Starling Bank
Description About Engineering at Engine by Starling At Engine by Starling, we don't do "checkbox security". We treat security as a first-class engineering discipline. As a Cloud Security Engineer, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You'll spend your days writing code, automating defenses, and ensuring our infrastructure that spans across AWS and GCP is secure by design and compliant by default. The Mission This is a highly varied position where you will spearhead efforts to fortify both our infrastructure and application platforms. Your mission is to solve complex security problems through code, focusing on three core pillars: Identity & Network Security: Engineering robust IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection to ensure every request is verified and encrypted. Unified Vulnerability Orchestration: Building a custom "single pane of glass" for security data. You will engineer API integrations between scanning engines, dependency trackers, and internal portals to create a seamless, automated vulnerability ecosystem. Compliance as Code: Bridging the gap between technical execution and regulatory requirements. You will build the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI ensuring we stay compliant without manual overhead. The Team You will be a key member of our growing Security Engineering team, working at the intersection of our Infrastructure, Cross-Cutting, Information Security, and GRC teams. At Engine, we believe security should be at the heart of every technical process, not an afterthought. You won't work in a silo; you'll have close interaction with engineers across the business to deliver a platform that is resilient against evolving threats. About You We are primarily looking for experienced Cloud Security Engineers, but we are equally keen to talk to talented Software Engineers who possess strong programming skills and a genuine desire to apply their knowledge to security challenges. Engine engineers are motivated by impact and high-quality delivery, regardless of their original tech stack. Whether you are a security specialist or a developer with a "security-first" mindset, your place within the team will be shaped by your individual strengths and interests. What you'll get to do? You won't be manually checking boxes. You will be building the systems that check them for you. Security as Code: Design and maintain custom security tooling in Go to automate evidence collection for SOC2/ISO 27001 and remediation of security alerts. Infrastructure & IAM: Write and peer-review Terraform to manage identity and core infrastructure across AWS and GCP, ensuring the principle of least privilege is baked into the foundation and adhering to cloud security standards. Pipeline & Supply Chain: Contribute to maintaining the integrity of our software supply chain. You'll integrate SAST/DAST/SCA tools into our CI/CD pipelines (GitHub Actions/TeamCity) and manage container provenance. Cloud Native Defense: Engineer Kubernetes security solutions focusing on Cilium, RBAC, and network policies to protect our microservices. Identity & Trust (PKI): Build and maintain our Certificate Authority (CA) tooling and internal PKI infrastructure. You will be a trusted guardian of our cryptographic foundations, participating in Key Ceremonies to ensure the highest level of root-level security. Incident Response & Research: Support the Information Security team and participate in incident response and post-mortem activities. Requirements What skills are essential: The Builder Mindset: You have a background in software or infrastructure engineering. You find manual work a personal affront and prefer to solve problems through code. Polyglot-ish: You are proficient in Go (our preference) or Python. Cloud Native: You have deep, practical experience securing AWS or GCP and have managed them at scale using Terraform. Container Expert: You understand the nuances of Kubernetes security - from the runtime to the service mesh. Identity Mastery: Expert knowledge of cloud identity models. Networking: Strong understanding of network protocols. What skills are desirable: Experience with Cilium networking or advanced K8s hardening (CKS/CKA). Deep knowledge of cryptography management and hardware security modules. Familiarity with container signing (Sigstore/Cosign) and image provenance. Cloud-native security certifications (AWS Security Specialist / GCP Professional). Experience working with CSA CCM Our Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: Initial interview with an Engineer - 45 minutes Take home technical test to be discussed in the next interview Technical interview with some Engineers - 1.5 hours Final interview with our CTO / deputy CTO 45 minutes Benefits 33 days holiday (including public holidays, which you can take when it works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Incentives refer a friend scheme Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing
Description About Engineering at Engine by Starling At Engine by Starling, we don't do "checkbox security". We treat security as a first-class engineering discipline. As a Cloud Security Engineer, you will be a hands-on builder responsible for the security architecture of our multi-tenant core banking platform. You'll spend your days writing code, automating defenses, and ensuring our infrastructure that spans across AWS and GCP is secure by design and compliant by default. The Mission This is a highly varied position where you will spearhead efforts to fortify both our infrastructure and application platforms. Your mission is to solve complex security problems through code, focusing on three core pillars: Identity & Network Security: Engineering robust IAM controls and zero-trust network architectures. You will lead the way in refining edge-defense strategies and trust redirection to ensure every request is verified and encrypted. Unified Vulnerability Orchestration: Building a custom "single pane of glass" for security data. You will engineer API integrations between scanning engines, dependency trackers, and internal portals to create a seamless, automated vulnerability ecosystem. Compliance as Code: Bridging the gap between technical execution and regulatory requirements. You will build the automated systems that provide real-time evidence for frameworks like SOC 2, ISO 27001 & PCI ensuring we stay compliant without manual overhead. The Team You will be a key member of our growing Security Engineering team, working at the intersection of our Infrastructure, Cross-Cutting, Information Security, and GRC teams. At Engine, we believe security should be at the heart of every technical process, not an afterthought. You won't work in a silo; you'll have close interaction with engineers across the business to deliver a platform that is resilient against evolving threats. About You We are primarily looking for experienced Cloud Security Engineers, but we are equally keen to talk to talented Software Engineers who possess strong programming skills and a genuine desire to apply their knowledge to security challenges. Engine engineers are motivated by impact and high-quality delivery, regardless of their original tech stack. Whether you are a security specialist or a developer with a "security-first" mindset, your place within the team will be shaped by your individual strengths and interests. What you'll get to do? You won't be manually checking boxes. You will be building the systems that check them for you. Security as Code: Design and maintain custom security tooling in Go to automate evidence collection for SOC2/ISO 27001 and remediation of security alerts. Infrastructure & IAM: Write and peer-review Terraform to manage identity and core infrastructure across AWS and GCP, ensuring the principle of least privilege is baked into the foundation and adhering to cloud security standards. Pipeline & Supply Chain: Contribute to maintaining the integrity of our software supply chain. You'll integrate SAST/DAST/SCA tools into our CI/CD pipelines (GitHub Actions/TeamCity) and manage container provenance. Cloud Native Defense: Engineer Kubernetes security solutions focusing on Cilium, RBAC, and network policies to protect our microservices. Identity & Trust (PKI): Build and maintain our Certificate Authority (CA) tooling and internal PKI infrastructure. You will be a trusted guardian of our cryptographic foundations, participating in Key Ceremonies to ensure the highest level of root-level security. Incident Response & Research: Support the Information Security team and participate in incident response and post-mortem activities. Requirements What skills are essential: The Builder Mindset: You have a background in software or infrastructure engineering. You find manual work a personal affront and prefer to solve problems through code. Polyglot-ish: You are proficient in Go (our preference) or Python. Cloud Native: You have deep, practical experience securing AWS or GCP and have managed them at scale using Terraform. Container Expert: You understand the nuances of Kubernetes security - from the runtime to the service mesh. Identity Mastery: Expert knowledge of cloud identity models. Networking: Strong understanding of network protocols. What skills are desirable: Experience with Cilium networking or advanced K8s hardening (CKS/CKA). Deep knowledge of cryptography management and hardware security modules. Familiarity with container signing (Sigstore/Cosign) and image provenance. Cloud-native security certifications (AWS Security Specialist / GCP Professional). Experience working with CSA CCM Our Interview process Interviewing is a two way process and we want you to have the time and opportunity to get to know us, as much as we are getting to know you! Our interviews are conversational and we want to get the best from you, so come with questions and be curious. In general you can expect the below, following a chat with one of our Talent Team: Initial interview with an Engineer - 45 minutes Take home technical test to be discussed in the next interview Technical interview with some Engineers - 1.5 hours Final interview with our CTO / deputy CTO 45 minutes Benefits 33 days holiday (including public holidays, which you can take when it works best for you) An extra day's holiday for your birthday Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off 16 hours paid volunteering time a year Salary sacrifice, company enhanced pension scheme Life insurance at 4x your salary & group income protection Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton Generous family-friendly policies Incentives refer a friend scheme Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks Access to initiatives like Cycle to Work, Salary Sacrificed Gym partnerships and Electric Vehicle (EV) leasing
Deloitte
Connect to your Industry Do you want to be at the heart of some of the biggest and most ambitious programmes undertaken to keep our country safe? We are proud of the impact we have with our range of Defence and Security clients, from the strength of our relationships to the variety of our skills and expertise that we bring to help these clients deliver on their mission. We're growing our teams across all of Technology and Transformation. If you are cleared to SC or DV level, or willing and eligible to obtain this and want to grow your career in this sector, we would love to hear from you. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity We recognise the importance of bringing together diverse experience and perspectives to innovatively solve some of our clients most complex problems and as a Cyber Security Manager, you will become a trusted advisor to those clients, helping them to navigate the complex world of cyber security, building robust security postures and supporting complex cyber transformations. You will leverage your expertise and that of our technical SMEs to assess their current state, identify vulnerabilities and design and implement tailored solutions that align with their business objectives and risk appetite. As a senior member of the team, you must develop relationships with key stakeholders, understand a client's security policy framework and control sets, and design solutions that will meet our unique requirements. Our projects vary greatly and your responsibility as a cyber security manager will differ based on the focus of the engagement and your skillset, but could include and may require you to: Lead client engagements, building strong relationships and understanding their business objectives, risk tolerance, and security challenges. Conduct effective workshops and presentations, clearly communicating complex security concepts to both technical and non-technical stakeholders. Perform comprehensive cyber security assessments, including: vulnerability assessments; security architecture reviews; and risk analysis to identify potential security threats and vulnerabilities. Utilise industry-standard frameworks and methodologies (e.g., NIST, ISO 27001, CIS, CAF) to evaluate and benchmark client security posture. Develop pragmatic and cost-effective security solutions tailored to client needs, encompassing people, process, and technology aspects. Provide guidance on security technologies, architectures, and best practices for implementing secure solutions. Assist clients in developing and refining their cyber security strategy, aligning it with their business goals and risk appetite. Create actionable roadmaps for implementing security initiatives, prioritising activities based on risk and business impact. Support clients in developing and testing incident response plans and business continuity strategies. Stay abreast of emerging threats, vulnerabilities, security trends and industry best practices. Contribute to thought leadership initiatives, developing white papers, presentations, and blog posts to share expertise. Provide specialist technical advice, recommended approaches, recommended security controls and identify solutions that meet client business objectives. Stay up to date with emerging security threats, technologies, and industry best practices, and provide recommendations for improvement. Connect to your skills and professional experience All applicants must be willing and eligible to apply for and obtain UK security clearance to Security Check (SC) or Developed Vetting (DV) level, if not already holding an existing clearance. Candidates will be able demonstrate relevant knowledge and experience through a combination of qualifications and evidence of work history such as: Information Security qualification (or equivalent) e.g. CISSP, CISM, CRISC, GSEC. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, CAF). Experience of working in Cyber/Information security within the Defence / Security environment with a focus on one of more of the domains (Land, Air, Maritime, Space, Cyberspace). Experience of working within Defensive Cyber Operations with an in-depth knowledge of at least one specialisation (security monitoring, network operations, Incident Response/Management, Threat Intelligence, Vulnerability Management or Cyber Operations). Experience working in or with Government organisations, including the handling of assets subject to the Government Security Classification Policy. Experience of threat and risk modelling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM) systems, and vulnerability assessment tools, and their configuration options. Familiarity with cloud security principles and best practices, including securing cloud-based infrastructure and services (AWS, Azure or Google). Experience of research in technology trends and ways to secure those technologies. A strong working knowledge of Government cyber requirements related to Defence and Security e.g. JSP440, JSP441, JSP453, JSP490, JSP503, JSP628, JSP892, Security Risk Management, Information Security, Secure by Design, Supply Chain Security. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "The opportunities to make a difference here are huge. We're constantly encouraged to come up with ideas, so a lot of what we do to drive change comes from within our own workforce. - Gurpal, T&T "Innovation is at the heart of everything we do, so we're using the latest technologies to constantly improve how we deliver our projects and bring insights to our clients. It means I'm always learning." - Gurpal, T&T Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too . click apply for full job details
Connect to your Industry Do you want to be at the heart of some of the biggest and most ambitious programmes undertaken to keep our country safe? We are proud of the impact we have with our range of Defence and Security clients, from the strength of our relationships to the variety of our skills and expertise that we bring to help these clients deliver on their mission. We're growing our teams across all of Technology and Transformation. If you are cleared to SC or DV level, or willing and eligible to obtain this and want to grow your career in this sector, we would love to hear from you. Connect to your career at Deloitte Deloitte drives progress. Using our vast range of expertise, we help our clients' become leaders wherever they choose to compete. To do this, we invest in outstanding people. We build teams of future thinkers, with diverse talents and backgrounds, and empower them all to reach for and achieve more. What brings us all together at Deloitte? It's how we approach the thousands of decisions we make every day. How we behave, our beliefs and our attitudes. In other words: our values. Whatever we do, wherever we are in the world, we lead the way, serve with integrity, take care of each other, foster inclusion, and collaborate for measurable impact. These five shared values lead every decision we make and action we take, guiding us to deliver impact how and where it matters most. Connect to your opportunity We recognise the importance of bringing together diverse experience and perspectives to innovatively solve some of our clients most complex problems and as a Cyber Security Manager, you will become a trusted advisor to those clients, helping them to navigate the complex world of cyber security, building robust security postures and supporting complex cyber transformations. You will leverage your expertise and that of our technical SMEs to assess their current state, identify vulnerabilities and design and implement tailored solutions that align with their business objectives and risk appetite. As a senior member of the team, you must develop relationships with key stakeholders, understand a client's security policy framework and control sets, and design solutions that will meet our unique requirements. Our projects vary greatly and your responsibility as a cyber security manager will differ based on the focus of the engagement and your skillset, but could include and may require you to: Lead client engagements, building strong relationships and understanding their business objectives, risk tolerance, and security challenges. Conduct effective workshops and presentations, clearly communicating complex security concepts to both technical and non-technical stakeholders. Perform comprehensive cyber security assessments, including: vulnerability assessments; security architecture reviews; and risk analysis to identify potential security threats and vulnerabilities. Utilise industry-standard frameworks and methodologies (e.g., NIST, ISO 27001, CIS, CAF) to evaluate and benchmark client security posture. Develop pragmatic and cost-effective security solutions tailored to client needs, encompassing people, process, and technology aspects. Provide guidance on security technologies, architectures, and best practices for implementing secure solutions. Assist clients in developing and refining their cyber security strategy, aligning it with their business goals and risk appetite. Create actionable roadmaps for implementing security initiatives, prioritising activities based on risk and business impact. Support clients in developing and testing incident response plans and business continuity strategies. Stay abreast of emerging threats, vulnerabilities, security trends and industry best practices. Contribute to thought leadership initiatives, developing white papers, presentations, and blog posts to share expertise. Provide specialist technical advice, recommended approaches, recommended security controls and identify solutions that meet client business objectives. Stay up to date with emerging security threats, technologies, and industry best practices, and provide recommendations for improvement. Connect to your skills and professional experience All applicants must be willing and eligible to apply for and obtain UK security clearance to Security Check (SC) or Developed Vetting (DV) level, if not already holding an existing clearance. Candidates will be able demonstrate relevant knowledge and experience through a combination of qualifications and evidence of work history such as: Information Security qualification (or equivalent) e.g. CISSP, CISM, CRISC, GSEC. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, CIS, CAF). Experience of working in Cyber/Information security within the Defence / Security environment with a focus on one of more of the domains (Land, Air, Maritime, Space, Cyberspace). Experience of working within Defensive Cyber Operations with an in-depth knowledge of at least one specialisation (security monitoring, network operations, Incident Response/Management, Threat Intelligence, Vulnerability Management or Cyber Operations). Experience working in or with Government organisations, including the handling of assets subject to the Government Security Classification Policy. Experience of threat and risk modelling. Strong understanding of network security, encryption, authentication, and access control mechanisms. Experience with security technologies such as firewalls, intrusion detection/prevention systems, security information and event management (SIEM) systems, and vulnerability assessment tools, and their configuration options. Familiarity with cloud security principles and best practices, including securing cloud-based infrastructure and services (AWS, Azure or Google). Experience of research in technology trends and ways to secure those technologies. A strong working knowledge of Government cyber requirements related to Defence and Security e.g. JSP440, JSP441, JSP453, JSP490, JSP503, JSP628, JSP892, Security Risk Management, Information Security, Secure by Design, Supply Chain Security. Connect to your business - Technology and Transformation Distinctive thinking, deep expertise, innovation and collaborative working. That's what connects us. That's what makes us Deloitte. If you want to help solve some of the biggest tech and transformational challenges around, join us. Together, we'll make an impact that matters. Cyber The modern world is more complex than ever before, and we are navigating an ever-changing landscape. We help clients to operate with resilience and grow with confidence to secure success and minimise risk. Personal independence Regulation and controls are standard practice in our industry and Deloitte is no exception. These controls provide important legal protection for both you and the firm. We are subject to a number of audit regulations, one of which requires that certain colleagues abide by specific personal independence constraints (e.g., in relation to any financial interests and employment relationships). This can mean that you and your "Immediate Family Members" are not permitted to hold certain financial interests (shares, funds, bonds etc.) with audit clients of the firm, and also prohibitions on certain employment relationships (e.g., you are not permitted to hold a secondary employment role with SEC audit clients of the firm whilst being employed by the firm). The recruitment team will provide further detail as you progress through the recruitment process or you can contact the Independence team upon request. Connect with your colleagues "The opportunities to make a difference here are huge. We're constantly encouraged to come up with ideas, so a lot of what we do to drive change comes from within our own workforce. - Gurpal, T&T "Innovation is at the heart of everything we do, so we're using the latest technologies to constantly improve how we deliver our projects and bring insights to our clients. It means I'm always learning." - Gurpal, T&T Our hybrid working policy You'll be based in London with hybrid working. At Deloitte we understand the importance of balancing your career alongside your home life. That's why we'll support you to work flexibly through our hybrid working policy. Depending on the requirements of your role, you'll have the opportunity to work in your local office, virtual collaboration spaces, client sites and remotely. You'll get the chance to meet face to face when needed, while you collaborate and learn from colleagues, share your experiences, and build the relationships that will fuel your career and prioritise your wellbeing. Please check with your recruiter for the specific working requirements that may apply for your role. Our commitment to you Making an impact is more than just what we do: it's why we're here. So we work hard to create an environment where you can experience a purpose you believe in, the freedom to be you, and the capacity to go further than ever before. We want you. The true you. Your own strengths, perspective and personality. So we're nurturing a culture where everyone belongs, feels supported and heard, and is empowered to make a valuable, personal contribution. You can be sure we'll take your wellbeing seriously, too . click apply for full job details
Hays Technology
UK ONLY - SPONSORSHIP IS NOT AVAILABLE Job Purpose: This role is responsible for overseeing and enhancing the security of our IT systems, data, and networks. You will conduct regular security audits, assessments, and tests, and identify and resolve any vulnerabilities or breaches.You will also develop and implement security policies, procedures, and standards, and ensure compliance with the relevant laws and regulations, and train and educate employees on the best practices and awareness of IT security. Operating Environment:The role operates within the IT Services Team, The IT Services Team includes specialist staff delivering core outputs that are both external-facing and internal key enablers. Framework & Boundaries: The role is responsible for improving the quality, wellbeing and efficiency of our IT Security. The role has external-facing responsibilities and is required and authorised to act as a representative for the organisation. Key accountabilities:Monitor and Inspect: Regularly monitor the network for security threats or breaches. Policy Development: Develop and implement security policies and procedures to safeguard data and systems. Vulnerability Testing: Perform regular vulnerability testing and risk assessments to identify and mitigate security risks. Incident Response: Investigate security incidents and provide post-event analysis and recommendations. Security Tools Management: Manage and maintain firewalls, intrusion detection and prevention systems, antivirus software, and other security tools. Compliance: Ensure compliance with industry regulations and standards. Training: Train technical and non-technical employees on security protocols, procedures, and best practices. Disaster Recovery: Participate in disaster recovery planning and testing to ensure business continuity in the event of a security incident. Job impact:Risk Mitigation: Implementing robust security measures to significantly reduce the risk of data breaches, cyber-attacks, and other security incidents. Proactive Threat Management: Identifying and addressing vulnerabilities before they can be exploited, thereby enhancing the overall security posture of the organisation. Ensuring that the organisation complies with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS), thereby avoiding legal penalties and enhancing trust with stakeholders. Maintaining a state of readiness for security audits and assessments, ensuring that all security controls and measures are well-documented and effective. Developing and implementing disaster recovery plans to ensure business continuity in the event of a security incident or data loss. Efficiently managing and mitigating the impact of security incidents to minimise downtime and operational disruption. Knowledge and experience:Technical Proficiency: In-depth knowledge of network security software - Meraki Cloud, Cloudflare, Mimecast, encryption technologies, and other security hardware and software tools. Current Trends: Stay current with the latest trends in cybersecurity threats and defence strategies. Problem-Solving: Strong problem-solving skills and the ability to work well under pressure. Communication: Good communication skills to effectively train employees and coordinate with other departments. Functional/technical skills: Firewall Management: Proficiency in configuring and managing firewalls to protect network boundaries. Intrusion Detection/Prevention Systems (IDS/IPS): Experience with IDS/IPS to monitor and respond to potential threats. VPNs and Remote Access: Knowledge of setting up and managing Virtual Private Networks (VPNs) and secure remote access solutions. Patch Management: Ability to manage and deploy security patches and updates to systems and applications. Endpoint Security: Experience with endpoint protection solutions, such as antivirus and anti-malware software. Proficiency in implementing and managing encryption technologies to protect data at rest and in transit. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
UK ONLY - SPONSORSHIP IS NOT AVAILABLE Job Purpose: This role is responsible for overseeing and enhancing the security of our IT systems, data, and networks. You will conduct regular security audits, assessments, and tests, and identify and resolve any vulnerabilities or breaches.You will also develop and implement security policies, procedures, and standards, and ensure compliance with the relevant laws and regulations, and train and educate employees on the best practices and awareness of IT security. Operating Environment:The role operates within the IT Services Team, The IT Services Team includes specialist staff delivering core outputs that are both external-facing and internal key enablers. Framework & Boundaries: The role is responsible for improving the quality, wellbeing and efficiency of our IT Security. The role has external-facing responsibilities and is required and authorised to act as a representative for the organisation. Key accountabilities:Monitor and Inspect: Regularly monitor the network for security threats or breaches. Policy Development: Develop and implement security policies and procedures to safeguard data and systems. Vulnerability Testing: Perform regular vulnerability testing and risk assessments to identify and mitigate security risks. Incident Response: Investigate security incidents and provide post-event analysis and recommendations. Security Tools Management: Manage and maintain firewalls, intrusion detection and prevention systems, antivirus software, and other security tools. Compliance: Ensure compliance with industry regulations and standards. Training: Train technical and non-technical employees on security protocols, procedures, and best practices. Disaster Recovery: Participate in disaster recovery planning and testing to ensure business continuity in the event of a security incident. Job impact:Risk Mitigation: Implementing robust security measures to significantly reduce the risk of data breaches, cyber-attacks, and other security incidents. Proactive Threat Management: Identifying and addressing vulnerabilities before they can be exploited, thereby enhancing the overall security posture of the organisation. Ensuring that the organisation complies with relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI-DSS), thereby avoiding legal penalties and enhancing trust with stakeholders. Maintaining a state of readiness for security audits and assessments, ensuring that all security controls and measures are well-documented and effective. Developing and implementing disaster recovery plans to ensure business continuity in the event of a security incident or data loss. Efficiently managing and mitigating the impact of security incidents to minimise downtime and operational disruption. Knowledge and experience:Technical Proficiency: In-depth knowledge of network security software - Meraki Cloud, Cloudflare, Mimecast, encryption technologies, and other security hardware and software tools. Current Trends: Stay current with the latest trends in cybersecurity threats and defence strategies. Problem-Solving: Strong problem-solving skills and the ability to work well under pressure. Communication: Good communication skills to effectively train employees and coordinate with other departments. Functional/technical skills: Firewall Management: Proficiency in configuring and managing firewalls to protect network boundaries. Intrusion Detection/Prevention Systems (IDS/IPS): Experience with IDS/IPS to monitor and respond to potential threats. VPNs and Remote Access: Knowledge of setting up and managing Virtual Private Networks (VPNs) and secure remote access solutions. Patch Management: Ability to manage and deploy security patches and updates to systems and applications. Endpoint Security: Experience with endpoint protection solutions, such as antivirus and anti-malware software. Proficiency in implementing and managing encryption technologies to protect data at rest and in transit. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
