Job description
Senior Security Engineer
Permanent Opportunity
Hybrid role
London Based
Market rate
Insurance / Finance Sector experience
Job description
As a Senior Security Engineer, you will be a hands-on technical expert responsible for safeguarding our organisation's information systems, both on-prem and in the cloud. Your role involves designing, implementing, and maintaining robust security solutions, conducting vulnerability and risk assessments, and responding to security incidents. This position requires a deep technical understanding of security technologies, protocols, and a proactive approach to identifying and addressing potential security threats.
Main duties
Evaluate, implement, and provide ongoing management for security platforms such as SIEM/SOAR, web/email security, endpoint detection and response (EDR), and othersStay current with advancements in security tooling and recommend updates or new acquisitions as neededDesign, implement, and manage IAM solutions, including multi-factor authentication and privilege management solutions (PAM)Collaborate with the Architecture teams Configure IAM tools to integrate seamlessly with other security and business systemsConduct regular reviews and audits of IAM configurations to ensure least privilege accessDevelop and implement security policies, procedures, and best practices for new and existing cloud-based applications and servicesAdept in assessing threats to cloud and associated application components, Including experience securing API's and SaaS/PaaS productsUtilize vulnerability scanning tools to assess and identify security vulnerabilitiesDevelop and maintain automated processes for regular vulnerability assessmentsEstablish and enforce secure configuration baselines for operating systems, network devices, and applicationsConduct regular configuration audits to ensure compliance with security standardsImplement and manage configuration management tools to automate and streamline processesLead technical aspects of incident response, leveraging security tools for analysis and containmentDevelop and maintain incident response playbooks with a focus on tooling and automationConduct digital forensics using specialised tools to determine the root cause of security incidentsSkills, Knowledge and Experience
Certifications such as CEH, GSEC, CCSP or similar security certifications are highly desirableAzure specific certifications such as AZ-500 and SC-900 would be highly desirableRelevant experience in a technical engineering role, such as infrastructure, networking, or security. Strong preference to those with Security Engineering backgrounds, particularly in Windows environments (including Azure)In-depth knowledge of security tooling and configurations for both on-premises and cloud environmentsExperience with network protocols, operating systems, and security-related technologies