*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/07/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
SOC Engineer (Sentinel SME) Akkodis are currently working in partnership with a leading service provider to recruit an experienced SOC Engineer with expertise of Microsoft Sentinel to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a SOC Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
26/07/2024
Full time
SOC Engineer (Sentinel SME) Akkodis are currently working in partnership with a leading service provider to recruit an experienced SOC Engineer with expertise of Microsoft Sentinel to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a SOC Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
SOC Engineer (Sentinel SME) Akkodis are currently working in partnership with a leading service provider to recruit an experienced SOC Engineer with expertise of Microsoft Sentinel to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a SOC Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
26/07/2024
Full time
SOC Engineer (Sentinel SME) Akkodis are currently working in partnership with a leading service provider to recruit an experienced SOC Engineer with expertise of Microsoft Sentinel to join their growing security team during an exciting period of change. Please note this is a fully remote role and you must be eligible to gain security clearance (do not need to hold currently). The Role As a SOC Engineer you will be responsible for handing security incidents received/escalated for the Junior Analysts in the team. You will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You will also have the opportunity to support the initial implementation of new security related Microsoft technologies, including Microsoft Sentinel, MDE, MDI and Defender for Cloud. The Responsibilities Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up Remain current on cyber security trends and intelligence (open source and commercial) in order to guide the security analysis & identification capabilities of the CSOC team Provide oversight, guidance and mentoring to L2 & L3 analysts, and fulfil SOC Manager responsibilities in the absence of the SOC Manager Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover etc. Perform advanced event and incident analysis, including baseline establishment and trend analysis. Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security related threat. Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity. Identify, create and implement improvements to procedures and processes, with the SOC Manager's approval. Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimisation Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development. The Requirements Senior Cyber Security and security operations experience Experience in managing Microsoft Sentinel, including Lighthouse Experience of onboarding, tuning, reporting and configuring SIEM solutions Experience of threat intelligence Leadership and mentoring experience and skills Understanding of low-level concepts including operating systems and networking Commercial experience in Penetration Testing and/or Security Monitoring Understanding of networking and infrastructure design Active or ability to obtain SC clearance Knowledge/experience of DevOps would be hugely beneficial If you are looking for an exciting new challenge to join a leading SOC team please apply now. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Process Automation Developer - Business Risk & Controls sought by leading investment bank based in London. .*Inside IR35 - 3 days a week onsite* Job Purpose : The Automation and End User Computing Solutions Engineer/Developer role is a critical hire within the group to drive design and adoption of sustainable controls to deliver reduction in end user computing risk through use of low-code/no-code platforms and business process automation. The successful candidate will work with SMEs across Business, Transformation, Development, DevOps, Cyber Security and Risk & Controls teams to design and implement automated, codified IT and Data controls. Priorities include engineering of workflow tools to certify platforms and solutions, codification of controls, integration with enterprise inventories and design of solutions to core data processing and automation challenges. Key Responsibilities: Work closely with Enterprise Governance and Business & Function aligned technology teams to define and maintain front-to-back solution architecture for end user solution governance and workflow. Codify process and data controls as part for platform certification to comply with internal policy and standards. Establish enterprise-wide best practices for data sourcing, authoring, and reporting within low-code/no-code solutions aligned with broader data architecture principles. Produce high-quality documentation and design artefacts. Collaborate with program team to define delivery roadmap with intermediate milestones to deliver target state. Present at design governance forums to ratify proposals. Work closely with Business & Function aligned technology teams to implement and adopt workflow and codified control capabilities. Work closely with Business & Function aligned technology teams to identify and maintain end user solution tool best practices. Promote use of standards, design guard rails, and foundational components to deliver target state solutions. Advocate for a culture of platform automation with obsession for an everything as-a-code approach. Clearly identify risks and proactively manage mitigation. Experience (Must haves): At least 8+ years of experience in financial services Strong hands-on experience in developing business process automation, data pipeline processing, data governance and controls. Experience with technology controls, identification of control gaps in relation to technology processes, applications, information security policy, and other internal policies. Working knowledge of DevSecOps practices. Experience working in a DevOps culture. Hands on knowledge of working with CI/CD tools (ideally IBM UrbanCode Deploy, TeamCity, Jenkins, Tekton etc.), monitoring tools and log aggregation tools. Experience in an agile development environment with modern programming languages and technologies such as: Golang, Java/Spring Boot, Python. Experience working with data storage technologies and ETL tools (Oracle, MongoDB, commercial ETL tools). Good working knowledge of containers (Docker/Kubernetes/OpenShift/EKS). Strong communication skills and proven track record in producing quality project artefacts, including senior management reports within a technology or risk & controls domain. Ability to structure and run design forums across diverse stakeholders to drive a consensus on requirements and develop and implement process, data, system designs. Motivated self-starter with ability to learn new skills quickly and navigate the organization. Education: Bachelor's degree in IT, Computer Science, or engineering. Masters degree preferred. Please apply within for further details or call. Alex Reeder Harvey Nash Finance & Banking
26/07/2024
Project-based
Process Automation Developer - Business Risk & Controls sought by leading investment bank based in London. .*Inside IR35 - 3 days a week onsite* Job Purpose : The Automation and End User Computing Solutions Engineer/Developer role is a critical hire within the group to drive design and adoption of sustainable controls to deliver reduction in end user computing risk through use of low-code/no-code platforms and business process automation. The successful candidate will work with SMEs across Business, Transformation, Development, DevOps, Cyber Security and Risk & Controls teams to design and implement automated, codified IT and Data controls. Priorities include engineering of workflow tools to certify platforms and solutions, codification of controls, integration with enterprise inventories and design of solutions to core data processing and automation challenges. Key Responsibilities: Work closely with Enterprise Governance and Business & Function aligned technology teams to define and maintain front-to-back solution architecture for end user solution governance and workflow. Codify process and data controls as part for platform certification to comply with internal policy and standards. Establish enterprise-wide best practices for data sourcing, authoring, and reporting within low-code/no-code solutions aligned with broader data architecture principles. Produce high-quality documentation and design artefacts. Collaborate with program team to define delivery roadmap with intermediate milestones to deliver target state. Present at design governance forums to ratify proposals. Work closely with Business & Function aligned technology teams to implement and adopt workflow and codified control capabilities. Work closely with Business & Function aligned technology teams to identify and maintain end user solution tool best practices. Promote use of standards, design guard rails, and foundational components to deliver target state solutions. Advocate for a culture of platform automation with obsession for an everything as-a-code approach. Clearly identify risks and proactively manage mitigation. Experience (Must haves): At least 8+ years of experience in financial services Strong hands-on experience in developing business process automation, data pipeline processing, data governance and controls. Experience with technology controls, identification of control gaps in relation to technology processes, applications, information security policy, and other internal policies. Working knowledge of DevSecOps practices. Experience working in a DevOps culture. Hands on knowledge of working with CI/CD tools (ideally IBM UrbanCode Deploy, TeamCity, Jenkins, Tekton etc.), monitoring tools and log aggregation tools. Experience in an agile development environment with modern programming languages and technologies such as: Golang, Java/Spring Boot, Python. Experience working with data storage technologies and ETL tools (Oracle, MongoDB, commercial ETL tools). Good working knowledge of containers (Docker/Kubernetes/OpenShift/EKS). Strong communication skills and proven track record in producing quality project artefacts, including senior management reports within a technology or risk & controls domain. Ability to structure and run design forums across diverse stakeholders to drive a consensus on requirements and develop and implement process, data, system designs. Motivated self-starter with ability to learn new skills quickly and navigate the organization. Education: Bachelor's degree in IT, Computer Science, or engineering. Masters degree preferred. Please apply within for further details or call. Alex Reeder Harvey Nash Finance & Banking
Sailpoint Engineer - Outside IR35 - Full Remote (UK & EU Wide) - 12 Month Contract Hamilton Barnes are representing a leading Cyber Security Consultancy who are currently seeking a talented Sailpoint Engineer. In this role, you will play a key part in the implementation, design, and development of complex IAM solutions for a global energy client. You'll also enjoy the benefit of working fully remote on this large scale project. What you will Ideally Bring: Strong familiarity with Sailpoint Identity IQ experience with designing, implementing and managing Sailpoint Extensive IAM (IGA, IDAM) solution design experience (Design Review Boards/HLD/LLD) Sailpoint IIQ/technical and functional knowledge with the ability to work with the engineering team Skilled in Scripting language like, JavaScript, PowerShell, Python etc Key Responsibilities: Develop solutions for integrating applications into SailPoint. Implement, design, and develop complex IAM solutions for large-scale customers across various industry verticals. Assist in creating scripts for integrating various applications with SailPoint. Integrations with AWS and Azure IAM services Recommend SailPoint best practices. Support IAM BAU (Business as Usual) and implementation teams. Design SailPoint workflows and processes. Contract Details: Duration: 12 months (View to Extension) Rate: Up to £600 Per Day (Outside IR35) Location: Fully remote Start Date: Asap Sailpoint Engineer - Outside IR35 - Full Remote (UK & EU Wide) - 12 Month Contract
26/07/2024
Project-based
Sailpoint Engineer - Outside IR35 - Full Remote (UK & EU Wide) - 12 Month Contract Hamilton Barnes are representing a leading Cyber Security Consultancy who are currently seeking a talented Sailpoint Engineer. In this role, you will play a key part in the implementation, design, and development of complex IAM solutions for a global energy client. You'll also enjoy the benefit of working fully remote on this large scale project. What you will Ideally Bring: Strong familiarity with Sailpoint Identity IQ experience with designing, implementing and managing Sailpoint Extensive IAM (IGA, IDAM) solution design experience (Design Review Boards/HLD/LLD) Sailpoint IIQ/technical and functional knowledge with the ability to work with the engineering team Skilled in Scripting language like, JavaScript, PowerShell, Python etc Key Responsibilities: Develop solutions for integrating applications into SailPoint. Implement, design, and develop complex IAM solutions for large-scale customers across various industry verticals. Assist in creating scripts for integrating various applications with SailPoint. Integrations with AWS and Azure IAM services Recommend SailPoint best practices. Support IAM BAU (Business as Usual) and implementation teams. Design SailPoint workflows and processes. Contract Details: Duration: 12 months (View to Extension) Rate: Up to £600 Per Day (Outside IR35) Location: Fully remote Start Date: Asap Sailpoint Engineer - Outside IR35 - Full Remote (UK & EU Wide) - 12 Month Contract
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/07/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Senior PAM PKI Security Engineer. Candidate will be responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Responsibilities: Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
25/07/2024
Full time
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Senior PAM PKI Security Engineer. Candidate will be responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Responsibilities: Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
Request Technology - Craig Johnson
Chicago, Illinois
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Senior PAM PKI Security Engineer. Candidate will be responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Responsibilities: Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
25/07/2024
Full time
*Position is Bonus eligible* Prestigious Financial Company is currently seeking a Senior PAM PKI Security Engineer. Candidate will be responsible for applying skills and knowledge to perform functions for Privileged Access and Secrets Management solutions, Hardware security modules (HSMs), and encryption practices. You must ensure to take a security first approach when deploying or integrating Secrets Management, PKI, Sessions Management, or authentication integrations under the team's purview using agile methodology. Responsibilities: Design, document, deploy, and support PAM solutions supporting vaulting, session management, hardcoded credential removal, and support integrations with PAM solution for secure secrets management supporting app-to-app communication. Design, document, develop, and support PAM integrations to support automated password rotations and establishing secure sessions through jump host solution. Design, document, implement, and maintain our Certificate Authority PKI infrastructure. Ensure certificates are correctly issued, renewed, and revoked as necessary. Implement and manage certificate templates and revocation configurations. Implement, configure, and maintain HSMs to support PKI operations. Work with vendors to ensure systems are patched and up to date. Address and troubleshoot issues related to PAM, PKI, and HSM solutions. Implement and manage encryption tools and software. Ensure team solutions are monitored following best practice. Proficient in using Scripting and automation skills to convert manual maintenance and audit functions into orchestrated automation. Track and execute work following agile best practices with self-motivation to bring a task from ideation to implementation. Ability to operate in a highly regulated complex operational environment and collaborate with internal SMEs required to maintain and mature the PAM program. Document, review, and update run books supporting Secrets and Privileged Access Management solutions. Develop and maintain encryption standards, practices, and solutions. Develop and maintain documentation related to PAM policies, procedures, and configurations. Qualifications: The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions. Experience with enterprise PAM tools and technologies such as various CyberArk and HashiVault components and underlying infrastructure supporting those technologies. Experience with various integration techniques for Secrets Management and Privileged Management to target systems such as databases, directories, and applications. Experience with Microsoft certificate authority PKI infrastructure. Experience with hardware security modules (HSMs). Experience with Python, Ansible, Terraform, and YAML packages. Requires in-depth knowledge of PAM and Secrets Management best practices. Requires in-depth knowledge of encryption algorithms, protocols, and best practices. Working knowledge of system monitoring techniques and tooling. Working knowledge of the cloud ecosystem and CI/CD deployments with Terraform, Ansible, and Jenkins pipelines. 5+ years of experience with PAM tools and technologies. 3+ years of experience in PKI infrastructure including Microsoft Certificate Authority. Bachelor's degree in computer science, Information Technology, or related field. Technical Skills: Hands on deployment, management, and troubleshooting experience with HSMs, MS PKI, HashiCorp Vault, and all CyberArk components (AIM, PSM/P, PVWA, CPM, VAULT). Hands on experience leveraging APIs. Knowledge of cryptographic operations, secure key storage, and key life cycle management with HSM and encryption tools. Knowledge of end-to-end encryption, data at rest, and data in transit protection methodologies. Ability to interpret logs and events related to PKI, HSMs, encryption, and PAM activities. 5+ years of experience with security engineering activities and testing. 5+ years of experience with privileged access management platforms. 3+ years of experience with HSM, PKI, Microsoft Certificate Authority. 2+ years of experience with DevOps/DevSecOps (eg, GitOps, Version Control, RESTful APIs) 2+ years of experience with cloud architecture and deployments. Certificates or Licenses: CyberArk Defender, Sentry, or Guardian HashiCorp Certified: Terraform Associate HashiCorp Certified: Vault Associate Certification Information Systems Security Professional (CISSP) AWS Certified Security Specialty CompTIA Security+ Microsoft Certified: Security Engineer Associate
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
25/07/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
SOFTWARE DEVELOPER - EDV CLEARED BRAND NEW CONTRACT OPPORTUNITY AVAILABLE WITHIN A LEADING COMPANY FOR A SOFTWARE DEVELOPER WITH ENHANCED DV CLEARANCE Contract opportunity for a Software Engineer with enhanced DV clearance. Industry leading company supporting UK national security projects. Day rate up to £550/day DOE. London based in an easily accessible location. To apply please call or email (see below) WHO ARE WE? We are recruiting Software Developers to work with an industry-leading cyber/National Security/defence client with office locations in and around London. The expertise of our engineers drives us forward, and we're looking for talented individuals eager to learn and grow to join us. Due to the nature of these clients, you must hold Enhanced DV Security Clearance to work on National Security projects. WE NEED THE SOFTWARE DEVELOPER TO HAVE . Enhanced DV Security Clearance. Experience as a Full Stack Developer. Working knowledge of a programming language (preferably Python). Familiarity with a software suite (preferably SAS). Working knowledge of a relational database management system (preferably Oracle DB). Experience in version control, unit testing, integration testing, and UAT. A problem-solving mindset and a growth attitude. TO BE CONSIDERED . Please either apply by clicking online or emailing me directly to (see below) For further information please call me. I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. SOFTWARE DEVELOPER - EDV CLEARED KEY SKILLS: SOFTWARE ENGINEER/DEVOPS/FULL STACK/PYTHON/Oracle/VERSION CONTROL/UNIT TESTING/INTEGRATION TESTING/DV CLEARED/DV CLEARANCE/ DEVELOPPED VETTING/DEVELOPED VETTED/DEEP VETTING/DEEP VETTED/SC CLEARED/SC CLEARANCE/SECURITY CLEARED/SECURITY CLEARANCE
25/07/2024
Project-based
SOFTWARE DEVELOPER - EDV CLEARED BRAND NEW CONTRACT OPPORTUNITY AVAILABLE WITHIN A LEADING COMPANY FOR A SOFTWARE DEVELOPER WITH ENHANCED DV CLEARANCE Contract opportunity for a Software Engineer with enhanced DV clearance. Industry leading company supporting UK national security projects. Day rate up to £550/day DOE. London based in an easily accessible location. To apply please call or email (see below) WHO ARE WE? We are recruiting Software Developers to work with an industry-leading cyber/National Security/defence client with office locations in and around London. The expertise of our engineers drives us forward, and we're looking for talented individuals eager to learn and grow to join us. Due to the nature of these clients, you must hold Enhanced DV Security Clearance to work on National Security projects. WE NEED THE SOFTWARE DEVELOPER TO HAVE . Enhanced DV Security Clearance. Experience as a Full Stack Developer. Working knowledge of a programming language (preferably Python). Familiarity with a software suite (preferably SAS). Working knowledge of a relational database management system (preferably Oracle DB). Experience in version control, unit testing, integration testing, and UAT. A problem-solving mindset and a growth attitude. TO BE CONSIDERED . Please either apply by clicking online or emailing me directly to (see below) For further information please call me. I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. SOFTWARE DEVELOPER - EDV CLEARED KEY SKILLS: SOFTWARE ENGINEER/DEVOPS/FULL STACK/PYTHON/Oracle/VERSION CONTROL/UNIT TESTING/INTEGRATION TESTING/DV CLEARED/DV CLEARANCE/ DEVELOPPED VETTING/DEVELOPED VETTED/DEEP VETTING/DEEP VETTED/SC CLEARED/SC CLEARANCE/SECURITY CLEARED/SECURITY CLEARANCE
LEAD SOFTWARE DEVELOPER - EDV CLEARED BRAND NEW CONTRACT OPPORTUNITY AVAILABLE WITHIN A LEADING COMPANY FOR A SOFTWARE DEVELOPER WITH ENHANCED DV CLEARANCE Contract opportunity for a Lead Software Developers with enhanced DV clearance. Industry leading company supporting UK national security projects. Day rate up to £715/day DOE. London based in an easily accessible location. To apply please call or email (see below) WHO ARE WE? We are recruiting Lead Software Developers with a wide variety of experience to work with an industry-leading cyber/National Security/defence client with office locations in and around London. The expertise of our engineers drives us forward, and we're looking for talented individuals to join us. Due to the nature of these clients, you must hold Enhanced DV Security Clearance to work on National Security projects. WE NEED THE LEAD SOFTWARE DEVELOPER TO HAVE . Enhanced DV Security Clearance. Experience with a wide variety of software tools and technologies (preferably Oracle DB, SAS, Linux, and Python). Ability to contribute to code development and best practices, including code reviews, unit testing, CI/CD, etc. Ability to develop and document change management and release management plans. Working knowledge of a cloud technology (preferably AWS). Experience mentoring junior Software Engineers. Experience collaborating with stakeholders. TO BE CONSIDERED . Please either apply by clicking online or emailing me directly to (see below). For further information please call me. I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. LEAD SOFTWARE DEVELOPER - EDV CLEARED KEY SKILLS: SOFTWARE ENGINEER/DEVOPS/FULL STACK/PYTHON/Oracle/VERSION CONTROL/UNIT TESTING/INTEGRATION TESTING/MENTORING/DV CLEARED/DV CLEARANCE/DEVELOPPED VETTING/DEVELOPED VETTED/DEEP VETTING/DEEP VETTED/SC CLEARED/SC CLEARANCE/SECURITY CLEARED/SECURITY CLEARANCE
25/07/2024
Project-based
LEAD SOFTWARE DEVELOPER - EDV CLEARED BRAND NEW CONTRACT OPPORTUNITY AVAILABLE WITHIN A LEADING COMPANY FOR A SOFTWARE DEVELOPER WITH ENHANCED DV CLEARANCE Contract opportunity for a Lead Software Developers with enhanced DV clearance. Industry leading company supporting UK national security projects. Day rate up to £715/day DOE. London based in an easily accessible location. To apply please call or email (see below) WHO ARE WE? We are recruiting Lead Software Developers with a wide variety of experience to work with an industry-leading cyber/National Security/defence client with office locations in and around London. The expertise of our engineers drives us forward, and we're looking for talented individuals to join us. Due to the nature of these clients, you must hold Enhanced DV Security Clearance to work on National Security projects. WE NEED THE LEAD SOFTWARE DEVELOPER TO HAVE . Enhanced DV Security Clearance. Experience with a wide variety of software tools and technologies (preferably Oracle DB, SAS, Linux, and Python). Ability to contribute to code development and best practices, including code reviews, unit testing, CI/CD, etc. Ability to develop and document change management and release management plans. Working knowledge of a cloud technology (preferably AWS). Experience mentoring junior Software Engineers. Experience collaborating with stakeholders. TO BE CONSIDERED . Please either apply by clicking online or emailing me directly to (see below). For further information please call me. I can make myself available outside of normal working hours to suit from 7am until 10pm. If unavailable, please leave a message and either myself or one of my colleagues will respond. By applying for this role, you give express consent for us to process & submit (subject to required skills) your application to our client in conjunction with this vacancy only. I look forward to hearing from you. LEAD SOFTWARE DEVELOPER - EDV CLEARED KEY SKILLS: SOFTWARE ENGINEER/DEVOPS/FULL STACK/PYTHON/Oracle/VERSION CONTROL/UNIT TESTING/INTEGRATION TESTING/MENTORING/DV CLEARED/DV CLEARANCE/DEVELOPPED VETTING/DEVELOPED VETTED/DEEP VETTING/DEEP VETTED/SC CLEARED/SC CLEARANCE/SECURITY CLEARED/SECURITY CLEARANCE
Senior Systems Engineer Department: Enterprise Cybersecurity - Identity and Access Management (IAM) Work Model: Hybrid Location: Dublin About the Role: A leading financial services organization is seeking a highly skilled Senior Systems Engineer to join their Enterprise Cybersecurity team, specifically within the API and Network Security squad in Identity and Access Management (IAM). This squad is pivotal in providing access and authentication services to users and application APIs across all business units, as well as managing the global network access control solutions. Key Responsibilities: Support and maintain vendor-based API Gateway management solutions (eg, Axway, Amazon API Gateway, Azure API Gateway). Ensure robust and secure Linux operating system environments. Manage and troubleshoot network protocols with strong TCP/IP knowledge. Collaborate with cross-functional teams to integrate security applications with directory services and various environments. Expertise and Skills Required: Experience: Minimum of 5 years in IT. API Gateway Solutions: Proficient in supporting vendor-based API Gateway solutions. Linux: Strong experience with Linux operating systems. Networking: In-depth understanding of TCP/IP protocols. Education: Bachelor's degree in Computer Science, Computer Systems Networking, Information Systems/Science, or a closely related field. Preferred Skills: Authentication Protocols: Knowledge of SAML, OpenID Connect, Kerberos, or OAuth. Integration Skills: Experience integrating security applications with directory services (LDAP, Active Directory, Oracle Directory Services) and environments (SQL, Oracle, MySQL, Cassandra, IIS, Apache, ISH, NodeJS, Tomcat, WebLogic, WebSphere). Programming: Ability to write and maintain source code for web services (RESTful, SOAP) using Java, JSP, ASP, and/or JavaScript. Applicants must have EU Citizenship or Stamp 4 visa to be considered
25/07/2024
Full time
Senior Systems Engineer Department: Enterprise Cybersecurity - Identity and Access Management (IAM) Work Model: Hybrid Location: Dublin About the Role: A leading financial services organization is seeking a highly skilled Senior Systems Engineer to join their Enterprise Cybersecurity team, specifically within the API and Network Security squad in Identity and Access Management (IAM). This squad is pivotal in providing access and authentication services to users and application APIs across all business units, as well as managing the global network access control solutions. Key Responsibilities: Support and maintain vendor-based API Gateway management solutions (eg, Axway, Amazon API Gateway, Azure API Gateway). Ensure robust and secure Linux operating system environments. Manage and troubleshoot network protocols with strong TCP/IP knowledge. Collaborate with cross-functional teams to integrate security applications with directory services and various environments. Expertise and Skills Required: Experience: Minimum of 5 years in IT. API Gateway Solutions: Proficient in supporting vendor-based API Gateway solutions. Linux: Strong experience with Linux operating systems. Networking: In-depth understanding of TCP/IP protocols. Education: Bachelor's degree in Computer Science, Computer Systems Networking, Information Systems/Science, or a closely related field. Preferred Skills: Authentication Protocols: Knowledge of SAML, OpenID Connect, Kerberos, or OAuth. Integration Skills: Experience integrating security applications with directory services (LDAP, Active Directory, Oracle Directory Services) and environments (SQL, Oracle, MySQL, Cassandra, IIS, Apache, ISH, NodeJS, Tomcat, WebLogic, WebSphere). Programming: Ability to write and maintain source code for web services (RESTful, SOAP) using Java, JSP, ASP, and/or JavaScript. Applicants must have EU Citizenship or Stamp 4 visa to be considered
x86 Hardware Product SME Whitehall Resources require an x86 Hardware Product SME to work with a key client on an initial 3-month contract. * This role will require 2 days on site per week in Sheffield. * Inside IR35. x86 Hardware Product SME Role Description: Work alongside the CTO Distributed Compute Product Management teams in providing expert guidance and knowledge when defining technical direction of x86 server hardware. They will support vendor engagement including service escalation, ongoing relationship management. They will support the business by understanding available x86 hardware bundles, firmware/microcode release cycle, acting as key technical bridge between business, architecture, and engineering teams as well as vendors. They will provide engagement on architectural, operational, security and other technical issues. To be successful in this role, you should meet the following requirements: . Proficient in x86 Server Hardware and components: Dell, Lenovo and HPE with experience of large, complex enterprise estates . A deep technical understanding of common remote server management software: iDRAC, XCC and iLO . Experience in certifying the overlaying Windows, RedHat and ESXi operating system products on x86 server hardware . In depth experience of dealing with Security and Compliance within a large financial institution. . Appreciation of integration of services in a data driven organisation using APIs. . Innovative approach to deployment methodologies . Experience of working with agile practices and toolsets including JIRA and Confluence . Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels . Ability to work with globally distributed teams including 3rd party vendors . A proven track record in applying these skills across Enterprise scale estates . Active listening, negotiation, problem-solving . Passionate about technology and solving IT operations-focused problems . Proven experience in Compute, Hypervisors, Storage, Networks . Keep up to date and have expertise on current tools, technologies and areas like cyber security and regulations pertaining to aspects like data privacy, consent, data residency etc. that are applicable All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
25/07/2024
Project-based
x86 Hardware Product SME Whitehall Resources require an x86 Hardware Product SME to work with a key client on an initial 3-month contract. * This role will require 2 days on site per week in Sheffield. * Inside IR35. x86 Hardware Product SME Role Description: Work alongside the CTO Distributed Compute Product Management teams in providing expert guidance and knowledge when defining technical direction of x86 server hardware. They will support vendor engagement including service escalation, ongoing relationship management. They will support the business by understanding available x86 hardware bundles, firmware/microcode release cycle, acting as key technical bridge between business, architecture, and engineering teams as well as vendors. They will provide engagement on architectural, operational, security and other technical issues. To be successful in this role, you should meet the following requirements: . Proficient in x86 Server Hardware and components: Dell, Lenovo and HPE with experience of large, complex enterprise estates . A deep technical understanding of common remote server management software: iDRAC, XCC and iLO . Experience in certifying the overlaying Windows, RedHat and ESXi operating system products on x86 server hardware . In depth experience of dealing with Security and Compliance within a large financial institution. . Appreciation of integration of services in a data driven organisation using APIs. . Innovative approach to deployment methodologies . Experience of working with agile practices and toolsets including JIRA and Confluence . Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels . Ability to work with globally distributed teams including 3rd party vendors . A proven track record in applying these skills across Enterprise scale estates . Active listening, negotiation, problem-solving . Passionate about technology and solving IT operations-focused problems . Proven experience in Compute, Hypervisors, Storage, Networks . Keep up to date and have expertise on current tools, technologies and areas like cyber security and regulations pertaining to aspects like data privacy, consent, data residency etc. that are applicable All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
Role Title: x86 Hardware Product SME Location: Hybrid (Sheffield) Duration: Until 29/11/24 £500-540 per day - umbrella only Would you like to join a global leader in consulting, technology services and digital transformation? Our client is at the forefront of innovation to address the entire breadth of opportunities in the evolving world of cloud, digital and platforms. Role Description: Work alongside the CTO Distributed Compute Product Management teams in providing expert guidance and knowledge when defining technical direction of x86 server hardware. They will support vendor engagement including service escalation, ongoing relationship management. They will support the business by understanding available x86 hardware bundles, firmware/microcode release cycle, acting as key technical bridge between business, architecture, and engineering teams as well as vendors. They will provide engagement on architectural, operational, security and other technical issues. To be successful in this role, you should meet the following requirements: Proficient in x86 Server Hardware and components: Dell, Lenovo and HPE with experience of large, complex enterprise estates A deep technical understanding of common remote server management software: iDRAC, XCC and iLO Experience in certifying the overlaying Windows, RedHat and ESXi operating system products on x86 server hardware In depth experience of dealing with Security and Compliance within a large financial institution. Appreciation of integration of services in a data driven organisation using APIs. Innovative approach to deployment methodologies Experience of working with agile practices and toolsets including JIRA and Confluence Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels Ability to work with globally distributed teams including 3rd party vendors A proven track record in applying these skills across Enterprise scale estates Active listening, negotiation, problem-solving Passionate about technology and solving IT operations-focused problems Proven experience in Compute, Hypervisors, Storage, Networks Keep up to date and have expertise on current tools, technologies and areas like cyber security and regulations pertaining to aspects like data privacy, consent, data residency etc. that are applicable All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
25/07/2024
Project-based
Role Title: x86 Hardware Product SME Location: Hybrid (Sheffield) Duration: Until 29/11/24 £500-540 per day - umbrella only Would you like to join a global leader in consulting, technology services and digital transformation? Our client is at the forefront of innovation to address the entire breadth of opportunities in the evolving world of cloud, digital and platforms. Role Description: Work alongside the CTO Distributed Compute Product Management teams in providing expert guidance and knowledge when defining technical direction of x86 server hardware. They will support vendor engagement including service escalation, ongoing relationship management. They will support the business by understanding available x86 hardware bundles, firmware/microcode release cycle, acting as key technical bridge between business, architecture, and engineering teams as well as vendors. They will provide engagement on architectural, operational, security and other technical issues. To be successful in this role, you should meet the following requirements: Proficient in x86 Server Hardware and components: Dell, Lenovo and HPE with experience of large, complex enterprise estates A deep technical understanding of common remote server management software: iDRAC, XCC and iLO Experience in certifying the overlaying Windows, RedHat and ESXi operating system products on x86 server hardware In depth experience of dealing with Security and Compliance within a large financial institution. Appreciation of integration of services in a data driven organisation using APIs. Innovative approach to deployment methodologies Experience of working with agile practices and toolsets including JIRA and Confluence Excellent written and verbal communication skills, with the ability to influence stakeholders at all levels Ability to work with globally distributed teams including 3rd party vendors A proven track record in applying these skills across Enterprise scale estates Active listening, negotiation, problem-solving Passionate about technology and solving IT operations-focused problems Proven experience in Compute, Hypervisors, Storage, Networks Keep up to date and have expertise on current tools, technologies and areas like cyber security and regulations pertaining to aspects like data privacy, consent, data residency etc. that are applicable All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!
Senior Attack Surface Reduction Analyst, Manager Grade, is required for this financial based in Buckinghamshire. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure but this is next level VM. This is Attack Surface Reduction and someone that is keen to stay in VM specifically, would not be best fit. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £75 - 95,000 + Excellent Financial Benefits + Bonus Hybrid working. Buckinghamshire based x3 days a week, x2 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena and now wants to focus more widely, specifically in Attack Surface Reduction. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
25/07/2024
Full time
Senior Attack Surface Reduction Analyst, Manager Grade, is required for this financial based in Buckinghamshire. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure but this is next level VM. This is Attack Surface Reduction and someone that is keen to stay in VM specifically, would not be best fit. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £75 - 95,000 + Excellent Financial Benefits + Bonus Hybrid working. Buckinghamshire based x3 days a week, x2 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena and now wants to focus more widely, specifically in Attack Surface Reduction. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
Position: Senior Cyber Security Engineer Location: Rugby, UK - Need to go onsite 4 days in a week Duration: 12 Permanent Job Description: Strong experience with 9-12yrs min with multiple SecOps domain. Candidate must be ready work in shift rotation across 24X7 support model. Candidate mandate to have experience and must perform security analyst monitoring logs on SIEM platform. Candidate should be with Vulnerability management using Tenable SC tool, Endpoint DLP, Encryption, Firewall Management, Anti-Malware in troubleshooting & support operations. Candidate must be aware of ITIL process in management incident, Change and problem management. Candidate must good enough to provide/share and suggest all good practices across the domain. Be responsible for Endpoint Protection related designs and deployments across the projects enterprise systems. Bring Strong subject matter knowledge in relation to Endpoint Protection/Security including, but not limited to, Encryption techniques, Event monitoring, Anti-Malware and Endpoint protection software, (Trellix product experience as additional advantage) . Strong subject matter knowledge in relation to SIEM tool configuration, logging, alerting and monitoring. Strong knowledge of forensics tools, (Axiom product experience as additional advantage) Demonstrable subject matter knowledge in at least one of the core Endpoint Security products within the scope of the MM contract, ie, Encryption techniques, Event monitoring, Anti-Malware & Endpoint Protection tooling. A working knowledge of the management/fault rectification of recent product versions in relation to the subject matter field. Desired Characteristics Experience with HMGSPF, JSP 440, JSP 490, NCSC ten steps to cyber security, MOD Cyber Security Directives. Any relevant Cyber security certifications (SANS, ISACA, ISC2, SSCP, CISSP, GIAC, CISA, CISM) Quickly able to technically analyses, diagnose, and resolve incidents and requests. Customer first delivery. Resolve issues with a desire to ensure that IT infrastructure remains secure and compliant. Good understanding of networks and Domain Structure. Candidate must have the valid SC Clearance.
25/07/2024
Full time
Position: Senior Cyber Security Engineer Location: Rugby, UK - Need to go onsite 4 days in a week Duration: 12 Permanent Job Description: Strong experience with 9-12yrs min with multiple SecOps domain. Candidate must be ready work in shift rotation across 24X7 support model. Candidate mandate to have experience and must perform security analyst monitoring logs on SIEM platform. Candidate should be with Vulnerability management using Tenable SC tool, Endpoint DLP, Encryption, Firewall Management, Anti-Malware in troubleshooting & support operations. Candidate must be aware of ITIL process in management incident, Change and problem management. Candidate must good enough to provide/share and suggest all good practices across the domain. Be responsible for Endpoint Protection related designs and deployments across the projects enterprise systems. Bring Strong subject matter knowledge in relation to Endpoint Protection/Security including, but not limited to, Encryption techniques, Event monitoring, Anti-Malware and Endpoint protection software, (Trellix product experience as additional advantage) . Strong subject matter knowledge in relation to SIEM tool configuration, logging, alerting and monitoring. Strong knowledge of forensics tools, (Axiom product experience as additional advantage) Demonstrable subject matter knowledge in at least one of the core Endpoint Security products within the scope of the MM contract, ie, Encryption techniques, Event monitoring, Anti-Malware & Endpoint Protection tooling. A working knowledge of the management/fault rectification of recent product versions in relation to the subject matter field. Desired Characteristics Experience with HMGSPF, JSP 440, JSP 490, NCSC ten steps to cyber security, MOD Cyber Security Directives. Any relevant Cyber security certifications (SANS, ISACA, ISC2, SSCP, CISSP, GIAC, CISA, CISM) Quickly able to technically analyses, diagnose, and resolve incidents and requests. Customer first delivery. Resolve issues with a desire to ensure that IT infrastructure remains secure and compliant. Good understanding of networks and Domain Structure. Candidate must have the valid SC Clearance.
Network Infrastructure Engineer Permanent £40,000 - £55,000 Depending on experience Full time onsite to begin - Hybrid working after probation My client are seeking a talented and ambitious Network Engineer to join them on a permanent basis where you will play a crucial role in ensuring the smooth operation of the network infrastructure and supporting Back Office systems. This role requires a combination of technical expertise in networking, IT systems and some cybersecurity, as well as strong problem-solving and communication skills. Network Infrastructure Support: Implement and maintain the company's network infrastructure, including Routers, Switches, Firewalls, and wireless access points. Configure and optimize network protocols and services, such as TCP/IP, VLANs, VPNs, and DHCP. Conduct, in collaboration with the InfoSec team, regular network audits and security assessments to identify vulnerabilities and ensure compliance with cybersecurity best practices and industry standards. Implement and maintain cybersecurity technical measures to protect the organization's network infrastructure and data assets. Configure and manage security devices such as Firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection solutions. Monitor network traffic and security logs to detect unauthorized access or suspicious activity, and respond promptly to security incidents. Required skills, knowledge and experience: Strong experience in network engineering. Good experience in general IT Infrastructure Some knowledge and experience in cybersecurity. Strong knowledge of networking concepts, protocols, and technologies, such as TCP/IP, DNS, DHCP, VLANS, and routing protocols. Hands-on experience with network security technologies and tools, such as Firewalls, IDS/IPS, SIEM solutions, and antivirus software. Proficiency in managing Windows and Linux server environments, including ctive Directory, Exchange, and SQL Server, Experience with cybersecurity frameworks and compliance standards (eg, NIST, ISO 27001, GDPR). Excellent problem-solving skills and attention to detail with the ability to prioritize and manage multiple tasks in a fast-paced environment. Strong communication and interpersonal skills, with the ability to work effectively both independently and as part of a team. Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
25/07/2024
Full time
Network Infrastructure Engineer Permanent £40,000 - £55,000 Depending on experience Full time onsite to begin - Hybrid working after probation My client are seeking a talented and ambitious Network Engineer to join them on a permanent basis where you will play a crucial role in ensuring the smooth operation of the network infrastructure and supporting Back Office systems. This role requires a combination of technical expertise in networking, IT systems and some cybersecurity, as well as strong problem-solving and communication skills. Network Infrastructure Support: Implement and maintain the company's network infrastructure, including Routers, Switches, Firewalls, and wireless access points. Configure and optimize network protocols and services, such as TCP/IP, VLANs, VPNs, and DHCP. Conduct, in collaboration with the InfoSec team, regular network audits and security assessments to identify vulnerabilities and ensure compliance with cybersecurity best practices and industry standards. Implement and maintain cybersecurity technical measures to protect the organization's network infrastructure and data assets. Configure and manage security devices such as Firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection solutions. Monitor network traffic and security logs to detect unauthorized access or suspicious activity, and respond promptly to security incidents. Required skills, knowledge and experience: Strong experience in network engineering. Good experience in general IT Infrastructure Some knowledge and experience in cybersecurity. Strong knowledge of networking concepts, protocols, and technologies, such as TCP/IP, DNS, DHCP, VLANS, and routing protocols. Hands-on experience with network security technologies and tools, such as Firewalls, IDS/IPS, SIEM solutions, and antivirus software. Proficiency in managing Windows and Linux server environments, including ctive Directory, Exchange, and SQL Server, Experience with cybersecurity frameworks and compliance standards (eg, NIST, ISO 27001, GDPR). Excellent problem-solving skills and attention to detail with the ability to prioritize and manage multiple tasks in a fast-paced environment. Strong communication and interpersonal skills, with the ability to work effectively both independently and as part of a team. Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
IT Engineer | Manufacturing | North Derbyshire | LabVIEW I have just taken a brief for a cracking hands-on IT Engineer vacancy based 5 days per week from their North Derbyshire manufacturing site. Our client are a global business who are growing at an outstanding rate at the moment and need someone to come in and support their state-of-the-art manufacturing plant from an IT perspective. This role will see you understanding the ins-and-outs of their hardware setup, ensuring that their systems are maintained and new software packages are implemented and developed to ensure their production process runs faultlessly. You'll be maintaining our client's cyber security standards. Tech-wise, you will be working with things like LabVIEW, MySQL, Industrial printers, barcode scanners, and working with MES (Manufacturing Engineering Systems), Windows 10, etc. You'll need to have experience working in this sort of environment. Our client are looking to speak to candidates who have strong experience working in a manufacturing company where you have had experience working with IT software to support robotics and manufacturing products. You'll need to have demonstrable experience of IT implementations in a manufacturing environment. You will need to have worked in a Windows environment and have experience working with a range of network tools (WAN, LAN, Wi-Fi). Experience working with Visual Basic and databases will be beneficial to your application. You'll be a natural problem solver and an inquisitive individual. In return, you'll be joining a dynamic company who are going through an exciting period of growth and get the opportunity for internal progression. You'll get access to one of the best pension schemes in the industry (up to 20%), an annual bonus, regular social events, and much more! If this could be of interest then please get in touch ASAP for immediate consideration. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
25/07/2024
Full time
IT Engineer | Manufacturing | North Derbyshire | LabVIEW I have just taken a brief for a cracking hands-on IT Engineer vacancy based 5 days per week from their North Derbyshire manufacturing site. Our client are a global business who are growing at an outstanding rate at the moment and need someone to come in and support their state-of-the-art manufacturing plant from an IT perspective. This role will see you understanding the ins-and-outs of their hardware setup, ensuring that their systems are maintained and new software packages are implemented and developed to ensure their production process runs faultlessly. You'll be maintaining our client's cyber security standards. Tech-wise, you will be working with things like LabVIEW, MySQL, Industrial printers, barcode scanners, and working with MES (Manufacturing Engineering Systems), Windows 10, etc. You'll need to have experience working in this sort of environment. Our client are looking to speak to candidates who have strong experience working in a manufacturing company where you have had experience working with IT software to support robotics and manufacturing products. You'll need to have demonstrable experience of IT implementations in a manufacturing environment. You will need to have worked in a Windows environment and have experience working with a range of network tools (WAN, LAN, Wi-Fi). Experience working with Visual Basic and databases will be beneficial to your application. You'll be a natural problem solver and an inquisitive individual. In return, you'll be joining a dynamic company who are going through an exciting period of growth and get the opportunity for internal progression. You'll get access to one of the best pension schemes in the industry (up to 20%), an annual bonus, regular social events, and much more! If this could be of interest then please get in touch ASAP for immediate consideration. Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Spectrum IT Recruitment (South) Ltd
Fareham, Hampshire
Senior Front End Developer Salary circa £50,000 - £55,000 plus excellent benefits HTML, CSS, JavaScript, jQuery, TypeScript, PHP Fareham, Hampshire Your digital identity is at risk! Malware, Ransomware, Cryptojacking, Trojan Viruses. In 2023, cybercrime cost UK businesses an estimated £21 billion. But don't think its the just the big corporates at risk, the average cybercrime value in the UK is just over £10,000 demonstrating that personal finance and small business cybercrime is rife. Would you like to be part of the solution? We are working with an award winning leader in the field of cyber security. They are on a mission to build a safer digital world for you and your future self! They have built a suite of innovative products designed to offer superior protection against a broad spectrum of online threats. Our client has the requirement for a Senior Front End Developer who are looking to broaden their experience using a wide range of technology, solve interesting problems, work with big data and engineering challenges. You will join an ambitious company and talented team developing a range of dynamic functionality to a large, bespoke and multi-functional system used by a global client base. Technical Skills: HTML CSS JavaScript React preferred but will consider Angular/VueJS JavaScript object model JavaScript preprocessors eg webpack, Rollup, Babel SCSS/LESS OOP, PHP and LAMP Knowledge of performance testing frameworks Mocha and Jest On top of a competitive salary (approx £50k - £55k) the company offer some fantastic financial and lifestyle benefits including; free access to local gym and health spa, onsite chef (free cooked breakfast & lunch!), childcare vouchers, cycle to work scheme, pension, BUPA healthcare, investment in training and personal development. Interviews are being held within the next couple of weeks so please get in touch via email or give me a call on the following (see below) or call. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
24/07/2024
Full time
Senior Front End Developer Salary circa £50,000 - £55,000 plus excellent benefits HTML, CSS, JavaScript, jQuery, TypeScript, PHP Fareham, Hampshire Your digital identity is at risk! Malware, Ransomware, Cryptojacking, Trojan Viruses. In 2023, cybercrime cost UK businesses an estimated £21 billion. But don't think its the just the big corporates at risk, the average cybercrime value in the UK is just over £10,000 demonstrating that personal finance and small business cybercrime is rife. Would you like to be part of the solution? We are working with an award winning leader in the field of cyber security. They are on a mission to build a safer digital world for you and your future self! They have built a suite of innovative products designed to offer superior protection against a broad spectrum of online threats. Our client has the requirement for a Senior Front End Developer who are looking to broaden their experience using a wide range of technology, solve interesting problems, work with big data and engineering challenges. You will join an ambitious company and talented team developing a range of dynamic functionality to a large, bespoke and multi-functional system used by a global client base. Technical Skills: HTML CSS JavaScript React preferred but will consider Angular/VueJS JavaScript object model JavaScript preprocessors eg webpack, Rollup, Babel SCSS/LESS OOP, PHP and LAMP Knowledge of performance testing frameworks Mocha and Jest On top of a competitive salary (approx £50k - £55k) the company offer some fantastic financial and lifestyle benefits including; free access to local gym and health spa, onsite chef (free cooked breakfast & lunch!), childcare vouchers, cycle to work scheme, pension, BUPA healthcare, investment in training and personal development. Interviews are being held within the next couple of weeks so please get in touch via email or give me a call on the following (see below) or call. Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
Primary Skills Required: Expert level knowledge of Oracle technologies: Oracle Cloud, OCI Oracle Engineered Systems, such as Exadata, ZFS appliance, Oracle Database Appliance Enterprise level experience in following technical disciplines Network connectivity architecture Auditing and Security High availability; High availability design - Oracle MAA Disaster recovery We seek an enthusiastic and highly talented Oracle Database/OCI Architect to help design, architect and implement innovative solutions for our database platforms. An interested candidate will have extensive experience in architecting Oracle Database infrastructure, both om premise and in the cloud, designed for the future. The candidate must keep abreast of new technologies and trends with an eagerness to learn, pair and coach. The candidate will be shaping the future of Database Engineering as we transform through a Service Oriented, API first and Cloud Native approach in delivering our Database platforms as Automated Services for teams and customers. Key responsibilities Work with management, engineering and operations to design architecture concerning Oracle landscape Drive development of strategy based on analysis of company needs and industry trends Designing infrastructure target state architectures and roadmaps of achieving it Translate stakeholders' requirements into architecture definitions Create architecture documentation Prepare High level, technical and solution designs for different use cases and challenges Architecting and Designing solutions that transforms a Database Platform into a Service Continuously looking for opportunities to optimize and automate Skills and experience: Expert level knowledge of Oracle technologies: Oracle Cloud, OCI Oracle Engineered Systems, such as Exadata, ZFS appliance, Oracle Database Appliance Oracle Database Enterprise level experience in following technical disciplines Network connectivity architecture Auditing and Security High availability; High availability design - Oracle MAA Disaster recovery Knowledge of financial sector database security controls design Database security Auditing and monitoring Privileged access management Brokered Access and authentication - ie Cyberark Expert level knowledge of enterprise architecture standards Familiar with Google Cloud Platform Experience in gathering, documenting and analysing requirements Experience in creating and maintaining complex architecture documentation Outstanding communication and presentation skills Effectively communicates complex messages in a clear and concise manner Experience in solution design and techniques with ability to make design decision trade-offs Ability to self-manage a book of work and ensure clear transparency on progress with clear and timely communication of issues Capability to interact successfully in a virtual, multi-vendor and multi-cultural environment Enables experimentation and fast learning approaches to creating solutions Ability to prioritize and manage several competing demands simultaneously Ability to work autonomously, take a leap and achieve goals iteratively
24/07/2024
Primary Skills Required: Expert level knowledge of Oracle technologies: Oracle Cloud, OCI Oracle Engineered Systems, such as Exadata, ZFS appliance, Oracle Database Appliance Enterprise level experience in following technical disciplines Network connectivity architecture Auditing and Security High availability; High availability design - Oracle MAA Disaster recovery We seek an enthusiastic and highly talented Oracle Database/OCI Architect to help design, architect and implement innovative solutions for our database platforms. An interested candidate will have extensive experience in architecting Oracle Database infrastructure, both om premise and in the cloud, designed for the future. The candidate must keep abreast of new technologies and trends with an eagerness to learn, pair and coach. The candidate will be shaping the future of Database Engineering as we transform through a Service Oriented, API first and Cloud Native approach in delivering our Database platforms as Automated Services for teams and customers. Key responsibilities Work with management, engineering and operations to design architecture concerning Oracle landscape Drive development of strategy based on analysis of company needs and industry trends Designing infrastructure target state architectures and roadmaps of achieving it Translate stakeholders' requirements into architecture definitions Create architecture documentation Prepare High level, technical and solution designs for different use cases and challenges Architecting and Designing solutions that transforms a Database Platform into a Service Continuously looking for opportunities to optimize and automate Skills and experience: Expert level knowledge of Oracle technologies: Oracle Cloud, OCI Oracle Engineered Systems, such as Exadata, ZFS appliance, Oracle Database Appliance Oracle Database Enterprise level experience in following technical disciplines Network connectivity architecture Auditing and Security High availability; High availability design - Oracle MAA Disaster recovery Knowledge of financial sector database security controls design Database security Auditing and monitoring Privileged access management Brokered Access and authentication - ie Cyberark Expert level knowledge of enterprise architecture standards Familiar with Google Cloud Platform Experience in gathering, documenting and analysing requirements Experience in creating and maintaining complex architecture documentation Outstanding communication and presentation skills Effectively communicates complex messages in a clear and concise manner Experience in solution design and techniques with ability to make design decision trade-offs Ability to self-manage a book of work and ensure clear transparency on progress with clear and timely communication of issues Capability to interact successfully in a virtual, multi-vendor and multi-cultural environment Enables experimentation and fast learning approaches to creating solutions Ability to prioritize and manage several competing demands simultaneously Ability to work autonomously, take a leap and achieve goals iteratively