Information Security Engineer
Open positions in York, England
The Information Security Engineer plays an integral role in the Information Security and Data Protection team. This team is responsible for implementing StarCompliance’s Governance, Risk and Compliance strategy. Knowledge of and compliance with standard security and privacy frameworks is paramount to this role along with solid communication, organisational and people management skills. The Information Security Engineer shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. They will be responsible for designing, implementing and/or integrating IA and security systems and system components, including those for networking, computing, and enclave environments to include those with multiple enclaves, and with differing data protection/classification requirements. They will contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations. This position reports to the Information Security Officer. Successful candidates will need to be passionate about the StarCompliance brand identity and understand the solutions that the company provides.
- Promote a culture of security initiatives and activities to support and improve Information Security Awareness across the organization
- Partners with all areas of the company to communicate the importance of strong programs, works to develop solutions to achieve company’s objectives, and incorporates security into how we do business
- Translate risk in technical and non-technical terminology so that it can be interpreted by employees at all levels, including business stakeholders
- Implement security vulnerability testing tools to provide continuous monitoring and patch verification.
- Assist with day-to-day security operations in administering, monitoring, escalating, containing and remediating security events/issues/incidents from Information Security Systems
- Partner with Infrastructure team to identify, plan and remediate threats and vulnerabilities
- Assist with Security Incidents Management: planning, detection & analysis, containment, eradication, recovery and post incident activities
- Support and help develop ongoing Secure Code Analysis best practices within the Software Development Lifecycle
- Report on and develop Security Metrics
- Assist in the creation and enforcement of Information Security Policies and Standards
- Assist with the responses to client and prospect security questionnaires and requirements
- Assist with third-party and vendor assessments such as penetration tests, security risk assessments and internal/external security audits
- Remain up-to-date with new data and privacy legislation as well as emerging security technologies and understand/translate their risk relevance to the StarCompliance environment.
- Participate in the development and monitoring of business continuity and disaster recovery planning
- Travels to client locations around the world on an as-needed basis to deliver presentations and assist in pre- and post- sales activities
Mandatory Skills, Knowledge or Experience
- Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required.
- Positive, professional demeanour and well experienced working within a client orientated setting (internal or external), leading conference calls and in-person meetings where required.
- A general understanding of today’s threat landscape and information security architectures, as well as applicable laws, regulations, and compliance frameworks (ISO 27001, SSAE18, NIST, GDPR, PCI- DSS, etc.)
- Knowledge of incident response and the creation, execution, and reporting of such activities.
- Knowledge of Malware identification, containment, and eradication.
- Knowledge of access control systems, PKI, multi-factor authentication, and entitlements management.
- Knowledge of information security systems such as Endpoint Protection, Firewalls, SIEM technologies, VPN’s, Data Loss Prevention systems and Intrusion Detection/Prevention systems.
- Knowledge of Network and Application protocols, including but not limited to IP, TCP, UDP, FTP, HTTP, HTTPS, DNS, DHCP, routing, etc.
- Knowledge of the Software Development Lifecycle
- Proficiency in the use of Microsoft Office, Visio, and Project.
- Excellent communication skills and demonstrates the ability to embrace and drive change
- Excellent attention to detail, analytical and organised.
- Exceptional time management skills toward managing team priorities effectively.
- Experience with Sophos, AlienVault USM, CloudFlare and Tenable beneficial.
- Financial services experience beneficial, but not essential.
- Experience of responding to Security based questionnaires
- Information Security rated qualification(s) or experience, or demonstrate an established path
Integrity and Ethics
- All StarCompliance employees are expected to commit to a high standard of personal integrity and carry out their responsibilities in an ethical manner.