Security Engineer (Network, OT, Cloud & Web)

Job Description

As one of our Security Engineers, you are passionate about security and great engineering practises. You will join a multidisciplinary team, working together with other Security Engineers, Product Managers and Security teams. As an Engineer, you will help design, build and deliver secure, high-quality enterprise solutions across numerous initiatives within the organisation, building-upon and spreading your security knowledge to an ever-expanding engineering community, increasing our security posture and helping identify and reduce our risk exposure when deploying systems and infrastructure.

You will utilise your experience in systems, network, endpoints and infrastructure security to reduce our risk exposure in our Offices, Warehouses, Operational Tech and Cloud landscape. You will help drive projects that improve asset discovery and monitoring across a broad range of environments. You will bring to the team a solid understanding of network and operational technologies and the security risks associated with them. You will help design and build solutions that will increase the security of our warehouses and physical premises as well as contribute to other security engineering projects and initiatives, broadening your skillset and exposure to other aspects of Security.

This is not primarily a hands-on networking role but would suit someone looking to move from hands-on to more strategic design and consultation. You would need proven hands-on experience, however, will not be afraid to get stuck into projects if applicable.

Responsibilities

• Support with Security Risk Assessments across our premises (incl. Threat Modelling, Attack Surface Analysis)
• Drive projects that improve asset discovery and monitoring across a broad range of environments
• Drive security risk decisions and influence technical architecture
• Produce and Deliver Security Training and Standards around Security Best Practices and risk reduction
• Be willing to create and make use of automations, policies and scripts to support Security initiatives
• Understand industry regulations and compliance such as GDPR & PCI-DSS and how that applies to infrastructure
• Articulate mitigation and development techniques around emerging threats to technical and non-technical stakeholders
• Experience or interest in broadening skillset into asos.com traffic engineering / bot control, email security and zero trust approaches

Qualifications

About you: 

• Experience with identifying risks and securing Infrastructure, Operational Tech and/or Warehouse technologies
• Strong experience with software/infrastructure engineering practises and processes
• A passion for Security and a strong understanding of good security practices
• An understanding of endpoint protection and network security
• Experience building applications, scripts, pipelines or automation using modern technologies and languages such as PowerShell, YAML, Python, C#, Java, Docker, Kubernetes, Terraform and IAC
• Understanding of regulatory compliance and industry standards such as NIST CSF, NIST SP 800-82r3, IEC 62443

Additional Information

BeneFITS’ 

• Employee discount (hello ASOS discount!) 
• ASOS Develops (personal development opportunities across the business) 
• Employee sample sales  
• Access to a huge range of LinkedIn learning materials 
• 25 days paid annual leave + an extra celebration day for a special moment 
• Discretionary bonus scheme  
• Private medical care scheme 
• Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits 

Why take our word for it? Search #InsideASOS on our socials to see what life at ASOS is like. 

Want to find out how we’re tech powered? Check out the ASOS Tech Podcast herehttps://open.spotify.com/show/6rT4V6N9C7pAXcX60kzzxo. Prefer reading? Check out our ASOS Tech Blog herehttps://medium.com/asos-techblog.