IT Security Engineer
Bristol – Hybrid Working / 1 or 2 days per week onsite
£45,000 – £50,000 + benefits
Fantastic new permanent opportunity for an experienced IT Security Engineer with this large financial services company based in Bristol.
As a key member of the Planning, Architecture & Security services team, the role will be at the forefront of the company’s security strategy, ensuring the confidentiality, integrity and availability of all their information and information systems.
This role will focus on security and quality control in the IT department and will include designing, building and securing, scalable and robust systems. This role will help the company understand security threats and help create strategies to protect the businesses assets and interests.
Main responsibilities:
- Proactively identify information security deficiencies or opportunities for improvement and facilitate development of pragmatic solutions.
- Plan, implement and upgrade security measures and controls.
- Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction.
- Contribute to the IT Strategy planning process with regards to Information Security, ISO27001/27002 developments.
- Provide advisory and consulting support to help the Company improve its security posture and adhere to security policies, expected controls and regulatory requirements.
- Maintain data and monitor security access.
- Perform vulnerability testing, risk analyses and security assessments.
- Define, implement and maintain corporate security policies.
- Anticipate security alerts, incidents and disasters and reduce their likelihood.
- Perform information security reviews of the core business and group business as well as third parties.
- Identify and document areas of IT Risk related to Information/Cyber Security.
- Support IT Risk Management by proposing appropriate risk mitigation and control measures.
Skills Required:
- A proven background within Security Operations / Network Security and Security Engineering.
- Able to demonstrate a good understanding of information security frameworks, standards and security best practice (ISO27001, NIST CSF, Mitre Att&ck Framework, OWASP).
- Experience in designing secure components (e.g. networks, systems, applications, security technologies)
- Knowledge of and skills in at least one scripting language such as PowerShell.
- Comprehensive knowledge of network design, defence-in-depth principles and network security architecture.
- Extensive experience and understanding of security analysis tools, defensive technologies and other security technologies (e.g. SIEM, VAS, IDS/IPS, Firewalls, IAM, PAM, NAC, Email Security, Web filtering, Patch management, Anti-malware).
- Experience in identifying, detecting, applying protection, responding and remediating to security incidents to within business risk appetite.
- Strong working knowledge of authentication technologies (e.g. two-factor, multifactor).
- Strong proficiency in using the Microsoft Ecosystem such as Active Directory and MS Entra ID, including GPO, DNS, DHCP.
- Knowledge of endpoint security solutions (e.g. HIDS, anti-malware, file integrity, DLP).
- AWS, Azure and other cloud platforms, including hybrid cloud (e.g. SaaS, IaaS, PaaS).
- System administration, supporting multiple platforms and applications.
- Skilled in conducting vulnerability scans and identifying vulnerabilities in systems.
- Effective technical and non-technical communication skills to provide security support for colleagues, at all levels, across the business.
For any further queries regarding the role or to apply, please contact Danny Palmer on at danny.palmer@sandersonplc.com
