Áttekintés
We are seeking a proactive and skilled IT Security Engineer to join our team. The role will focus on maintaining and enhancing the security of our SaaS estate, implementing secure controls, managing patching processes, reviewing SOC activity, completing client security questionnaires, and supporting ISO audit requirements. Our client is a leading global consultancy to the financial services industry.
Részletes leírás
Responsibilities:
- Cloud Security Management
- Design, implement, and maintain security controls for cloud-based systems to protect organisational data and infrastructure.
- Monitor and respond to security incidents and alerts in cloud environments.
- Conduct regular security assessments and vulnerability scans to identify and mitigate risks.
- Develop and enforce security policies and procedures for cloud environments.
- Ensure the secure configuration and management of cloud resources, including virtual machines, storage, and networking components.
- Collaborate with cloud service providers to address security issues and implement best practices.
- Patch Management and Vulnerability Detection
- Monitor the patching status of operating systems, applications, and cloud services to ensure vulnerabilities are addressed in a timely manner.
- Implement and manage patch management processes to maintain system security and compliance.
- Perform regular vulnerability assessments and coordinate remediation efforts.
- Develop and maintain a comprehensive patch management schedule to ensure all systems are up-to-date.
- Collaborate with IT teams to test and deploy patches in a controlled and efficient manner.
- Track and report on patch management metrics to ensure continuous improvement.
- Audit Support
- Assist in the preparation and execution of internal and external security audits.
- Ensure compliance with industry standards and regulatory requirements.
- Provide documentation and evidence to auditors as needed.
- Coordinate with audit teams to address any findings and implement corrective actions.
- Maintain detailed records of audit activities and outcomes.
- Develop and implement processes to ensure ongoing compliance with security standards.
- Client Due Diligence Questionnaires (DDQs)
- Complete client security DDQs and assessments, providing accurate and detailed responses.
- Collaborate with clients to address security-related inquiries and concerns.
- Maintain up-to-date knowledge of client security requirements and best practices.
- Develop and maintain a repository of standard responses to common DDQ questions.
- Ensure timely and accurate completion of DDQs to support client relationships.
- Provide support to sales and account management teams in addressing client security concerns.
- Security Monitoring and Incident Response
- Monitor security logs and alerts to detect and respond to potential security incidents.
- Investigate and resolve security incidents in a timely manner.
- Develop and maintain incident response plans and procedures.
- Conduct post-incident reviews to identify root causes and implement corrective actions.
- Collaborate with SOC teams to enhance security monitoring capabilities.
- Provide regular reports on security incidents and response activities to management.
- Collaboration and Communication
- Work closely with IT, engineering, and business teams to identify and address security risks.
- Provide security training and awareness programs to employees.
- Communicate security policies and procedures to stakeholders.
- Collaborate with cross-functional teams to ensure security is integrated into all aspects of the organisation.
- Participate in security-related meetings and provide input on security initiatives.
- Develop and maintain strong relationships with key stakeholders to promote a culture of security.
- Continuous Improvement
- Stay updated with the latest security trends, threats, and technologies.
- Recommend and implement improvements to security processes and controls.
- Participate in security-related projects and initiatives.
- Conduct regular reviews of security policies and procedures to ensure they remain effective.
- Minimum of 2 years in a similar role
- At least one Security focused certification (e.g. CompTIA Security+, CEH, Microsoft Azure Security)
- Strong understanding of cybersecurity principles, frameworks, and best practices (e.g., ISO 27001, NIST, COBIT)
- Experience securing SaaS applications and cloud infrastructure (Azure)
- Competitive benefits package including cafeteria (SZÉP card) and bonus opportunity
- Private healthcare and wellbeing support (incl. EAP programme)
- Flexible hybrid working and home office allowance
- Family-friendly benefits (enhanced maternity and paternity support)
- Long-term security with pension contribution and insurance coverage
- International environment with strong learning and development opportunities