guidance of Senior Managers, Directors and Partners. Your team will look to you to anticipate and identify risks and raise any issues with them as appropriate. As an influential member of the team, you will help to create a positive learning culture and will coach and counsel junior team members to assist in their professional development. You will lead by example and act as a role model for our people in the way that you live our values. Client ResponsibilitiesManaging a portfolio of Cybersecurity engagements with our clients, responsible for the day-to-day running of the engagements including meeting quality, time and budget targets Working with prospective clients to agree, scope and plan the delivery phase of engagements Contributing to developing the market for cybersecurity services across all sectors, identifying sales opportunities and working with senior practice leaders and market leaders in the creation of proposals and marketing material Leading and developing team members by sharing knowledge, acting as mentor and coach to them and leading by example Creating thought leadership and market materials for selling and promoting EY Cybersecurity offerings Assist in managing financial aspects of engagements by organising staffing, tracking fees and communicating issues to engagement partners People ResponsibilitiesDevelop people through effectively supervising, coaching, and mentoring staff Conduct performance reviews and contribute to performance feedback for staff Contribute to people initiatives including recruiting, retaining, and training Cyber professionals Recognise the value of teamwork, facilitating and encouraging collaboration amongst team members and motivate teams to maximise performance Skills And Attributes For Success To qualify for the role you must haveExperience in advising Financial Services organisations on what good cybersecurity looks like based on the cybersecurity threats and risks they face Broad cybersecurity experience with a combination of technology involvement, business knowledge and risk awareness (incl. on topics like cryptography, network design, application security, data protection, identity and access management, cloud security) Ability to analyse complex problems and to deliver insightful, practical and sustainable solutions and translate security and risk management terminology into business terms. Demonstrated ability to impact security architecture and engineering decisions for critical business services Adaptive communication skills to influence cross functionally and negotiate with business to balance risk with business opportunity, while ensuring ongoing compliance and regulatory needs Knowledge of current security best practices, common exploits, and threat landscape Understanding of the Financial Services Cyber Security threat landscape and the UK Financial Services regulatory landscape (e.g., PRA, FCA, BoE, ECB, MAS) Experience working with a range of security governance frameworks and standards e.g., ISO27001, NIST SP800-53, PCI-DSS Security and Cloud related qualifications e.g., CISSP, CCSP, CCSK, TOGAF, SABSA, and/or vendor architectural qualifications in AWS, Azure and/or GCP Experience in supporting winning proposals and RFP responses, and working in complex multinational engagements Ideally you'll also have:Professional services experience working as a client-facing consultant with market leading organisations in the delivery of their Cloud security solutions. Cybersecurity architecture design and implementation experience, including Cloud Security assessments qualifications related to threat, vulnerability and penetration testing What We Look For We look for candidates with experience in the industry, which can prove their knowledge of Cyber regulations and frameworks in the UK. We are looking for people with the motivation and ambition to lead teams and the communication skills required to interact with clients. What we offer We offer a competitive remuneration package where you will be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings, and a wide range of discounts, offers and promotions. Plus, we offer:Continuous learning: You will develop the mindset and skills to navigate whatever comes next. Success as defined by you: We will provide the tools and flexibility, so you can make a meaningful impact, your way. Transformative leadership: We will give you the insights, coaching and confidence to be the leader the world needs. Diverse and inclusive culture: You will be embraced for who you are and empowered to use your voice to help others find theirs. If you can demonstrate that you meet the criteria above, please contact us as soon as possible. The exceptional EY experience. It's yours to build. Apply now. EY Building a better working world EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform, and operate. Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
The Shipowners Club is a mutual insurance association based in the City of London. We offer Protection & Indemnity (P&I), Legal Costs Cover and associated insurances to smaller and specialist vessel owners, operators and charterers around the world. Building on over 170 years of experience, the Shipowners Club provides tailor-made insurance packages for each operator according to their particular need. We are now seeking a Senior Infrastructure Engineer to join us on a permanent basis. The successful candidate will be enthusiastic, a quick learner and have a desire to develop in a friendly and supportive Insurance company. This is a great opportunity for someone to join an friendly and evolving IT department, using their proven experience in on-premise and Azure architecture and eagerness to drive improvements in our Infrastructure to take us to the next level. We also have a hybrid working model (minimum 2 days in the office). If interested in this role, please send us your CV and covering letter outlining why you would be suitable for this position and your salary requirements to us. Salary is dependent on experience. Overall responsibility of the Role: To ensure the effective and efficient functioning of Shipowners' IT systems, taking a lead role in the provision of excellent customer service, technical support, and proactive maintenance and leading initiatives and small projects to enhance and upgrade technical infrastructure. Senior Infrastructure Engineer - Role Responsibilities: Provide excellent customer service and 2nd and 3rd line support to customers to agreed Service Levels, including logging, triaging and reviewing Incidents, problems, Service Requests and Change Requests. Ownership of the diagnosis and resolution of complex IT issues, critical Incidents and events. Own, create, and maintain documentation for IT systems including technical guides, processes, procedures and department policies. Proactively contribute to, and be responsible for, the implementation of continuous improvement initiatives for the IT Support function and overall IT department Ownership of the delivery of agreed small technical IT projects and initiatives, planning and co-ordinating resources as required. Provide input to, and review, system design and architecture. Mentoring of junior team members and collaboration with cross-functional teams, with the potential for management responsibilities over time. Assist out-of-hours with support cover, release implementation, and critical issues. Senior Infrastructure Engineer - Skills & Experience Required: Must have extensive experience in: Azure and M365 administration including IAM, ESLZ, Intune, AVD & Exchange Online. Windows Server configuration, administration, troubleshooting. Virtualisation platforms (VMware, Hyper-V). Backup & Disaster Recovery (Veeam, Cohesity & Zerto). On-premise, cloud & hybrid Infrastructure design, implementation, management & monitoring. Enterprise hardware solutions and architecture (server, SAN, switch, VLAN, firewall). Proven experience in: Scripting & Automation (PowerShell). Change Management processes Collaborate with the Change & Release Teams, supporting both projects changes as well as DEV/TEST environment requirements/issues/improvements. Security-first mindset Knowledge of zero-trust architecture & vulnerability management. Nice to have experience in: IaC Terraform, Bicep CI/CD Azure DevOps, DevSecOps Containerisation (Kubernetes) Soft Skills: Problem-solving & troubleshooting : Quickly identifying and resolving complex issues. Communication skills : Explaining technical concepts to non-technical stakeholders. Project management : Planning and executing infrastructure projects Proactive mindset: See a problem and want to fix it, taking ownership Senior Infrastructure Engineer - Benefits: Personal Wellbeing Allowance of £1,250 per policy year Bonus potential of up to 10% of base salary per year Pension: employee puts in 5% company puts in 12% Healthcare with Axa PPP Group income protection Life Assurance 28 days holiday and 2 X festive eve days Candidates must be eligible to work in the UK. Due to the large numbers of responses we receive, it is not possible to respond to every application. Therefore only short-listed candidates will be contacted for this particular role and if you haven t heard from us within 3 weeks please assume you have been unsuccessful on this occasion.
Apr 10, 2025
Full time
The Shipowners Club is a mutual insurance association based in the City of London. We offer Protection & Indemnity (P&I), Legal Costs Cover and associated insurances to smaller and specialist vessel owners, operators and charterers around the world. Building on over 170 years of experience, the Shipowners Club provides tailor-made insurance packages for each operator according to their particular need. We are now seeking a Senior Infrastructure Engineer to join us on a permanent basis. The successful candidate will be enthusiastic, a quick learner and have a desire to develop in a friendly and supportive Insurance company. This is a great opportunity for someone to join an friendly and evolving IT department, using their proven experience in on-premise and Azure architecture and eagerness to drive improvements in our Infrastructure to take us to the next level. We also have a hybrid working model (minimum 2 days in the office). If interested in this role, please send us your CV and covering letter outlining why you would be suitable for this position and your salary requirements to us. Salary is dependent on experience. Overall responsibility of the Role: To ensure the effective and efficient functioning of Shipowners' IT systems, taking a lead role in the provision of excellent customer service, technical support, and proactive maintenance and leading initiatives and small projects to enhance and upgrade technical infrastructure. Senior Infrastructure Engineer - Role Responsibilities: Provide excellent customer service and 2nd and 3rd line support to customers to agreed Service Levels, including logging, triaging and reviewing Incidents, problems, Service Requests and Change Requests. Ownership of the diagnosis and resolution of complex IT issues, critical Incidents and events. Own, create, and maintain documentation for IT systems including technical guides, processes, procedures and department policies. Proactively contribute to, and be responsible for, the implementation of continuous improvement initiatives for the IT Support function and overall IT department Ownership of the delivery of agreed small technical IT projects and initiatives, planning and co-ordinating resources as required. Provide input to, and review, system design and architecture. Mentoring of junior team members and collaboration with cross-functional teams, with the potential for management responsibilities over time. Assist out-of-hours with support cover, release implementation, and critical issues. Senior Infrastructure Engineer - Skills & Experience Required: Must have extensive experience in: Azure and M365 administration including IAM, ESLZ, Intune, AVD & Exchange Online. Windows Server configuration, administration, troubleshooting. Virtualisation platforms (VMware, Hyper-V). Backup & Disaster Recovery (Veeam, Cohesity & Zerto). On-premise, cloud & hybrid Infrastructure design, implementation, management & monitoring. Enterprise hardware solutions and architecture (server, SAN, switch, VLAN, firewall). Proven experience in: Scripting & Automation (PowerShell). Change Management processes Collaborate with the Change & Release Teams, supporting both projects changes as well as DEV/TEST environment requirements/issues/improvements. Security-first mindset Knowledge of zero-trust architecture & vulnerability management. Nice to have experience in: IaC Terraform, Bicep CI/CD Azure DevOps, DevSecOps Containerisation (Kubernetes) Soft Skills: Problem-solving & troubleshooting : Quickly identifying and resolving complex issues. Communication skills : Explaining technical concepts to non-technical stakeholders. Project management : Planning and executing infrastructure projects Proactive mindset: See a problem and want to fix it, taking ownership Senior Infrastructure Engineer - Benefits: Personal Wellbeing Allowance of £1,250 per policy year Bonus potential of up to 10% of base salary per year Pension: employee puts in 5% company puts in 12% Healthcare with Axa PPP Group income protection Life Assurance 28 days holiday and 2 X festive eve days Candidates must be eligible to work in the UK. Due to the large numbers of responses we receive, it is not possible to respond to every application. Therefore only short-listed candidates will be contacted for this particular role and if you haven t heard from us within 3 weeks please assume you have been unsuccessful on this occasion.
Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank station paying up to 75k + Bonus + Bens - Hybrid role, 3 days min to be office based This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Mar 08, 2025
Full time
Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank station paying up to 75k + Bonus + Bens - Hybrid role, 3 days min to be office based This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Inclusion at Bumble Inc. Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help. In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc). You'll be the first to respond to security events, typically occurring in three stages: threat detection, threat investigation, and timely response. You will work as part of a multidisciplinary team to solve puzzles on what bad actors are doing, and how to automate our systems and playbooks to better detect and enrich events. You should be tenacious with your curiosity both technically and organizationally about security risks, and work cross-functionally to resolve anything we don't know. We routinely test our systems and you will have the opportunity to produce advanced techniques to correlate intelligence, event information and coordination systems like Slack to increase our defensive security posture. Key Responsibilities: Responsible for security event monitoring, detection, and response as part of a multi-disciplinary 24/7 on-call rota. Cover all stages of security incidents, from initial detection to triage and remediation, demonstrating initiative and expertise. Identify, prototype, and implement technical solutions to automate event correlation and detection, ensuring efficiency and effectiveness. Operate with a focus to meet or exceed response SLAs, continuously seeking and implementing process improvements to achieve operational excellence. Ensure thorough incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Establish, develop, and revise processes that enhance the overall operational security posture of the company. Drive threat management and modelling efforts, identify threat vectors and develop use cases for comprehensive security monitoring. Contribute to the integration of standard and non-standard logs in the SIEM. Required Experience & Skills: Extensive experience in security incident response and management. In-depth security knowledge of Linux, with familiarity in macOS and Windows environments. Experience in security device output, event and alert consumption. Advanced understanding of common threat defence coding languages such as Python or Go or experience in threat identification and response using other languages. In-depth knowledge of key log sources of OS, applications, databases and middleware to address security threats. Strong and demonstrable practical experience responding to common threats such as malware, and social engineering. Experience must include effective use of threat artefacts, IOCs, and behavioural factors. Experience with threats such as DDoS and web/mobile application security risks. Experience with security tooling in a corporate environment, including commercial sandboxes, proxies, DLP, OSINT, vulnerability management, and vendor risk management. Commitment to expanding your technical skill set through self-study and formal training. About You: Your values align strongly with the Bumble Inc. principles: Growth, Kindness, Equity, Accountability, and Honesty. You are motivated to solve problems rather than apply quick fixes. Being on-call is viewed as an opportunity for exploration and improvement, rather than a burden. You possess the ability to multi-task and thrive in high-pressure situations while engaging with key stakeholders. Excellent analytical, problem-solving, and interpersonal skills are essential. You are eager to enhance your technical skills, particularly in threat detection and enrichment using data science tools and techniques. About Us Bumble Inc. is the parent company of Bumble, Badoo, Fruitz and Official. The Bumble platform enables people to build healthy and equitable relationships, through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the centre and connects people across dating (Bumble Date), friendship (Bumble BFF) and professional networking (Bumble Bizz). Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.
Feb 21, 2025
Full time
Inclusion at Bumble Inc. Bumble Inc. is an equal opportunity employer and we strongly encourage people of all ages, colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, people with disabilities, and neurodivergent people to apply. We're happy to make any reasonable adjustments that will help you feel more confident throughout the process, please don't hesitate to let us know how we can help. In your application, please feel free to note which pronouns you use (For example: she/her, he/him, they/them, etc). You'll be the first to respond to security events, typically occurring in three stages: threat detection, threat investigation, and timely response. You will work as part of a multidisciplinary team to solve puzzles on what bad actors are doing, and how to automate our systems and playbooks to better detect and enrich events. You should be tenacious with your curiosity both technically and organizationally about security risks, and work cross-functionally to resolve anything we don't know. We routinely test our systems and you will have the opportunity to produce advanced techniques to correlate intelligence, event information and coordination systems like Slack to increase our defensive security posture. Key Responsibilities: Responsible for security event monitoring, detection, and response as part of a multi-disciplinary 24/7 on-call rota. Cover all stages of security incidents, from initial detection to triage and remediation, demonstrating initiative and expertise. Identify, prototype, and implement technical solutions to automate event correlation and detection, ensuring efficiency and effectiveness. Operate with a focus to meet or exceed response SLAs, continuously seeking and implementing process improvements to achieve operational excellence. Ensure thorough incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring. Establish, develop, and revise processes that enhance the overall operational security posture of the company. Drive threat management and modelling efforts, identify threat vectors and develop use cases for comprehensive security monitoring. Contribute to the integration of standard and non-standard logs in the SIEM. Required Experience & Skills: Extensive experience in security incident response and management. In-depth security knowledge of Linux, with familiarity in macOS and Windows environments. Experience in security device output, event and alert consumption. Advanced understanding of common threat defence coding languages such as Python or Go or experience in threat identification and response using other languages. In-depth knowledge of key log sources of OS, applications, databases and middleware to address security threats. Strong and demonstrable practical experience responding to common threats such as malware, and social engineering. Experience must include effective use of threat artefacts, IOCs, and behavioural factors. Experience with threats such as DDoS and web/mobile application security risks. Experience with security tooling in a corporate environment, including commercial sandboxes, proxies, DLP, OSINT, vulnerability management, and vendor risk management. Commitment to expanding your technical skill set through self-study and formal training. About You: Your values align strongly with the Bumble Inc. principles: Growth, Kindness, Equity, Accountability, and Honesty. You are motivated to solve problems rather than apply quick fixes. Being on-call is viewed as an opportunity for exploration and improvement, rather than a burden. You possess the ability to multi-task and thrive in high-pressure situations while engaging with key stakeholders. Excellent analytical, problem-solving, and interpersonal skills are essential. You are eager to enhance your technical skills, particularly in threat detection and enrichment using data science tools and techniques. About Us Bumble Inc. is the parent company of Bumble, Badoo, Fruitz and Official. The Bumble platform enables people to build healthy and equitable relationships, through kind connections. Founded by Whitney Wolfe Herd in 2014, Bumble was one of the first dating apps built with women at the centre and connects people across dating (Bumble Date), friendship (Bumble BFF) and professional networking (Bumble Bizz). Badoo, which was founded in 2006, is one of the pioneers of web and mobile dating products. Fruitz, founded in 2017, encourages open and honest communication of dating intentions through playful fruit metaphors. Official is an app for couples that promotes open and honest communication between partners and was founded in 2020.
DevSecOps Engineer - 86k - London (Twice Monthly) Fancy being the go-to person for all things DevSecOps? We're on the hunt for a Lead DevSecOps Engineer to join a growing team, helping to embed security into the development process from day one. If you've got a strong development background and have evolved into security, this could be the perfect fit. This isn't just a tick-box security role - we need someone who understands modern development, lives and breathes security, and can champion a DevSecOps-first approach. Working closely with product and development teams, you'll be responsible for integrating security seamlessly into the CI/CD pipeline, automating security checks, and ensuring security isn't a blocker but an enabler. The role is hands-on, requiring a deep understanding of security tooling, risk assessments, and secure coding practices. You'll be working across a variety of products, both internal and customer-facing, many of which are increasingly AI-driven. From property management systems to tax tools and heavily regulated audit products, there is a broad range of challenges to tackle. A key focus will be automating security testing, embedding security controls in CI/CD workflows, and ensuring security processes scale effectively. You'll be working with development teams to shift security left, champion DevSecOps culture, and build security into the software development lifecycle. Managing security controls, implementing best practices, and staying ahead of modern security trends will be integral to the role. You'll also be expected to provide expert support in risk assessments, vulnerability management, and penetration testing. Working closely with an enterprise security architect, you'll ensure alignment with overall security strategies and report on compliance and risks to senior stakeholders. A strong development background with a transition into security is essential. You should have a solid grasp of the OWASP Top 10, risk assessments, and secure development lifecycle methodologies. Experience with Azure, particularly its PaaS, DevOps, and CI/CD capabilities, will be valuable. Hands-on knowledge of security tools like Wiz and Trivy is highly desirable. More importantly, you need to be a confident communicator who can present well and engage with teams effectively. While there are no direct reports at the moment, leadership skills are crucial as the role is likely to evolve into managing a team in the future. This is an excellent opportunity for someone with consulting experience or a background in working across multiple products. Azure security certifications would be a bonus, but they're not essential. The role is London-based, but with only one or two days in the office each month, providing plenty of flexibility. The hiring process consists of two interview stages, with an expectation to be in the office a bit more frequently during the first six weeks. After that, it's hybrid working with significant flexibility. If this sounds like the kind of challenge you're after, let's chat! Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Feb 19, 2025
Full time
DevSecOps Engineer - 86k - London (Twice Monthly) Fancy being the go-to person for all things DevSecOps? We're on the hunt for a Lead DevSecOps Engineer to join a growing team, helping to embed security into the development process from day one. If you've got a strong development background and have evolved into security, this could be the perfect fit. This isn't just a tick-box security role - we need someone who understands modern development, lives and breathes security, and can champion a DevSecOps-first approach. Working closely with product and development teams, you'll be responsible for integrating security seamlessly into the CI/CD pipeline, automating security checks, and ensuring security isn't a blocker but an enabler. The role is hands-on, requiring a deep understanding of security tooling, risk assessments, and secure coding practices. You'll be working across a variety of products, both internal and customer-facing, many of which are increasingly AI-driven. From property management systems to tax tools and heavily regulated audit products, there is a broad range of challenges to tackle. A key focus will be automating security testing, embedding security controls in CI/CD workflows, and ensuring security processes scale effectively. You'll be working with development teams to shift security left, champion DevSecOps culture, and build security into the software development lifecycle. Managing security controls, implementing best practices, and staying ahead of modern security trends will be integral to the role. You'll also be expected to provide expert support in risk assessments, vulnerability management, and penetration testing. Working closely with an enterprise security architect, you'll ensure alignment with overall security strategies and report on compliance and risks to senior stakeholders. A strong development background with a transition into security is essential. You should have a solid grasp of the OWASP Top 10, risk assessments, and secure development lifecycle methodologies. Experience with Azure, particularly its PaaS, DevOps, and CI/CD capabilities, will be valuable. Hands-on knowledge of security tools like Wiz and Trivy is highly desirable. More importantly, you need to be a confident communicator who can present well and engage with teams effectively. While there are no direct reports at the moment, leadership skills are crucial as the role is likely to evolve into managing a team in the future. This is an excellent opportunity for someone with consulting experience or a background in working across multiple products. Azure security certifications would be a bonus, but they're not essential. The role is London-based, but with only one or two days in the office each month, providing plenty of flexibility. The hiring process consists of two interview stages, with an expectation to be in the office a bit more frequently during the first six weeks. After that, it's hybrid working with significant flexibility. If this sounds like the kind of challenge you're after, let's chat! Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Lead Software Security Engineer - 86k - London (Twice Monthly) Fancy being the go-to person for all things software security? We're on the hunt for a Lead Software Security Engineer to join a growing team, helping to shape and embed security into products from day one. If you've got a strong development background and have shifted into security, this could be the perfect fit. This isn't just a tick-box security role - we need someone who gets modern development, understands security inside out, and can bring a forward-thinking, developer-friendly approach to keeping things secure. Working closely with product teams, you'll be responsible for wrapping security around their goals rather than blocking them. The emphasis is on shifting security left, automating wherever possible, and making security a seamless part of the development lifecycle. The role is hands-on, requiring a deep understanding of security tooling, risk assessments, and secure coding practices. You'll be involved in a variety of products, both internal and customer-facing, many of which are increasingly AI-driven. From property management systems to tax tools and heavily regulated audit products, there is a broad range of challenges to tackle. A key aspect of the role will be automating pen testing and establishing security processes that scale effectively. You'll be working with development teams to build security into the software development lifecycle and championing the cultural shift towards DevSecOps. Managing security controls, implementing best practices, and staying ahead of modern security trends will be integral to the role. You'll also be expected to provide expert support in risk assessments, vulnerability management, and penetration testing. Working closely with an enterprise security architect, you'll ensure alignment with overall security strategies and report on compliance and risks to senior stakeholders. A strong development background with a transition into security is essential. You should have a solid grasp of the OWASP Top 10, risk assessments, and secure development lifecycle methodologies. Experience with Azure, particularly its PaaS, DevOps, and CI/CD capabilities, will be valuable. Hands-on knowledge of security tools like Wiz and Trivy is highly desirable. More importantly, you need to be a confident communicator who can present well and engage with teams effectively. While there are no direct reports at the moment, leadership skills are crucial as the role is likely to evolve into managing a team in the future. This is an excellent opportunity for someone with consulting experience or a background in working across multiple products. Azure security certifications would be a bonus, but they're not essential. The role is London-based, but with only one or two days in the office each month, providing plenty of flexibility. The hiring process consists of two interview stages, with an expectation to be in the office a bit more frequently during the first six weeks. After that, it's hybrid working with significant flexibility. If this sounds like the kind of challenge you're after, let's chat! Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Feb 17, 2025
Full time
Lead Software Security Engineer - 86k - London (Twice Monthly) Fancy being the go-to person for all things software security? We're on the hunt for a Lead Software Security Engineer to join a growing team, helping to shape and embed security into products from day one. If you've got a strong development background and have shifted into security, this could be the perfect fit. This isn't just a tick-box security role - we need someone who gets modern development, understands security inside out, and can bring a forward-thinking, developer-friendly approach to keeping things secure. Working closely with product teams, you'll be responsible for wrapping security around their goals rather than blocking them. The emphasis is on shifting security left, automating wherever possible, and making security a seamless part of the development lifecycle. The role is hands-on, requiring a deep understanding of security tooling, risk assessments, and secure coding practices. You'll be involved in a variety of products, both internal and customer-facing, many of which are increasingly AI-driven. From property management systems to tax tools and heavily regulated audit products, there is a broad range of challenges to tackle. A key aspect of the role will be automating pen testing and establishing security processes that scale effectively. You'll be working with development teams to build security into the software development lifecycle and championing the cultural shift towards DevSecOps. Managing security controls, implementing best practices, and staying ahead of modern security trends will be integral to the role. You'll also be expected to provide expert support in risk assessments, vulnerability management, and penetration testing. Working closely with an enterprise security architect, you'll ensure alignment with overall security strategies and report on compliance and risks to senior stakeholders. A strong development background with a transition into security is essential. You should have a solid grasp of the OWASP Top 10, risk assessments, and secure development lifecycle methodologies. Experience with Azure, particularly its PaaS, DevOps, and CI/CD capabilities, will be valuable. Hands-on knowledge of security tools like Wiz and Trivy is highly desirable. More importantly, you need to be a confident communicator who can present well and engage with teams effectively. While there are no direct reports at the moment, leadership skills are crucial as the role is likely to evolve into managing a team in the future. This is an excellent opportunity for someone with consulting experience or a background in working across multiple products. Azure security certifications would be a bonus, but they're not essential. The role is London-based, but with only one or two days in the office each month, providing plenty of flexibility. The hiring process consists of two interview stages, with an expectation to be in the office a bit more frequently during the first six weeks. After that, it's hybrid working with significant flexibility. If this sounds like the kind of challenge you're after, let's chat! Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Security Engineer - Hardware, Firmware, Virtualization, Secure Hardware And Foundational Technologies Team Job ID: Amazon Development Centre (London) Limited - C26 At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. Help us protect not only the Amazon Security (AmSec) cloud computing environment but all of our customers as well! Since 2006, our great team at AmSec has been enabling our customers to bring great ideas to life in ways that aren't possible in traditional IT environments. With AmSec you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them. Amazon Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member's growth as our business grows. As a part of the Secure Hardware and Foundational Technologies group, we help Amazon launch brand new products and invest in emerging technologies securely. We are looking for a technically deep Senior Security Engineer to help secure our foundational platforms such as OS kernels, virtualization, device emulation, firmware and hardware. You will be responsible for conducting security reviews, threat modeling, developing tooling that will help detect security issues at scale and hands-on security evaluations (pen-testing). The successful candidate must be comfortable diving into complex engineering discussions, and leveraging deep security expertise to ensure proper risk assessment and threat analysis is performed. You will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels. By applying your hard-earned years of practical security engineering expertise in projects related to enterprise networking, hardware-rooted security, operating system hardening, and cloud-scale administrative infrastructure, you will literally shape the future of cloud computing. You are expected to be strong in multiple domains and provide significant contributions to the IT Security team and to multiple groups throughout AmSec. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. You should foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AmSec and by groups throughout Amazon), while having an understanding of the application of information security in a broad range of technical areas. You will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Key job responsibilities Security reviews for hardware including servers and devices. Penetration testing & vulnerability research Threat modeling. Security training and outreach to internal development teams. Security guidance documentation. Assistance with recruiting activities. BASIC QUALIFICATIONS BS in Computer Science or related field, or equivalent work experience. 5+ years of experience in Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery, and 2 years in two or more of the following technical categories: Virtualization security (Xen, KVM, QEMU) - Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA) - x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, JTAG, PCIe) - Physical security testing at the machine level. Security testing of compute platforms (Server, PC or Mobile). Working with diverse physical tamper resistance and/or tamper detection techniques. PREFERRED QUALIFICATIONS MS in Computer Science, Information Security, or related field, or equivalent work experience. Demonstrated ability to prepare technical specifications and executive-ready communications. Experience using AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc). Experience designing for relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series). Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM). Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments). Expert knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP). Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates. Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
Feb 17, 2025
Full time
Security Engineer - Hardware, Firmware, Virtualization, Secure Hardware And Foundational Technologies Team Job ID: Amazon Development Centre (London) Limited - C26 At Amazon, security is central to maintaining customer trust and delivering delightful customer experiences. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. Help us protect not only the Amazon Security (AmSec) cloud computing environment but all of our customers as well! Since 2006, our great team at AmSec has been enabling our customers to bring great ideas to life in ways that aren't possible in traditional IT environments. With AmSec you can flexibly harness compute, storage, security, and other services from across the globe as your business demands them. Amazon Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale. Similarly, our highly collaborative team is committed to each team member's growth as our business grows. As a part of the Secure Hardware and Foundational Technologies group, we help Amazon launch brand new products and invest in emerging technologies securely. We are looking for a technically deep Senior Security Engineer to help secure our foundational platforms such as OS kernels, virtualization, device emulation, firmware and hardware. You will be responsible for conducting security reviews, threat modeling, developing tooling that will help detect security issues at scale and hands-on security evaluations (pen-testing). The successful candidate must be comfortable diving into complex engineering discussions, and leveraging deep security expertise to ensure proper risk assessment and threat analysis is performed. You will provide crystal-clear technical direction and risk mitigation guidance for diverse engineering and business leaders at all levels. By applying your hard-earned years of practical security engineering expertise in projects related to enterprise networking, hardware-rooted security, operating system hardening, and cloud-scale administrative infrastructure, you will literally shape the future of cloud computing. You are expected to be strong in multiple domains and provide significant contributions to the IT Security team and to multiple groups throughout AmSec. Security engineers are expected to develop elegant solutions to complex business problems and apply appropriate technologies while following security engineering best practices. You are also expected to mentor more junior engineers and be a security thought leader for the organization. You should foster constructive dialogue and seek resolution when confronted with discordant views. Engineers in this role are expected to participate fully in the planning of the IT Security team's work and constantly seek opportunities for process improvement. They should also have a deep understanding of at least one specialty for which they are a sought out resource (both within AmSec and by groups throughout Amazon), while having an understanding of the application of information security in a broad range of technical areas. You will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project and software development work. This role will provide career growth opportunities as you gain new security skills in the course of your duties. Key job responsibilities Security reviews for hardware including servers and devices. Penetration testing & vulnerability research Threat modeling. Security training and outreach to internal development teams. Security guidance documentation. Assistance with recruiting activities. BASIC QUALIFICATIONS BS in Computer Science or related field, or equivalent work experience. 5+ years of experience in Security Engineering or Development of Security capabilities, supporting engineering projects from concept to delivery, and 2 years in two or more of the following technical categories: Virtualization security (Xen, KVM, QEMU) - Hardware security (PCB, JTAG, UART, SPI, ROM, microcode, custom ASIC/FPGA) - x86 and/or ARM chipset and firmware security (TPM, UEFI, TrustZone, Secure Boot, JTAG, PCIe) - Physical security testing at the machine level. Security testing of compute platforms (Server, PC or Mobile). Working with diverse physical tamper resistance and/or tamper detection techniques. PREFERRED QUALIFICATIONS MS in Computer Science, Information Security, or related field, or equivalent work experience. Demonstrated ability to prepare technical specifications and executive-ready communications. Experience using AWS core services (EC2, S3, IAM, Kinesis, Lambda, KMS, VPC, etc). Experience designing for relevant security standards (TCG, IEEE, NIST, FIPS, PCI, ISO 28000 series). Experience designing for crypto security (e.g. certificate handling and PKI, attestation, TPM/HSM). Expert knowledge of Windows, Linux, and hypervisor security (especially in cloud environments). Expert knowledge of common security-relevant protocols (e.g. SSH, TLS, DNS, DHCP, NTP, ICMP). Amazon is an equal opportunities employer. We believe passionately that employing a diverse workforce is central to our success. We make recruiting decisions based on your experience and skills. We value your passion to discover, invent, simplify and build. Protecting your privacy and the security of your data is a longstanding top priority for Amazon. Please consult our Privacy Notice ( ) to know more about how we collect, use and transfer the personal data of our candidates. Amazon is committed to a diverse and inclusive workplace. Amazon is an equal opportunity employer and does not discriminate on the basis of race, national origin, gender, gender identity, sexual orientation, protected veteran status, disability, age, or other legally protected status.
About the Role Zero Hash is looking for a passionate Senior Security Engineer to help drive and implement technical strategies, innovative tooling, research, and processes. You will have extensive knowledge of web 2.0 ecosystems, including the inner workings of cloud environments and API infrastructure. You'll be part of the overall Security Engineering team and closely partner with the Engineering, Infrastructure, and IT teams responsible for supporting our cloud operations, software development, fleet of devices and endpoints. The Zero Hash Security Team works to protect Zero Hash; our customers, clients, and partners; and the financial markets upon which we rely. The security team leads the company's programs for information security and cybersecurity, business continuity, and vendor risk management. As a member of this team, you'll lead projects and be responsible for key deliverables of the security program while collaborating across Zero Hash teams. You will continue to learn and stay current in a fun and rapidly changing environment. Key Responsibilities Work with the product management and software engineering teams during all phases of the SDLC to ensure that applications are designed and implemented securely. Test web applications and underlying systems for vulnerabilities using both tools and manual techniques; manage the remediation of findings through resolution. Recommend code changes to eliminate vulnerabilities. Automate security tests within the CI/CD pipeline. Help develop secure coding standards and training materials based on findings seen in Zero Hash's environment to empower engineers to write more secure code. Research vulnerabilities specific to blockchain technologies and incorporate this knowledge in Zero Hash's security practices. Serve as an escalation point to investigate security alerts and identify incidents. Investigate vulnerability reports related to Zero Hash products and systems. Manage vendors to conduct penetration tests and other security-related projects. Participate in security helpdesk on-call rotation and manage ad-hoc security requests. Influence the continuous improvement of the application security program. Participate in projects such as threat modeling, vulnerability scanning, and audits. Qualifications 5+ years of experience as a security engineer leading projects and developing resolutions in cybersecurity. Experience designing software security features including, but not limited to, access control features, logging and monitoring features, input validation, and session management. Experience automating security tests in CI/CD pipelines & experience working with SAST and DAST testing processes and tools. Experience with building detections against common attacks. Self-motivated and creative problem-solver able to work independently with minimal guidance. Configure and support security and IT administration tools (e.g., MDM, IAM, EDR, SIEM, & IDPS). May require work nights, weekends, or holidays on a rotational basis with the rest of the team to ensure 24x7 coverage. Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly. Experience with at least several of the following is highly desirable: Java, Angular JS, REST APIs, JSON, Go, Rust, and Python. Supports the team with additional security projects, as needed. Preferred Experience with Cloud Security tools. Prior experience with threat and vulnerability management. Experience with common attack techniques and conducting penetration tests. Bachelor's degree in computer science, computer engineering, cybersecurity or related field, equivalent experience also accepted. Enthusiasm for securing and breaking software. Benefits We believe a happy, motivated, and healthy team is the best way to succeed. We offer the following benefits: Chance to earn equity. Paid Maternity & Paternity leave (after 6 months). WeWork Membership. WFH Yearly Stipend. L&D Yearly Stipend (after 6 months). About Zero Hash Zero Hash's full stack financial infrastructure seamlessly connects fiat, crypto, and stablecoins, enabling a better way to move and transfer money and value globally. Zero Hash provides the complete technical infrastructure (delivered through API and SDK) as well as the global regulatory stack to easily and compliantly send, receive, store, and convert fiat, crypto, and stablecoins, in one platform. Start-ups, enterprises, and Fortune 500 companies, including Stripe, Interactive Brokers, Shift4, Franklin Templeton, and MoonPay embed our infrastructure to power a diverse range of use cases: cross-border payments, commerce, trading, remittance, payroll, tokenization, wallets, and on and off-ramps. Backed by Interactive Brokers, Point72 Ventures, NYCA, Bain Capital, and tastytrade. The Zero Hash Culture All Zero Hash employees are guided by the following characteristics and core principles: Independence/Ownership - An ability to work autonomously. Join Zero Hash, pitch ideas, and shape the work you do. Passion - We are innovating quickly and challenging the status quo. We want you to think big, be creative, and make a difference every day. Collaborative - A good attitude and respect for others. We're teammates, not co-workers. Everything we do is a shared success and equally a shared failure - we talk in terms of "we" not "me." Initiative - An ability and passion for learning and asking questions. We will champion you, challenge you and push you to achieve your best - and we expect you to do the same. Empathy - An ability to listen, respect, and understand your co-workers, customers, and everyone you interact with no matter how different they are to you. Adaptability - An ability to respond quickly. We are in a fast-paced industry and so we expect you to be creative when solving a new problem and comfortable under pressure. Transparency - We believe that transparency is critical to empowering everyone to make the best decisions, both the company to its people and vice versa. Integrity - Integrity creates trust. As both an organization collectively and as individuals, it is our most valuable asset. Follow us Twitter LinkedIn Youtube Blog
Feb 15, 2025
Full time
About the Role Zero Hash is looking for a passionate Senior Security Engineer to help drive and implement technical strategies, innovative tooling, research, and processes. You will have extensive knowledge of web 2.0 ecosystems, including the inner workings of cloud environments and API infrastructure. You'll be part of the overall Security Engineering team and closely partner with the Engineering, Infrastructure, and IT teams responsible for supporting our cloud operations, software development, fleet of devices and endpoints. The Zero Hash Security Team works to protect Zero Hash; our customers, clients, and partners; and the financial markets upon which we rely. The security team leads the company's programs for information security and cybersecurity, business continuity, and vendor risk management. As a member of this team, you'll lead projects and be responsible for key deliverables of the security program while collaborating across Zero Hash teams. You will continue to learn and stay current in a fun and rapidly changing environment. Key Responsibilities Work with the product management and software engineering teams during all phases of the SDLC to ensure that applications are designed and implemented securely. Test web applications and underlying systems for vulnerabilities using both tools and manual techniques; manage the remediation of findings through resolution. Recommend code changes to eliminate vulnerabilities. Automate security tests within the CI/CD pipeline. Help develop secure coding standards and training materials based on findings seen in Zero Hash's environment to empower engineers to write more secure code. Research vulnerabilities specific to blockchain technologies and incorporate this knowledge in Zero Hash's security practices. Serve as an escalation point to investigate security alerts and identify incidents. Investigate vulnerability reports related to Zero Hash products and systems. Manage vendors to conduct penetration tests and other security-related projects. Participate in security helpdesk on-call rotation and manage ad-hoc security requests. Influence the continuous improvement of the application security program. Participate in projects such as threat modeling, vulnerability scanning, and audits. Qualifications 5+ years of experience as a security engineer leading projects and developing resolutions in cybersecurity. Experience designing software security features including, but not limited to, access control features, logging and monitoring features, input validation, and session management. Experience automating security tests in CI/CD pipelines & experience working with SAST and DAST testing processes and tools. Experience with building detections against common attacks. Self-motivated and creative problem-solver able to work independently with minimal guidance. Configure and support security and IT administration tools (e.g., MDM, IAM, EDR, SIEM, & IDPS). May require work nights, weekends, or holidays on a rotational basis with the rest of the team to ensure 24x7 coverage. Ability to manage multiple competing priorities and use good judgment to establish order of priorities on the fly. Experience with at least several of the following is highly desirable: Java, Angular JS, REST APIs, JSON, Go, Rust, and Python. Supports the team with additional security projects, as needed. Preferred Experience with Cloud Security tools. Prior experience with threat and vulnerability management. Experience with common attack techniques and conducting penetration tests. Bachelor's degree in computer science, computer engineering, cybersecurity or related field, equivalent experience also accepted. Enthusiasm for securing and breaking software. Benefits We believe a happy, motivated, and healthy team is the best way to succeed. We offer the following benefits: Chance to earn equity. Paid Maternity & Paternity leave (after 6 months). WeWork Membership. WFH Yearly Stipend. L&D Yearly Stipend (after 6 months). About Zero Hash Zero Hash's full stack financial infrastructure seamlessly connects fiat, crypto, and stablecoins, enabling a better way to move and transfer money and value globally. Zero Hash provides the complete technical infrastructure (delivered through API and SDK) as well as the global regulatory stack to easily and compliantly send, receive, store, and convert fiat, crypto, and stablecoins, in one platform. Start-ups, enterprises, and Fortune 500 companies, including Stripe, Interactive Brokers, Shift4, Franklin Templeton, and MoonPay embed our infrastructure to power a diverse range of use cases: cross-border payments, commerce, trading, remittance, payroll, tokenization, wallets, and on and off-ramps. Backed by Interactive Brokers, Point72 Ventures, NYCA, Bain Capital, and tastytrade. The Zero Hash Culture All Zero Hash employees are guided by the following characteristics and core principles: Independence/Ownership - An ability to work autonomously. Join Zero Hash, pitch ideas, and shape the work you do. Passion - We are innovating quickly and challenging the status quo. We want you to think big, be creative, and make a difference every day. Collaborative - A good attitude and respect for others. We're teammates, not co-workers. Everything we do is a shared success and equally a shared failure - we talk in terms of "we" not "me." Initiative - An ability and passion for learning and asking questions. We will champion you, challenge you and push you to achieve your best - and we expect you to do the same. Empathy - An ability to listen, respect, and understand your co-workers, customers, and everyone you interact with no matter how different they are to you. Adaptability - An ability to respond quickly. We are in a fast-paced industry and so we expect you to be creative when solving a new problem and comfortable under pressure. Transparency - We believe that transparency is critical to empowering everyone to make the best decisions, both the company to its people and vice versa. Integrity - Integrity creates trust. As both an organization collectively and as individuals, it is our most valuable asset. Follow us Twitter LinkedIn Youtube Blog
IT Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank sstation paying up to 85k + Bonus + Bens This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Feb 09, 2025
Full time
IT Security Engineer (Senior) is required by a Financial Brokerage based in the heart of the city of London, by Bank sstation paying up to 85k + Bonus + Bens This Senior IT Security Engineer role offers a unique chance to shape and enhance the security landscape of a forward-thinking organisation. Working closely with the Chief Information Security Officer (CISO) and a dedicated team of 3, this position allows you to make a tangible impact on security strategy and implementation. Why This Role Stands Out: - Influence and Ownership: Take charge of critical aspects of cybersecurity, from network monitoring to cloud security design, and make strategic decisions that drive the company's security posture forward. - Professional Growth: Engage with cutting-edge technologies and methodologies, including AI, machine learning, and advanced analytics, ensuring you stay at the forefront of the cybersecurity field. - Collaborative Environment: Work alongside a team of skilled professionals and security partners, fostering a culture of continuous improvement and shared expertise. - Comprehensive Benefits: Enjoy a competitive salary, professional development opportunities, and a supportive work environment that values work-life balance. Key Responsibilities: - Maintain and monitor network and devices, ensuring robust security patching and vulnerability management. - Develop and implement information security policies, including business continuity and disaster recovery plans. - Provide hands-on expertise in cloud-based technologies (Azure, AWS) with a focus on security, performance, and scalability. - Design and conduct security testing and training for employees. - Perform risk assessments and analyse current security solutions, recommending enhancements. - Support the adoption of new security technologies and best practices. - Stay abreast of the latest cybersecurity threats, trends, and technologies. Qualifications: - Bachelor's degree in Technology, Cyber Security, IT, or a related field. - Over 4 years of experience in a cybersecurity engineering role. - Technical certifications such as CISSP, CISM, CEH preferred; AWS/Azure certifications highly desirable. - In-depth knowledge of network systems, security products, and solutions (e.g., SentinelOne, Crowdstrike, M365). - Proficiency in risk assessment tools and techniques. - Experience with firewalls, VPN solutions, and IDS. - Familiarity with cybersecurity frameworks and standards (NIST CSF, ISO 27001, PCI DSS, Mitre ATT&CK). - Strong problem-solving skills and the ability to work under pressure. - Effective communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment and work both independently and as part of a team. This role is more than just a job; it's a platform to make a significant impact in the cybersecurity domain. If you have the expertise and drive to excel in this dynamic field, consider this your next big career move.
Engineering, London, Full Time, £100,000 - £120,000 / year Job Description In May 2023 Reward Gateway was acquired by Edenred. Edenred is a leading digital platform for services and payments for people at work, connecting 52 million users and 2 million partner merchants in 45 countries via close to 1 million corporate clients. With our shared missions of ' Making the World a Better Place to Work ' and ' Enriching connections, For good ', you'll contribute to improving employee engagement and building better, stronger, and more resilient organisations to improve people's daily lives. Our shared mission guides our actions and charts a sustainable path to a better future. Due to expansion, an opportunity has become available for a Head of Site Reliability Engineering to join our team to help us transform our existing operational workloads to an SRE approach. Key Responsibilities Establishing and managing our new SRE function Operating and modernising our existing cloud infrastructure Partnering with our DevOps team to ensure fast & supportable platform updates Maintaining the highest standards for our customer-facing systems Balancing the desire for innovation with stability and delivery for our customers Ensuring our availability and performance are maintained at the highest levels Acting as a key Incident Commander and escalation point Liaising closely with our SecOps teams to ensure timely vulnerability management Educating teams in SRE practices and maintaining high standards of compliance Implementing world-class observability standards utilising SLI/SLO/Error Budgets Continually evolving our observability platforms for greater coverage Liaising with Product & Engineering teams for constant evolution of metrics Aligning SRE Sprints & Backlog with our roadmaps to meet business expectations Guiding our teams in a more Agile approach to demand management Actively taking part in our daily stand-ups and keeping our Sprints on track Keeping up-to-date documentation in our JIRA & Confluence tools Owning and maintaining our SRE Incident Management processes Ensuring a focus on cost efficiency for our platforms & services Removing obstacles and fostering team collaboration Communicating with our stakeholders Skills Demonstrated leadership and management experience as a Senior Manager or Head of SRE within a global organisation Experience with AWS preferred (or another cloud provider) Enterprise infrastructure experience in high-availability environments Automation skills through Terraform, Python, Bash or similar Fast-releasing environments with automated pipelines and QA Wide-reaching SRE skills and a deep understanding of SRE practices SRE leadership skills with an ability to drive SRE adoption A strong understanding of SQL, PHP, Kubernetes, CI/CD Observability product experience (eg: New Relic, Datadog) Strong facilitation and servant leadership skills Ability to work both independently and as part of a team Ability to work under pressure and be highly reliable Leadership, time management, and organisational skills Adaptability and flexibility to change in a fast-moving environment An ability to learn new tools and processes quickly and impart that knowledge The Interview Process Screening video interview with the Senior Talent Partner Interview with the Director of Infrastructure and Head of Development Final interview with the Director of Engineering & CTO Be comfortable. Be you. At Reward Gateway, we want our employees to feel comfortable bringing their passion, creativity, and individuality to work. We value all cultures, backgrounds, and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work. We hire BETTER. From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways' approach to benefits, equality, talent, technology, and empathy, and what you'll get in return for joining our Mission at rg.co/lifeatrg.
Feb 03, 2025
Full time
Engineering, London, Full Time, £100,000 - £120,000 / year Job Description In May 2023 Reward Gateway was acquired by Edenred. Edenred is a leading digital platform for services and payments for people at work, connecting 52 million users and 2 million partner merchants in 45 countries via close to 1 million corporate clients. With our shared missions of ' Making the World a Better Place to Work ' and ' Enriching connections, For good ', you'll contribute to improving employee engagement and building better, stronger, and more resilient organisations to improve people's daily lives. Our shared mission guides our actions and charts a sustainable path to a better future. Due to expansion, an opportunity has become available for a Head of Site Reliability Engineering to join our team to help us transform our existing operational workloads to an SRE approach. Key Responsibilities Establishing and managing our new SRE function Operating and modernising our existing cloud infrastructure Partnering with our DevOps team to ensure fast & supportable platform updates Maintaining the highest standards for our customer-facing systems Balancing the desire for innovation with stability and delivery for our customers Ensuring our availability and performance are maintained at the highest levels Acting as a key Incident Commander and escalation point Liaising closely with our SecOps teams to ensure timely vulnerability management Educating teams in SRE practices and maintaining high standards of compliance Implementing world-class observability standards utilising SLI/SLO/Error Budgets Continually evolving our observability platforms for greater coverage Liaising with Product & Engineering teams for constant evolution of metrics Aligning SRE Sprints & Backlog with our roadmaps to meet business expectations Guiding our teams in a more Agile approach to demand management Actively taking part in our daily stand-ups and keeping our Sprints on track Keeping up-to-date documentation in our JIRA & Confluence tools Owning and maintaining our SRE Incident Management processes Ensuring a focus on cost efficiency for our platforms & services Removing obstacles and fostering team collaboration Communicating with our stakeholders Skills Demonstrated leadership and management experience as a Senior Manager or Head of SRE within a global organisation Experience with AWS preferred (or another cloud provider) Enterprise infrastructure experience in high-availability environments Automation skills through Terraform, Python, Bash or similar Fast-releasing environments with automated pipelines and QA Wide-reaching SRE skills and a deep understanding of SRE practices SRE leadership skills with an ability to drive SRE adoption A strong understanding of SQL, PHP, Kubernetes, CI/CD Observability product experience (eg: New Relic, Datadog) Strong facilitation and servant leadership skills Ability to work both independently and as part of a team Ability to work under pressure and be highly reliable Leadership, time management, and organisational skills Adaptability and flexibility to change in a fast-moving environment An ability to learn new tools and processes quickly and impart that knowledge The Interview Process Screening video interview with the Senior Talent Partner Interview with the Director of Infrastructure and Head of Development Final interview with the Director of Engineering & CTO Be comfortable. Be you. At Reward Gateway, we want our employees to feel comfortable bringing their passion, creativity, and individuality to work. We value all cultures, backgrounds, and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work. We hire BETTER. From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways' approach to benefits, equality, talent, technology, and empathy, and what you'll get in return for joining our Mission at rg.co/lifeatrg.
Principal Security Engineer Why Join Capco? Capco is a global technology and business consultancy focused on the financial services sector. We are passionate about helping our clients succeed in an ever-changing industry. You will work on engaging projects with some of the largest banks in the world, transforming the financial services industry. We are/have: Experts across Capital Markets, Insurance, Payments, Retail Banking, and Wealth & Asset Management. Deep knowledge in financial services offerings, including Finance, Risk and Compliance, Financial Crime, and Core Banking. Committed to growing our business and hiring the best talent to help us get there. Focused on maintaining our nimble, agile, and entrepreneurial culture. The Role We are looking for engineers who want to play a key part in supporting the evolution of the Financial Services industry one project at a time. You will be expected to be a strong team player who prides themselves on delivering modern, first class cloud based platforms through practicing best in class Agile ways of working at all times. Responsibilities Develop and execute advanced security engineering strategies to fortify infrastructure, networks, and cloud environments. Lead security initiatives across the SDLC, integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Container scanning using tools such as CheckmarxOne, Prisma Cloud, or equivalents. Collaborate with cross-functional teams to embed security-by-design principles in all engineering efforts. Design and implement robust endpoint protection and cloud security solutions to defend against evolving threats. Implement and monitor cloud configurations to align with compliance standards and best practices, focusing on proactive defense mechanisms. Develop a comprehensive strategy for data protection (encryption, tokenization, masking) across the data lifecycle. Oversee security tool integration in CI/CD pipelines to automate vulnerability detection and resolution. Conduct vulnerability assessments, network security audits, and code reviews to ensure application and infrastructure security. Guide engineering teams to adopt secure development practices and ensure continuous improvement in security maturity. Monitor and test new security tools to enhance the organization's defenses against emerging threats. Skills & Expertise Strong knowledge of application security, secure coding practices, and tools like CheckmarxOne, Prisma Cloud, or similar platforms. Proficiency in SAST, DAST, SCA, and Container scanning, with hands-on experience integrating these tools into development pipelines. Extensive experience in endpoint security, cloud security, and network protection. Proficient in cloud platforms such as AWS, Azure, or GCP, with a strong focus on securing cloud architectures. Solid understanding of data security principles and mechanisms, including encryption and masking. Familiarity with major security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Experience with programming languages like Python, Go, or Java. Excellent communication skills to work effectively across technical and business teams. Preferred Qualifications Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CSSLP, or cloud-specific security certifications. Experience mentoring junior engineers and contributing to thought leadership initiatives. We'd Also Like To See Contribution to the wider Capco business through activities such as RFP support, thought leadership, and team mentoring. A passion for staying ahead of security trends and innovating defensive strategies. A Day in the Life of an Engineer at Capco Collaborating with clients to define and implement robust, secure solutions. Designing and developing security frameworks for both on-premise and cloud environments. Supporting engineering teams with the integration of automated security tools and practices. Conducting hands-on assessments of security architectures and offering actionable recommendations. Sharing insights and building Capco's internal security capabilities. We Offer A work culture focused on innovation and building lasting value for our clients and employees Ongoing learning opportunities to help you acquire new skills or deepen existing expertise A flat, non-hierarchical structure that will enable you to work with senior partners and directly with clients A diverse, inclusive, meritocratic culture Enhanced and competitive family friendly benefits, including maternity / adoption / shared parental leave and paid leave for sickness, pregnancy loss, fertility treatment, menopause, and bereavement Joining Capco means joining an organisation that is committed to an inclusive working environment where you're encouraged to . We celebrate individuality and recognize that diversity and inclusion, in all forms, is critical to success. It's important to us that we recruit and develop as diverse a range of talent as we can, and we believe that everyone brings something different to the table - so we'd love to know what makes you different. We understand that you may need us to make changes to our process to allow you the best possible platform to succeed, and we are happy to cater to any reasonable adjustments you may require. You will find the section to let us know of these at the bottom of your application form or you can mention it directly to your recruiter at any stage and they will be happy to help.
Feb 01, 2025
Full time
Principal Security Engineer Why Join Capco? Capco is a global technology and business consultancy focused on the financial services sector. We are passionate about helping our clients succeed in an ever-changing industry. You will work on engaging projects with some of the largest banks in the world, transforming the financial services industry. We are/have: Experts across Capital Markets, Insurance, Payments, Retail Banking, and Wealth & Asset Management. Deep knowledge in financial services offerings, including Finance, Risk and Compliance, Financial Crime, and Core Banking. Committed to growing our business and hiring the best talent to help us get there. Focused on maintaining our nimble, agile, and entrepreneurial culture. The Role We are looking for engineers who want to play a key part in supporting the evolution of the Financial Services industry one project at a time. You will be expected to be a strong team player who prides themselves on delivering modern, first class cloud based platforms through practicing best in class Agile ways of working at all times. Responsibilities Develop and execute advanced security engineering strategies to fortify infrastructure, networks, and cloud environments. Lead security initiatives across the SDLC, integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Container scanning using tools such as CheckmarxOne, Prisma Cloud, or equivalents. Collaborate with cross-functional teams to embed security-by-design principles in all engineering efforts. Design and implement robust endpoint protection and cloud security solutions to defend against evolving threats. Implement and monitor cloud configurations to align with compliance standards and best practices, focusing on proactive defense mechanisms. Develop a comprehensive strategy for data protection (encryption, tokenization, masking) across the data lifecycle. Oversee security tool integration in CI/CD pipelines to automate vulnerability detection and resolution. Conduct vulnerability assessments, network security audits, and code reviews to ensure application and infrastructure security. Guide engineering teams to adopt secure development practices and ensure continuous improvement in security maturity. Monitor and test new security tools to enhance the organization's defenses against emerging threats. Skills & Expertise Strong knowledge of application security, secure coding practices, and tools like CheckmarxOne, Prisma Cloud, or similar platforms. Proficiency in SAST, DAST, SCA, and Container scanning, with hands-on experience integrating these tools into development pipelines. Extensive experience in endpoint security, cloud security, and network protection. Proficient in cloud platforms such as AWS, Azure, or GCP, with a strong focus on securing cloud architectures. Solid understanding of data security principles and mechanisms, including encryption and masking. Familiarity with major security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Experience with programming languages like Python, Go, or Java. Excellent communication skills to work effectively across technical and business teams. Preferred Qualifications Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications such as CISSP, CSSLP, or cloud-specific security certifications. Experience mentoring junior engineers and contributing to thought leadership initiatives. We'd Also Like To See Contribution to the wider Capco business through activities such as RFP support, thought leadership, and team mentoring. A passion for staying ahead of security trends and innovating defensive strategies. A Day in the Life of an Engineer at Capco Collaborating with clients to define and implement robust, secure solutions. Designing and developing security frameworks for both on-premise and cloud environments. Supporting engineering teams with the integration of automated security tools and practices. Conducting hands-on assessments of security architectures and offering actionable recommendations. Sharing insights and building Capco's internal security capabilities. We Offer A work culture focused on innovation and building lasting value for our clients and employees Ongoing learning opportunities to help you acquire new skills or deepen existing expertise A flat, non-hierarchical structure that will enable you to work with senior partners and directly with clients A diverse, inclusive, meritocratic culture Enhanced and competitive family friendly benefits, including maternity / adoption / shared parental leave and paid leave for sickness, pregnancy loss, fertility treatment, menopause, and bereavement Joining Capco means joining an organisation that is committed to an inclusive working environment where you're encouraged to . We celebrate individuality and recognize that diversity and inclusion, in all forms, is critical to success. It's important to us that we recruit and develop as diverse a range of talent as we can, and we believe that everyone brings something different to the table - so we'd love to know what makes you different. We understand that you may need us to make changes to our process to allow you the best possible platform to succeed, and we are happy to cater to any reasonable adjustments you may require. You will find the section to let us know of these at the bottom of your application form or you can mention it directly to your recruiter at any stage and they will be happy to help.
This job posting isn't available in all website languages Senior Physical Security Engineer / Consultant Today the risks to people, assets and organisations are rapidly evolving. We help clients navigate the toughest questions in the spheres of safety risk, security risk and business risk. Whether due to geopolitical risk, climate change, life extension of ageing infrastructure or the increased connectivity of our built environment, we help clients develop appropriate and proportionate solutions to their risks. Our Resilience Security and Risk team includes leading experts in security intelligence, blast and protective design, physical and electronic security design, cyber-security, personnel and operational security. The Opportunity We work closely with other disciplines in Arup to find solutions that meet our client's objectives and are sustainable in their implementation. To enable us to do this we are looking for an enthusiastic and capable Senior Security Consultant/System Engineer to join our world leading security consultancy. Such a specialist should have a strong foundation in security consulting and security system design/implementation. The role of Senior Security Consultant/System Engineer within the Resilience Security and Risk team demands a combination of technical and commercial excellence. As a Senior Security Consultant/System Engineer, the primary focus will be the day-to-day design and management of projects across our portfolio of work, ensuring delivery is to a consistently high standard and is meeting client and stakeholder expectations. At Arup, you belong to an extraordinary collective - in which we encourage individuality to thrive. Our strength comes from how we respect, share and connect our diverse experiences, perspectives and ideas. You will have the opportunity do socially useful work that has meaning - to Arup, to your career, to our members and to the clients and communities we serve. Is this role right for you? The suitable candidate will have proven skills in delivering security projects within the built environment, a significant part of which must include demonstrable experience of working in a multi-disciplinary engineering consultancy environment. You will possess a relevant qualification in security or built environment discipline. Alternatively, we will also consider significant industry experience within security or risk management. Ideally you will hold or be working towards professional membership of an established UK security related institutions such as Security Institute; Register of Security Engineers and Specialists (RSES); ASIS. We are looking for the following skills and knowledge: Design and delivery of integrated solutions using the latest technology applicable to security design (e.g Video surveillance, access control and intruder detection systems). Integration to other third-party site-based systems (i.e. Fire, BMS, etc.) Knowledge and the implementation of physical barrier systems including; Pedestrian turnstiles/electronical operated gate systems; Perimeter fences, vehicle gates and barriers; Hostile vehicle mitigation systems (active and static). Appreciation of current initiatives within the industry such as SABRE, Secured by Design, etc. Physical design of facilities and controlled areas to mitigate against forced entry using manual/powered tools. Contribute, develop and/or interpret threat, vulnerability and risk assessments. Conversant in designing in the BIM and Revit environments and be able to provide guidance to the junior consultants/engineers on delivery and the security considerations. Capable of undertake technical security reviews, audits, design surveys, installation inspections and approvals, and other similar tasks of our clients If this role is not quite what you are looking for but you are interested in other opportunities for a future with purpose, please sign up to our Talent Community : where you will be kept up to date with roles suitable for you to shape a better world. What we offer you At Arup, we care about each member's success, so we can grow together. Guided by our values, we provide an attractive total reward package that recognises the contribution of each of our members to our shared success. As well as competitive, fair and equitable pay, we offer a career in which all of our members can belong, grow and thrive - through benefits that support health and wellbeing, a wide range of learning opportunities and many possibilities to have an impact through the work they do. We are owned in trust on behalf of our members, giving us the freedom, with personal responsibility, to set our own direction and choose work that aligns with our purpose and adds to Arup's legacy. Our members collaborate on ambitious projects to deliver remarkable outcomes for our clients and communities. Profit Share is a key part of our reward, enabling members to share in the results of our collective efforts. We also provide Private medical insurance, Life assurance, Accident insurance and Income protection cover. In addition, you'll have access to flexible benefits to help you look after all aspects of your wellbeing and give you the freedom and flexibility to find the best solutions for you, your family, and your individual needs. Different people, shared values Arup is an equal opportunity employer that actively promotes and nurtures a diverse and inclusive workforce. We welcome applications from individuals of all backgrounds, regardless of age (within legal limits), gender identity or expression, marital status, disability, neurotype or mental health, race or ethnicity, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. We are an open environment that embraces diverse experiences, perspectives, and ideas - this drives our excellence. Guided by our values and alignment with the UN Sustainable Development Goals, we create and contribute to equitable spaces and systems, while cultivating a sense of belonging for all. Our internal employee networks support our inclusive culture: from race, ethnicity and cross-cultural working to gender equity and LGBTQ+ and disability inclusion - we aim to create a space for you to express yourself and make a positive difference. Discover more about life at Arup at . We are committed to making our recruitment process and workplaces accessible to all candidates. Please contact Kylie O'Hanlon at to let us know if you need any assistance or reasonable adjustments throughout your application or interview process, and/or to perform the essential functions of the role. We will do everything we can to support you. Stay safe online - Arup will never ask for your bank details as part of our recruitment process. Closing Date: 24-02-25
Jan 26, 2025
Full time
This job posting isn't available in all website languages Senior Physical Security Engineer / Consultant Today the risks to people, assets and organisations are rapidly evolving. We help clients navigate the toughest questions in the spheres of safety risk, security risk and business risk. Whether due to geopolitical risk, climate change, life extension of ageing infrastructure or the increased connectivity of our built environment, we help clients develop appropriate and proportionate solutions to their risks. Our Resilience Security and Risk team includes leading experts in security intelligence, blast and protective design, physical and electronic security design, cyber-security, personnel and operational security. The Opportunity We work closely with other disciplines in Arup to find solutions that meet our client's objectives and are sustainable in their implementation. To enable us to do this we are looking for an enthusiastic and capable Senior Security Consultant/System Engineer to join our world leading security consultancy. Such a specialist should have a strong foundation in security consulting and security system design/implementation. The role of Senior Security Consultant/System Engineer within the Resilience Security and Risk team demands a combination of technical and commercial excellence. As a Senior Security Consultant/System Engineer, the primary focus will be the day-to-day design and management of projects across our portfolio of work, ensuring delivery is to a consistently high standard and is meeting client and stakeholder expectations. At Arup, you belong to an extraordinary collective - in which we encourage individuality to thrive. Our strength comes from how we respect, share and connect our diverse experiences, perspectives and ideas. You will have the opportunity do socially useful work that has meaning - to Arup, to your career, to our members and to the clients and communities we serve. Is this role right for you? The suitable candidate will have proven skills in delivering security projects within the built environment, a significant part of which must include demonstrable experience of working in a multi-disciplinary engineering consultancy environment. You will possess a relevant qualification in security or built environment discipline. Alternatively, we will also consider significant industry experience within security or risk management. Ideally you will hold or be working towards professional membership of an established UK security related institutions such as Security Institute; Register of Security Engineers and Specialists (RSES); ASIS. We are looking for the following skills and knowledge: Design and delivery of integrated solutions using the latest technology applicable to security design (e.g Video surveillance, access control and intruder detection systems). Integration to other third-party site-based systems (i.e. Fire, BMS, etc.) Knowledge and the implementation of physical barrier systems including; Pedestrian turnstiles/electronical operated gate systems; Perimeter fences, vehicle gates and barriers; Hostile vehicle mitigation systems (active and static). Appreciation of current initiatives within the industry such as SABRE, Secured by Design, etc. Physical design of facilities and controlled areas to mitigate against forced entry using manual/powered tools. Contribute, develop and/or interpret threat, vulnerability and risk assessments. Conversant in designing in the BIM and Revit environments and be able to provide guidance to the junior consultants/engineers on delivery and the security considerations. Capable of undertake technical security reviews, audits, design surveys, installation inspections and approvals, and other similar tasks of our clients If this role is not quite what you are looking for but you are interested in other opportunities for a future with purpose, please sign up to our Talent Community : where you will be kept up to date with roles suitable for you to shape a better world. What we offer you At Arup, we care about each member's success, so we can grow together. Guided by our values, we provide an attractive total reward package that recognises the contribution of each of our members to our shared success. As well as competitive, fair and equitable pay, we offer a career in which all of our members can belong, grow and thrive - through benefits that support health and wellbeing, a wide range of learning opportunities and many possibilities to have an impact through the work they do. We are owned in trust on behalf of our members, giving us the freedom, with personal responsibility, to set our own direction and choose work that aligns with our purpose and adds to Arup's legacy. Our members collaborate on ambitious projects to deliver remarkable outcomes for our clients and communities. Profit Share is a key part of our reward, enabling members to share in the results of our collective efforts. We also provide Private medical insurance, Life assurance, Accident insurance and Income protection cover. In addition, you'll have access to flexible benefits to help you look after all aspects of your wellbeing and give you the freedom and flexibility to find the best solutions for you, your family, and your individual needs. Different people, shared values Arup is an equal opportunity employer that actively promotes and nurtures a diverse and inclusive workforce. We welcome applications from individuals of all backgrounds, regardless of age (within legal limits), gender identity or expression, marital status, disability, neurotype or mental health, race or ethnicity, faith or belief, sexual orientation, socioeconomic background, and whether you're pregnant or on family leave. We are an open environment that embraces diverse experiences, perspectives, and ideas - this drives our excellence. Guided by our values and alignment with the UN Sustainable Development Goals, we create and contribute to equitable spaces and systems, while cultivating a sense of belonging for all. Our internal employee networks support our inclusive culture: from race, ethnicity and cross-cultural working to gender equity and LGBTQ+ and disability inclusion - we aim to create a space for you to express yourself and make a positive difference. Discover more about life at Arup at . We are committed to making our recruitment process and workplaces accessible to all candidates. Please contact Kylie O'Hanlon at to let us know if you need any assistance or reasonable adjustments throughout your application or interview process, and/or to perform the essential functions of the role. We will do everything we can to support you. Stay safe online - Arup will never ask for your bank details as part of our recruitment process. Closing Date: 24-02-25
Senior Cloud Security Engineer 90,000 per annum + benefits Hybrid working The Role You will be responsible for designing and delivering security solutions in various environments based on security standards, governance, and control practices. You will conduct technical research when necessary to contribute to setting security direction and strategy. You will assist others on your own team, or other teams where applicable, on security projects or security-relevant tasks on technical projects. We're building a world class security function in a cloud native environment and are looking for ambitious security engineers to come on the journey with us. WHO WE ARE LOOKING FOR You are a cybersecurity and technical expert in cloud technology. You enjoy identifying possible security weaknesses and working to research, develop, and implement technical solutions to address those weaknesses. In your role as Senior Cloud Security Engineer, you will design and deliver cybersecurity solutions in Cloud infrastructure based including security standards, governance and control practices. You conduct technical research when necessary and contribute to setting cloud security direction and strategy. You will assist others on cloud security projects or security-relevant tasks on technical projects. Key responsibilities will include: Design, develop, and implement new cloud security technologies to support business and technology solutions Act as a subject matter expert (SME) for security tools, applications, and processes Manage and maintain the cybersecurity posture of company system Advise organization leaders on cybersecurity-related topics Provide guidance to other teams for cybersecurity-related efforts Mentor other members of the team Act as an escalation point for security incidents WHAT YOU BRING Expert understanding of security concepts and how to implement those concepts with tangible solutions. Strong verbal and written communications skills. Risk-based approach to prioritizing and implementing solutions. Knowledge of compliance policies relating to cybersecurity and the financial sector. Broad knowledge of various cybersecurity tools such as SIEM solutions, alerting systems, vulnerability scanning solutions, and patch management solutions. Experience with cloud platforms such as AWS and Azure. Experience with Scripting languages (eg Unix Shell, Python), build deployment tools (eg Jenkins, Terraform) and solving problems with code rather than clicks. A strong fit to our values
Feb 01, 2024
Full time
Senior Cloud Security Engineer 90,000 per annum + benefits Hybrid working The Role You will be responsible for designing and delivering security solutions in various environments based on security standards, governance, and control practices. You will conduct technical research when necessary to contribute to setting security direction and strategy. You will assist others on your own team, or other teams where applicable, on security projects or security-relevant tasks on technical projects. We're building a world class security function in a cloud native environment and are looking for ambitious security engineers to come on the journey with us. WHO WE ARE LOOKING FOR You are a cybersecurity and technical expert in cloud technology. You enjoy identifying possible security weaknesses and working to research, develop, and implement technical solutions to address those weaknesses. In your role as Senior Cloud Security Engineer, you will design and deliver cybersecurity solutions in Cloud infrastructure based including security standards, governance and control practices. You conduct technical research when necessary and contribute to setting cloud security direction and strategy. You will assist others on cloud security projects or security-relevant tasks on technical projects. Key responsibilities will include: Design, develop, and implement new cloud security technologies to support business and technology solutions Act as a subject matter expert (SME) for security tools, applications, and processes Manage and maintain the cybersecurity posture of company system Advise organization leaders on cybersecurity-related topics Provide guidance to other teams for cybersecurity-related efforts Mentor other members of the team Act as an escalation point for security incidents WHAT YOU BRING Expert understanding of security concepts and how to implement those concepts with tangible solutions. Strong verbal and written communications skills. Risk-based approach to prioritizing and implementing solutions. Knowledge of compliance policies relating to cybersecurity and the financial sector. Broad knowledge of various cybersecurity tools such as SIEM solutions, alerting systems, vulnerability scanning solutions, and patch management solutions. Experience with cloud platforms such as AWS and Azure. Experience with Scripting languages (eg Unix Shell, Python), build deployment tools (eg Jenkins, Terraform) and solving problems with code rather than clicks. A strong fit to our values
The worldwide data management software market is massive (According to IDC, the data management software market is forecast to be $94 billion in 2023 growing to approximately $153 billion in 2027, representing a 13% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team:MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB's Information Security Program, specifically focusing on the development of Application Security systems.The MongoDB Security Team is responsible for the Information Security Program for MongoDB Incl. helping to reduce risk in our systems, and company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.Role Description:MongoDB is looking for an experienced professional to join our security team. The ideal candidate will have at least 2 years+ of experience in Information/Cyber Security AND ability to develop software in order to create innovative applications to address security gaps.The primary focus of this role centers on internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.The secondary focus will be helping our applications to be more secure - e.g. by helping application owners to understand full application release lifecycles, penetration testing, assistance with code reviews and more.This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.Candidate Profile:Candidates for this role should have experience in software development and possess a deep understanding of programming languages and software development best practices. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.The ideal candidate for this role will have:2+ years of software development experience with at least one programming language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++Minimum 2 years of hands-on experience in cyber securityDemonstrated success in completing development projects in previous rolesAbility to develop applications from scratch using ReactJS/JS/Python.Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptographyCertifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS coursesDemonstrated success completing complex projects in previous rolesBe familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)Strong experience with application architecture reviewsExperience with vulnerability management tools and processesDemonstrated ability to create scripts and automated processesHave a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper managementExcellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadershipHave at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and releaseUnderstanding of networking protocolsPosition Expectations:Develop and maintain custom InfoSec tools and systems, including but not limited to tools focused on automation and automation of asset inventory.Continuously assess and improve existing internal tools for performance, scalability, and security, with a special emphasis on enhancing automation capabilities and maintaining an accurate asset inventory.Cross-collaborate with other team members to understand security needs and translate them into functional software solutions.Rapidly understand and assess new technologiesParticipate in code reviews, contribute to best practices, and maintain documentation related to the development and deployment of InfoSec tools.Ability to work with geographically distributed teams and multitasking are essentialCommunicate security threats, assessments and risks as well as make recommendationsEducate Engineers and Product teams on the important of Application Security and Vulnerability ManagementAbility to quickly learn new systems and architecturesWillingness to learn new technologies and adapt to a modern, fast-paced organisationWork Cross functionally with multiple teams on establishing new processes and improving existingAbility to create documentation when needed as well as defend and execute on findingsSuccess Measures:The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:People: Collaborate to secure our products with fellow engineers in various departmentsOrganization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritizationCommunication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.Creative: Find creative yet simple solutions to complex problems with technical requirements.This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we're looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office or remote.This position will report directly to the Manager of Application Security (EMEA based).MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.
Feb 01, 2024
Full time
The worldwide data management software market is massive (According to IDC, the data management software market is forecast to be $94 billion in 2023 growing to approximately $153 billion in 2027, representing a 13% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team:MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB's Information Security Program, specifically focusing on the development of Application Security systems.The MongoDB Security Team is responsible for the Information Security Program for MongoDB Incl. helping to reduce risk in our systems, and company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.Role Description:MongoDB is looking for an experienced professional to join our security team. The ideal candidate will have at least 2 years+ of experience in Information/Cyber Security AND ability to develop software in order to create innovative applications to address security gaps.The primary focus of this role centers on internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.The secondary focus will be helping our applications to be more secure - e.g. by helping application owners to understand full application release lifecycles, penetration testing, assistance with code reviews and more.This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.Candidate Profile:Candidates for this role should have experience in software development and possess a deep understanding of programming languages and software development best practices. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.The ideal candidate for this role will have:2+ years of software development experience with at least one programming language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++Minimum 2 years of hands-on experience in cyber securityDemonstrated success in completing development projects in previous rolesAbility to develop applications from scratch using ReactJS/JS/Python.Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptographyCertifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS coursesDemonstrated success completing complex projects in previous rolesBe familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)Strong experience with application architecture reviewsExperience with vulnerability management tools and processesDemonstrated ability to create scripts and automated processesHave a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper managementExcellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadershipHave at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and releaseUnderstanding of networking protocolsPosition Expectations:Develop and maintain custom InfoSec tools and systems, including but not limited to tools focused on automation and automation of asset inventory.Continuously assess and improve existing internal tools for performance, scalability, and security, with a special emphasis on enhancing automation capabilities and maintaining an accurate asset inventory.Cross-collaborate with other team members to understand security needs and translate them into functional software solutions.Rapidly understand and assess new technologiesParticipate in code reviews, contribute to best practices, and maintain documentation related to the development and deployment of InfoSec tools.Ability to work with geographically distributed teams and multitasking are essentialCommunicate security threats, assessments and risks as well as make recommendationsEducate Engineers and Product teams on the important of Application Security and Vulnerability ManagementAbility to quickly learn new systems and architecturesWillingness to learn new technologies and adapt to a modern, fast-paced organisationWork Cross functionally with multiple teams on establishing new processes and improving existingAbility to create documentation when needed as well as defend and execute on findingsSuccess Measures:The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:People: Collaborate to secure our products with fellow engineers in various departmentsOrganization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritizationCommunication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.Creative: Find creative yet simple solutions to complex problems with technical requirements.This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we're looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office or remote.This position will report directly to the Manager of Application Security (EMEA based).MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
Feb 01, 2024
Full time
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
Overview: The Senior Infrastructure Analyst will manage and participate in the delivery and support of IT infrastructure and IT infrastructure security for new and existing systems and solutions. You will support team members in the provision of 2nd and 3rd line technical IM&T support (Desktop, Software, Infrastructure and Telephony maintaining and delivering a high degree of customer service for all RSSB IM&T support queries. Responsibilities: Proactively respond to security vulnerabilities identified by monitoring tools, performing remediation tasks Responsible for monitoring and reporting for on-premise and cloud infrastructure systems, for the early identification of issues Ensure RSSB infrastructure is secure and adheres to Cyber Security standards Act as escalation point for technical issues Responsible for the administration and operation of the RSSB cloud and onsite physical infrastructure environments Management and oversight of the network infrastructure, including network switches, routers, firewalls and virtualised environment. Manage internal and external stakeholders and supplier relationships Analyse and make recommendations to improve infrastructure, network, and reliability of systems, threats and vulnerabilities to improve security posture of IT systems Apply IT best practice to achieve effective management of change (Requests for Change) whilst mitigating risk of system failures / outages Responsible for system and data backups, restores and DR tests, taking ownership of data integrity enabling DR processes and business continuity Maintain governance over endpoint device management solutions (e.g. Intune) where they have an impact on security of the IT environment Work with the wider IM&T Team, business, internal and external business partners to ensure that security is factored into the evaluation, selection, installation, delivery and configuration process of solutions and systems Plan, manage and communicate infrastructure change with IT Operation Team Leads, Information Security manager and wider IM&T / business departments Mentor and coach colleagues and provide peer to peer advice, as required Qualifications: Computer science, Microsoft, CompTIA or related field qualifications / certifications or relevant demonstrable experience Proactive with a willingness to take ownership and responsibility for work tasks and issues, delivering a high standard of work Proficient in Windows Server v2008/2012/2019+ management to include Active Directory (AD) and Group Policy (GPO) and SQL Server Deploy patches and software applications using InTune / WSUS Knowledge of administering and supporting Azure AD, Azure IaaS/PaaS Management of backup/recovery solutions (g. Veeam, Arcserve) Experience with operating system hardening, vulnerability assessments, security audits, penetration testing, intrusion prevention systems and other security control systems for example PAM, SIEM, IDR etc. Practical experience with endpoint security, content filtering, vulnerability scanning and anti-malware Knowledge of at least one scripting language (e.g., PowerShell) MS InTune device management (mobile and Windows 10 OS) Effective communication, stakeholder' and supplier management skills Ability to work in Teams and individually using own initiative and capable of self-managing workload. Demonstrable knowledge of common vulnerabilities and exploitation techniques would be beneficial Familiarity with Cyber Essentials/Plus or ISO 27001 and ITIL best practice - Incident, Problem and Change management would be beneficial We value diversity and equal opportunities in employment and are committed to creating a workplace which is inclusive to everyone. As a member of the Disability Confident Scheme, we encourage candidates with disabilities who meet the minimum criteria, to apply for our jobs. If you have applied under the Disability Confident Scheme, please let us know in advance by emailing If you require any reasonable adjustments with respect to our selection process including information in an alternative format, please contact us at We understand the importance of work-life balance and we offer our staff the flexibility to work within our core hours and the option to vary their location between both the office and home. If you are looking for further flexibility, speak to us at interview stage so that we can consider your request. We value our staff and we offer a competitive benefits package to ensure our staff can achieve their best throughout their journey with us. This includes 30 days annual leave (plus bank holidays); a holiday buy and sell scheme; private medical and dental cover; a season ticket loan and travel subsidy; access to a cycle to work scheme; volunteer leave; a performance related bonus and pension.
Dec 18, 2022
Full time
Overview: The Senior Infrastructure Analyst will manage and participate in the delivery and support of IT infrastructure and IT infrastructure security for new and existing systems and solutions. You will support team members in the provision of 2nd and 3rd line technical IM&T support (Desktop, Software, Infrastructure and Telephony maintaining and delivering a high degree of customer service for all RSSB IM&T support queries. Responsibilities: Proactively respond to security vulnerabilities identified by monitoring tools, performing remediation tasks Responsible for monitoring and reporting for on-premise and cloud infrastructure systems, for the early identification of issues Ensure RSSB infrastructure is secure and adheres to Cyber Security standards Act as escalation point for technical issues Responsible for the administration and operation of the RSSB cloud and onsite physical infrastructure environments Management and oversight of the network infrastructure, including network switches, routers, firewalls and virtualised environment. Manage internal and external stakeholders and supplier relationships Analyse and make recommendations to improve infrastructure, network, and reliability of systems, threats and vulnerabilities to improve security posture of IT systems Apply IT best practice to achieve effective management of change (Requests for Change) whilst mitigating risk of system failures / outages Responsible for system and data backups, restores and DR tests, taking ownership of data integrity enabling DR processes and business continuity Maintain governance over endpoint device management solutions (e.g. Intune) where they have an impact on security of the IT environment Work with the wider IM&T Team, business, internal and external business partners to ensure that security is factored into the evaluation, selection, installation, delivery and configuration process of solutions and systems Plan, manage and communicate infrastructure change with IT Operation Team Leads, Information Security manager and wider IM&T / business departments Mentor and coach colleagues and provide peer to peer advice, as required Qualifications: Computer science, Microsoft, CompTIA or related field qualifications / certifications or relevant demonstrable experience Proactive with a willingness to take ownership and responsibility for work tasks and issues, delivering a high standard of work Proficient in Windows Server v2008/2012/2019+ management to include Active Directory (AD) and Group Policy (GPO) and SQL Server Deploy patches and software applications using InTune / WSUS Knowledge of administering and supporting Azure AD, Azure IaaS/PaaS Management of backup/recovery solutions (g. Veeam, Arcserve) Experience with operating system hardening, vulnerability assessments, security audits, penetration testing, intrusion prevention systems and other security control systems for example PAM, SIEM, IDR etc. Practical experience with endpoint security, content filtering, vulnerability scanning and anti-malware Knowledge of at least one scripting language (e.g., PowerShell) MS InTune device management (mobile and Windows 10 OS) Effective communication, stakeholder' and supplier management skills Ability to work in Teams and individually using own initiative and capable of self-managing workload. Demonstrable knowledge of common vulnerabilities and exploitation techniques would be beneficial Familiarity with Cyber Essentials/Plus or ISO 27001 and ITIL best practice - Incident, Problem and Change management would be beneficial We value diversity and equal opportunities in employment and are committed to creating a workplace which is inclusive to everyone. As a member of the Disability Confident Scheme, we encourage candidates with disabilities who meet the minimum criteria, to apply for our jobs. If you have applied under the Disability Confident Scheme, please let us know in advance by emailing If you require any reasonable adjustments with respect to our selection process including information in an alternative format, please contact us at We understand the importance of work-life balance and we offer our staff the flexibility to work within our core hours and the option to vary their location between both the office and home. If you are looking for further flexibility, speak to us at interview stage so that we can consider your request. We value our staff and we offer a competitive benefits package to ensure our staff can achieve their best throughout their journey with us. This includes 30 days annual leave (plus bank holidays); a holiday buy and sell scheme; private medical and dental cover; a season ticket loan and travel subsidy; access to a cycle to work scheme; volunteer leave; a performance related bonus and pension.
Here at SmallWorld Financial Services, we know how important it is to be able to support friends and family from abroad. Put simply, we believe that the more people we can help transfer money to overseas family, friends and businesses, the smaller the world becomes. Our employees are as diverse as our customer base and we value the sharing of skillsets and cultures that come with a truly international company present in several countries. SmallWorld is one of the largest money transfer companies in the world. We have a network of over 253,000 pick-up locations and a global team of over 1000 people who are responsible for over 15 million worldwide transactions each year. Are you passionate about working for a global company that celebrates differences? Do you want to empower people and families to support each other regardless of distance? Then join us! Let's make this big world into SmallWorld. Purpose of role: Reporting to the Chief Internal Auditor (CIA), we are seeking a highly experienced and qualified IT and Change SME Auditor to provide assurance over the Group's IT and Change risks. This will be a new role within our Group Internal Audit team and the successful candidate will have ownership for developing and executing a portfolio of internal audits primarily focused on IT and Change risks. This role provides the opportunity to shape as well as lead audits in accordance with the Group Internal Audit plan and global IA methodology, harnessing a deep understanding of technology risks to provide high quality independent assurance on the effectiveness of controls. The role will focus on major technology transformation programmes as well as on business change andtransformation. Role details: Managing and delivering a portfolio of IT and Change internal audit portfolio. Being agile and working across a range of different subjects and projects. Developing a risk assessment and audit universe and an annual plan of work under area of responsibility. Delivering Internal Audit engagements from planning through to execution and reporting. Communicating risk findings, verbally and written, to key stakeholders in a pragmatic and helpful manner. Engage proactively with Digital, IT and Change C-level and Senior leadership and second line of defence teams to identify critical functions and key controls. Draft, review, finalize and communicate audit deliverables, including audit findings, memos and audit reports to CIA, senior and executive management. This includes follow-up reviews on audits conducted and tracking for all audit issues. Prepare relevant risk and audit reporting to key stakeholders including executive management, CIA and governance committees. Participate as a non-voting member of various IT and Change sub-committees, management working groups, promoting balanced discussions and encouraging challenge and debate. Influence effective and sustainable improvements to processes and controls through insights gained based on risk and control expertise. Provide insight on the evolving industry and best practice environment and interact with local or international regulators as appropriate. Stay abreast of industry matters and efficiently and effectively apply applicable new developments in audit projects. Person specification: ACA / ACCA / CIA / CISA or a Bachelors / Master's Degree with a STEM focus (Science, Technology, Engineering or Math) Strong experience of information technology infrastructure components required to operate and manage enterprise IT environments including, hardware, software, networking components, operating systems, and data storage environments. Experience of activities required for the CIDO / IT function to deliver IT and Information Security services and solutions. Comfortable with cloud-based architectures and services delivered as Infrastructure-as-a-Service (IaaS) and Software- as-a-Service (SaaS). Cyber security experience including application security, PEN testing, IAM, vulnerability management best practices and security strategy required. Demonstrated knowledge of modern software development processes and practices. Experience with modernizing and migrating applications/clients to strategic architectures. Experience of working on large scale technology and cloud transformation programmes, either through programme delivery or auditing. The ability and skills to effectively manage C-level stakeholder relationships and demonstrating strong communication, technology and change auditing skills and business understanding. The ability to work with multi-disciplinary teams - collaboration skills are key to achieving the Group and function's objectives. Experience of data analytics. Knowledge of Change and Programme management methodologies Experience of writing detailed formal internal audit reports suitable for Executive audience. Excellent verbal, written, and presentation skills. Ability to communicate with internal stakeholders, third parties, clients and regulators. Experience of reporting and presenting to Board, Executive Committee or to the Audit Committee. Good understanding of global internal audit standards, practices and methodologies. Desirable Skills CISSP, CISA, CISM, CRISC or CEH Certifications or equivalent. Specialist system experience (i.e. SAP, Oracle, SQL, Python). Broad experience across a variety of applications, technologies, and domains in the payments industry Relevant experience migrating key product flows from heritage platforms onto next gen technology Experience building hybrid cloud architectures leveraging Java, Kafka, Mongo, OSE and AWS. Experience designing and implementing payments processing solutions using GPP-SP and its underlying tech stack (Java, Websphere, MQ, OracleDB)
Dec 15, 2022
Full time
Here at SmallWorld Financial Services, we know how important it is to be able to support friends and family from abroad. Put simply, we believe that the more people we can help transfer money to overseas family, friends and businesses, the smaller the world becomes. Our employees are as diverse as our customer base and we value the sharing of skillsets and cultures that come with a truly international company present in several countries. SmallWorld is one of the largest money transfer companies in the world. We have a network of over 253,000 pick-up locations and a global team of over 1000 people who are responsible for over 15 million worldwide transactions each year. Are you passionate about working for a global company that celebrates differences? Do you want to empower people and families to support each other regardless of distance? Then join us! Let's make this big world into SmallWorld. Purpose of role: Reporting to the Chief Internal Auditor (CIA), we are seeking a highly experienced and qualified IT and Change SME Auditor to provide assurance over the Group's IT and Change risks. This will be a new role within our Group Internal Audit team and the successful candidate will have ownership for developing and executing a portfolio of internal audits primarily focused on IT and Change risks. This role provides the opportunity to shape as well as lead audits in accordance with the Group Internal Audit plan and global IA methodology, harnessing a deep understanding of technology risks to provide high quality independent assurance on the effectiveness of controls. The role will focus on major technology transformation programmes as well as on business change andtransformation. Role details: Managing and delivering a portfolio of IT and Change internal audit portfolio. Being agile and working across a range of different subjects and projects. Developing a risk assessment and audit universe and an annual plan of work under area of responsibility. Delivering Internal Audit engagements from planning through to execution and reporting. Communicating risk findings, verbally and written, to key stakeholders in a pragmatic and helpful manner. Engage proactively with Digital, IT and Change C-level and Senior leadership and second line of defence teams to identify critical functions and key controls. Draft, review, finalize and communicate audit deliverables, including audit findings, memos and audit reports to CIA, senior and executive management. This includes follow-up reviews on audits conducted and tracking for all audit issues. Prepare relevant risk and audit reporting to key stakeholders including executive management, CIA and governance committees. Participate as a non-voting member of various IT and Change sub-committees, management working groups, promoting balanced discussions and encouraging challenge and debate. Influence effective and sustainable improvements to processes and controls through insights gained based on risk and control expertise. Provide insight on the evolving industry and best practice environment and interact with local or international regulators as appropriate. Stay abreast of industry matters and efficiently and effectively apply applicable new developments in audit projects. Person specification: ACA / ACCA / CIA / CISA or a Bachelors / Master's Degree with a STEM focus (Science, Technology, Engineering or Math) Strong experience of information technology infrastructure components required to operate and manage enterprise IT environments including, hardware, software, networking components, operating systems, and data storage environments. Experience of activities required for the CIDO / IT function to deliver IT and Information Security services and solutions. Comfortable with cloud-based architectures and services delivered as Infrastructure-as-a-Service (IaaS) and Software- as-a-Service (SaaS). Cyber security experience including application security, PEN testing, IAM, vulnerability management best practices and security strategy required. Demonstrated knowledge of modern software development processes and practices. Experience with modernizing and migrating applications/clients to strategic architectures. Experience of working on large scale technology and cloud transformation programmes, either through programme delivery or auditing. The ability and skills to effectively manage C-level stakeholder relationships and demonstrating strong communication, technology and change auditing skills and business understanding. The ability to work with multi-disciplinary teams - collaboration skills are key to achieving the Group and function's objectives. Experience of data analytics. Knowledge of Change and Programme management methodologies Experience of writing detailed formal internal audit reports suitable for Executive audience. Excellent verbal, written, and presentation skills. Ability to communicate with internal stakeholders, third parties, clients and regulators. Experience of reporting and presenting to Board, Executive Committee or to the Audit Committee. Good understanding of global internal audit standards, practices and methodologies. Desirable Skills CISSP, CISA, CISM, CRISC or CEH Certifications or equivalent. Specialist system experience (i.e. SAP, Oracle, SQL, Python). Broad experience across a variety of applications, technologies, and domains in the payments industry Relevant experience migrating key product flows from heritage platforms onto next gen technology Experience building hybrid cloud architectures leveraging Java, Kafka, Mongo, OSE and AWS. Experience designing and implementing payments processing solutions using GPP-SP and its underlying tech stack (Java, Websphere, MQ, OracleDB)
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Sep 21, 2022
Full time
Senior Consultant, Security Testing (United Kingdom) We're hiring! This is an exciting opportunity for candidates with substantial experience in Penetration Testing, looking to take the next step up to further develop their skills an become a subject matter expert in the field. You will be part of a team that provides a challenging and exciting work environment that pairs a healthy combination of autonomy and senior level support, together with a significant investment in your learning and professional development. Our international Security Testing team specializes in application and network infrastructure security, read teaming and source code review, publishes books and security blogs, contributes to open-source software projects, and are engaged in a variety of continuous security research projects. This is an exciting opportunity for someone who enjoys performing deep technical work in a fun and casual atmosphere. In the United Kingdom, our Security Testing services are delivered through our subsidiary Gotham Digital Science Limited which is member of the UK industry body CREST (the Council of Registered Ethical Security Testers) as well as a member of the UK Government CHECK scheme, allowing us to provide security assurance services to Her Majesty's Government and UK Critical National Infrastructure on systems processing protectively marked information. We are also an accredited CBEST penetration testing provider, allowing us to provide intelligence-led penetration testing as part of the Bank of England CBEST scheme. About the role As a Senior Consultant, you can expect to get involved in: Application penetration testing and application source code review. Secure Development Lifecycle consultancy and advisory. Vulnerability and penetration assessments on Internet exposed and internal systems. Applying and developing appropriate exploits to gain access and expand access to remote systems. Documenting technical issues identified during security assessments. Interface with clients when working on engagements on-site. Mentoring more junior colleagues and supporting managers whenever necessary. Perform peer review and quality checks on work product from other colleagues. Instructor-led and self-guided training activities, including you working towards attaining company funded security certifications. About you The following qualifications are expected from potential applicants: At least 3 years of experience in performing application and/or infrastructure penetration testing independently. Development and/or source code review experience in one or more of these languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java. Familiarity with threat modelling and security design review methodologies. A good understanding of Unix, Windows and network security. Degree from an accredited University or equivalent. CREST Certified Tester (CCT) or equivalent. Excellent written and communication skills in English. Ability to work both independently and in a team environment. Passion for technology and a drive for self-learning, paired with good customer facing skills. Currently resident within the European Union, or not requiring work permit sponsorship. The following items are not required but would be considered a differentiator: Additional security and penetration testing certifications. Degree in Computer Science, Information Systems, Engineering or related major. Experience working as part of an enterprise development team. Experience developing custom scripts or tools used for vulnerability scanning and identification. Fluency in an additional Western European language, other than English. Salary and Benefits This role offers a competitive salary and bonus, plus a comprehensive benefits package and 25 days holiday. Through our flexible benefits, you can choose additional benefits, including healthcare, childcare vouchers, and additional holiday. About Cyber Solutions Aon's Cyber Solutions offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents. About Aon Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement, and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Dec 06, 2021
Full time
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
Dec 06, 2021
Full time
Want to do the best work of your life? With 24 million customers in 6 countries, make your mark at Europe's leading media and entertainment brand. A workplace where you can proudly be yourself; our people make Sky a truly exciting and inclusive place to work. Main purpose of the role would be owning network design solutions across wide horizon on technology stacks for telecom services like Broadband, Voice, CDN, Mobile services across the Sky Group and be design authority for security designs. What you'll do: * Elicit business and technical requirements working with the various stakeholders during requirements gathering phase. * Author both high level and low-level design documents to support Telco services and be responsible for software/hardware selection, perform bug scrubs and security vulnerability assessments and work with test and delivery engineers to review test plans, defects, test reports, MOP and change tickets. * Participate in vendor selection by providing technical requirements into RFP document and by doing technical evaluation including Technical Proof of Concept testing. * Act as a design authority, review strawman proposals and designs produced by other engineers in the team and provide technical leadership to them. * Steer network elements' feature roadmap by working closely with our strategic technology partners for software release planning, budget submissions and provide inputs for business case preparation. * Drive platform improvements enable automation and implement new solutions that enable DevOps capabilities and support business strategy of building once and deploy multiple time. What you'll bring: * Strong hands-on experience of Palo Alto Firewalls (Both CLI and GUI), Fortinet firewalls along with Cisco IOS-XR platforms. * Proven experience of DDoS, AAA solutions (preferably Cisco ISE) * Solid understanding of hardware and software vulnerability on Network devices * IP networking and service provider Routing/Switching such as MPLS, LDP, ISIS, BGP, ACL's and QoS * Ability to apply Open-config and Vendor specific NETCONF-YANG models, JSON and XML payload for network automation to configure and manage routers would be advantageous * Solid understanding of Python and config management via GIT Team Overview Comms Group: We are responsible for the Strategy, Architecture, Design, and Operations of all Telecom services provided by Sky across the Group (UK&I, Germany and Italy). We deliver 4G/5GMobile, Broadband and Fixed Line services using cutting edge technologies and modern operational paradigms such as SRE and Agile. From High scale routing, Network Automation, Telco Cloud, SDN/NFV to Software Development and Data science for predictive operations, we embrace modern technologies, practices, tools with strong focus on people development to provide the stability and performance that our customers depend on. The Rewards: There's a reason people can't stop talking about #LifeAtSky. Our great range of rewards really are something special, here are just a few: * Sky Q, for the TV you love all in one place * A generous pension package * Private healthcare * Discounted mobile and broadband * Access a wide range of exclusive Sky VIP rewards and experiences Where will you work: Brick Lane: Our Brick Lane office is in the heart of the East End of London. It's part of a vibrant and diverse community; close to street food, cafes and shops. The closest tube station is Aldgate East and Liverpool Street is about a 10-minute walk. Inclusion: We take pride in our approach to diversity and inclusion: we've been recognised by The Times and Stonewall for this, and we've committed £30million to support the fight against racial injustice. We've also set ambitious targets for increasing ethnic diversity and representation throughout our organisation. At Sky we don't just look at your CV. We're more focused on who you are and your potential. We also know that everyone has a life outside work, so we're happy to discuss flexible working. And we'll do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you. Why wait? Apply now to build an amazing career and be part of a brilliant team. We can't wait to hear from you. To find out more about working with us, search #LifeAtSky on social media. A job you love to talk about. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer.
