Information Security Engineer

Information Security Engineer

Buckinghamshire – 1 or 2 days a week in the office

Up to £70,000 salary plus a discretionary bonus of up to 15%

After a transformative 3-year change initiative, they have outlined a strategic 5-year plan to broaden their impact and enhance our operational efficiency. They are now seeking an Information Security Engineer to continue to develop, optimise, and maintain their security controls to protect the organisation's assets and data.

About the role

As the Information Security Engineer, you will be responsible for enhancing and maintaining security controls.

This role involves working closely with technology teams to ensure robust security architecture, providing expert advice on security requirements, and managing all technical change activities related to security. You will also identify and address security design gaps and recommend enhancements to existing and proposed architectures.

What you will be responsible for?

1.Security Control Development:

-Develop and optimise security controls in collaboration with relevant technology teams.

-Ensure adherence to architectural principles during design to minimise risk.

-Drive adoption of security policies, standards, and guidelines across the organisation.

2.Provide consultancy and Expert Advice:

-Provide authoritative advice on security controls and requirements in collaboration with legal, technical support, and other functional experts.

-Maintain recognised expert-level knowledge in one or more security specialisms.

-Promote and support the development and sharing of specialist knowledge within the organisation.

3.Conduct Research and Analysis:

-Conduct research to evaluate, develop, and implement security practices and standards.

-Track and understand emerging security technologies and practices.

-Assess impacts, threats, and control opportunities, and create reports and technology roadmaps.

-Share knowledge and insights with relevant stakeholders.

4.SecOps and Security Administration:

-Monitor and ensure compliance with security administration procedures.

-Review information systems for potential security breaches and collaborate with SecOps for investigations and control changes.

-Contribute to the creation and maintenance of security policies, standards, procedures, and documentation.

-Support the maintenance of the companies NIST capability maturity.

What do you need to be successful?

-Experience as a Security Engineer or in a similar role with a strong background in IT Security/IT Operations.

-Demonstrable expertise in security controls and architecture.

-Proficiency in security frameworks such as ISO, NIST, and OWASP.

-Knowledge of Cloud infrastructure (e.g., Azure).

-Experience with security technologies (e.g., SIEM, EDR, IPS, web and email gateways).

-Qualifications (desirable): CISSP or similar certification, TOGAF or similar architectural framework certification, Vendor technology training/certifications (e.g., SIEM, EDR, IPS), Experience in security delivery roles.