*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
28/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Senior Infrastructure Engineer - Southampton - Hybrid (4 Days per week in the office) - £60k Are you a skilled and focused Senior Infrastructure Engineer looking for a dynamic environment to develop your career? This expanding company offers a hybrid work model with occasional visits to other global sites, providing opportunities to collaborate across all levels and departments. In this role, you'll support their global IT infrastructure and security, manage network systems and Windows Servers both on-premise and in Azure, and work closely with their Security team. You'll be responsible for maintaining multi-site backups and cloud operations, handling Active Directory and Azure AD networks, and providing third-level support to resolve incidents. Proactive maintenance and monitoring of GD WAN networks, SDWAN, and IT infrastructure will also be key parts of your role, along with participating in on-call support. With previous experience in a senior infrastructure role, expertise in Cisco networks (CCNA/CCNP preferred but definitely not seesntial), and familiarity with cybersecurity systems and Windows Server, you'll excel in this position. Experience with IAAS, PAAS, and SAAS platforms, along with Microsoft certifications, will be advantageous. If you have a passion for technology, an enthusiastic attitude, and enjoy being a collaborative team player, we want to hear from you. This is a fantastic opportunity to advance your career in a supportive and fast-paced environment. Apply now and join this exciting journey!
28/06/2024
Full time
Senior Infrastructure Engineer - Southampton - Hybrid (4 Days per week in the office) - £60k Are you a skilled and focused Senior Infrastructure Engineer looking for a dynamic environment to develop your career? This expanding company offers a hybrid work model with occasional visits to other global sites, providing opportunities to collaborate across all levels and departments. In this role, you'll support their global IT infrastructure and security, manage network systems and Windows Servers both on-premise and in Azure, and work closely with their Security team. You'll be responsible for maintaining multi-site backups and cloud operations, handling Active Directory and Azure AD networks, and providing third-level support to resolve incidents. Proactive maintenance and monitoring of GD WAN networks, SDWAN, and IT infrastructure will also be key parts of your role, along with participating in on-call support. With previous experience in a senior infrastructure role, expertise in Cisco networks (CCNA/CCNP preferred but definitely not seesntial), and familiarity with cybersecurity systems and Windows Server, you'll excel in this position. Experience with IAAS, PAAS, and SAAS platforms, along with Microsoft certifications, will be advantageous. If you have a passion for technology, an enthusiastic attitude, and enjoy being a collaborative team player, we want to hear from you. This is a fantastic opportunity to advance your career in a supportive and fast-paced environment. Apply now and join this exciting journey!
I am working with an Irish company, a leading provider of eMobility solutions. They are looking to hire a Systems Integrations engineer on a 12 months daily rate contract. The eCars IT & Digital team is responsible for ensuring the effective delivery of essential IT services to the ecars business and its customers on a 24/7 basis, and for evolving the IT & Digital services over time to meet ever evolving business goals and requirements. The ecars technology landscape is comprised of a core state-of-the-art charge point management and revenue management system delivered on a software-as-a-service basis, connected to over 2000 charge points over 3g and 4g mobile networks. A range of interfaces are used to connect to third-party systems, including payment gateways, roaming platforms, CRM systems and business partners. Customer touchpoints include digital tools, mobile applications and contactless RFID cards. What You'll Do: Support Systems: Keep our charge point and payment systems running smoothly. Ensure Network Availability: Work with teams and partners to keep our charging network up and running. Solve Problems: Help troubleshoot customer issues with billing, charge points, and more. Integrate Systems: Onboard new charge points and roaming platforms. Manage Services: Track incidents, plan outages, and handle service requests. Test Features: Create and run tests for new system features and updates. Roll Out New Tech: Support the introduction of cool new features like "Plug-And-Charge" and smart payments. Boost Cyber Security: Help us stay secure and compliant with the latest standards. Handle Data: Manage data exchanges and help create insightful reports. What You'll Need: Must-Haves: Degree in IT, Computer Science, or related field. 5+ years in a similar role with knowledge of E-mobility and Energy industries Experience of implementing and supporting digital systems using a range of technologies including Azure and Google cloud, web services and APIs, together with a thorough understanding of functional areas such as customer billing, payment processing, CRM Knowledge of cloud tech, APIs, and digital systems including protocols and standards such as such as Open Charge Point Protocol (OCPP) and the Open Charge Point Interface Protocol (OCPI) Experience in service management. Great communication and organizational skills. Experience in networking or operations tech. Familiarity with cybersecurity. Skills in data analysis. Knowledge of EV systems and protocols (OCPP/OCPI). Perks: Start Date: ASAP Duration: 12 months Hours: 8:30 AM - 4:45 PM, Monday to Friday Location: Dublin Work Setup: Hybrid with remote work flexibility. Business travel expenses covered. The successful candidate must have use of a personal 'phone, laptop/PC and Internet facilities, and must be equipped to fully engage in a professional manner during the course of the engagement Interested? Click APPLY and help power the EV revolution!
28/06/2024
Project-based
I am working with an Irish company, a leading provider of eMobility solutions. They are looking to hire a Systems Integrations engineer on a 12 months daily rate contract. The eCars IT & Digital team is responsible for ensuring the effective delivery of essential IT services to the ecars business and its customers on a 24/7 basis, and for evolving the IT & Digital services over time to meet ever evolving business goals and requirements. The ecars technology landscape is comprised of a core state-of-the-art charge point management and revenue management system delivered on a software-as-a-service basis, connected to over 2000 charge points over 3g and 4g mobile networks. A range of interfaces are used to connect to third-party systems, including payment gateways, roaming platforms, CRM systems and business partners. Customer touchpoints include digital tools, mobile applications and contactless RFID cards. What You'll Do: Support Systems: Keep our charge point and payment systems running smoothly. Ensure Network Availability: Work with teams and partners to keep our charging network up and running. Solve Problems: Help troubleshoot customer issues with billing, charge points, and more. Integrate Systems: Onboard new charge points and roaming platforms. Manage Services: Track incidents, plan outages, and handle service requests. Test Features: Create and run tests for new system features and updates. Roll Out New Tech: Support the introduction of cool new features like "Plug-And-Charge" and smart payments. Boost Cyber Security: Help us stay secure and compliant with the latest standards. Handle Data: Manage data exchanges and help create insightful reports. What You'll Need: Must-Haves: Degree in IT, Computer Science, or related field. 5+ years in a similar role with knowledge of E-mobility and Energy industries Experience of implementing and supporting digital systems using a range of technologies including Azure and Google cloud, web services and APIs, together with a thorough understanding of functional areas such as customer billing, payment processing, CRM Knowledge of cloud tech, APIs, and digital systems including protocols and standards such as such as Open Charge Point Protocol (OCPP) and the Open Charge Point Interface Protocol (OCPI) Experience in service management. Great communication and organizational skills. Experience in networking or operations tech. Familiarity with cybersecurity. Skills in data analysis. Knowledge of EV systems and protocols (OCPP/OCPI). Perks: Start Date: ASAP Duration: 12 months Hours: 8:30 AM - 4:45 PM, Monday to Friday Location: Dublin Work Setup: Hybrid with remote work flexibility. Business travel expenses covered. The successful candidate must have use of a personal 'phone, laptop/PC and Internet facilities, and must be equipped to fully engage in a professional manner during the course of the engagement Interested? Click APPLY and help power the EV revolution!
IT Network Technician - Luton Onsite work - Salary up to £55,000 IT Network Technician required to work for a leading client based in Luton. My client is currently seeking a IT Network Technician to come on board to be responsible for executing projects aimed at maintaining and enhancing the airport's server and network systems, as well as aiding in the implementation of various organization-wide initiatives. This role involves supporting daily network modifications and upgrades, and contributing to project delivery by overseeing the physical installation of network equipment and performing network patching. Assist in the daily operation of the airport's wired and wireless networks, including performing routine health checks, identifying issues, risks, and opportunities, and offering recommendations for continuous improvement. Configure and install network Switches, and patch Ethernet and fiber lines throughout the airport. Apply best practices for network management and conduct regular maintenance activities to ensure network stability and performance. Key skills, Previous Network experience Experience as an IT Support Administrator or IT Support Engineer, providing 2nd or 3rd line support in a dynamic environment. Strong knowledge of network support and administration, including DNS, DHCP, and TCP/IP protocols. Understanding of network and system monitoring and alerting solutions. Hands-on experience with configuring and physically installing network Switches in both stack and non-stack configurations. Knowledge of cybersecurity principles to ensure network safety and integrity. Excellent collaboration skills for effective interaction with colleagues, users, and stakeholders. Outstanding verbal and written communication skills. Willingness to invest time and effort into learning and developing new skills and capabilities. Entry-level networking qualification, such as CompTIA Network+ or equivalent. Desirable skills, Knowledge and practical experience with HPE Aruba networking products. Experience with Firewalls and Routers, including basic configuration changes, failover, and testing. Familiarity with network automation tools. Knowledge of Microsoft Windows Server technologies, and experience with VMware/Hyper-V virtualization is advantageous. Interested? Please submit your updated CV to Olivia Yafai at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
28/06/2024
Full time
IT Network Technician - Luton Onsite work - Salary up to £55,000 IT Network Technician required to work for a leading client based in Luton. My client is currently seeking a IT Network Technician to come on board to be responsible for executing projects aimed at maintaining and enhancing the airport's server and network systems, as well as aiding in the implementation of various organization-wide initiatives. This role involves supporting daily network modifications and upgrades, and contributing to project delivery by overseeing the physical installation of network equipment and performing network patching. Assist in the daily operation of the airport's wired and wireless networks, including performing routine health checks, identifying issues, risks, and opportunities, and offering recommendations for continuous improvement. Configure and install network Switches, and patch Ethernet and fiber lines throughout the airport. Apply best practices for network management and conduct regular maintenance activities to ensure network stability and performance. Key skills, Previous Network experience Experience as an IT Support Administrator or IT Support Engineer, providing 2nd or 3rd line support in a dynamic environment. Strong knowledge of network support and administration, including DNS, DHCP, and TCP/IP protocols. Understanding of network and system monitoring and alerting solutions. Hands-on experience with configuring and physically installing network Switches in both stack and non-stack configurations. Knowledge of cybersecurity principles to ensure network safety and integrity. Excellent collaboration skills for effective interaction with colleagues, users, and stakeholders. Outstanding verbal and written communication skills. Willingness to invest time and effort into learning and developing new skills and capabilities. Entry-level networking qualification, such as CompTIA Network+ or equivalent. Desirable skills, Knowledge and practical experience with HPE Aruba networking products. Experience with Firewalls and Routers, including basic configuration changes, failover, and testing. Familiarity with network automation tools. Knowledge of Microsoft Windows Server technologies, and experience with VMware/Hyper-V virtualization is advantageous. Interested? Please submit your updated CV to Olivia Yafai at Crimson for immediate consideration. Not interested? Do you know someone who might be a perfect fit for this role? Refer a friend and earn £250 worth of vouchers! Crimson is acting as an employment agency regarding this vacancy
Responsibilities Creating and implementing security protocols to ensure the security of IoT devices and applications. Developing and testing software to detect and prevent security breaches. Reviewing code and conducting risk assessments to identify vulnerabilities. Collaborating with cross-functional teams to ensure security and compliance are implemented throughout the development life cycle. Conducting security training and awareness programs to increase security awareness among employees. Leadership skills, ability to manage and develop a team. Identifying and managing threats and breaches to security infrastructure. Conducting penetration testing of IoT devices and applications to test security measures. Experience in developing and driving capability growth. Automotive cyber expertise would be desirable. Experience in securing Smart Electricity Systems desirable Requirements Bachelor's degree in computer science or a related field. Proven experience in security engineering, IoT security, and risk assessment. Familiarity with software development life cycle (SDLC) processes and methodologies. Knowledge of authentication mechanisms, encryption technologies, and security protocols such as IPSec, SSL, and SSH. Experience in developing and testing software using Python, C++, and Java. Excellent problem-solving skills and the ability to work well under pressure. Ability to communicate technical ideas and issues to both technical and non-technical audiences.
28/06/2024
Full time
Responsibilities Creating and implementing security protocols to ensure the security of IoT devices and applications. Developing and testing software to detect and prevent security breaches. Reviewing code and conducting risk assessments to identify vulnerabilities. Collaborating with cross-functional teams to ensure security and compliance are implemented throughout the development life cycle. Conducting security training and awareness programs to increase security awareness among employees. Leadership skills, ability to manage and develop a team. Identifying and managing threats and breaches to security infrastructure. Conducting penetration testing of IoT devices and applications to test security measures. Experience in developing and driving capability growth. Automotive cyber expertise would be desirable. Experience in securing Smart Electricity Systems desirable Requirements Bachelor's degree in computer science or a related field. Proven experience in security engineering, IoT security, and risk assessment. Familiarity with software development life cycle (SDLC) processes and methodologies. Knowledge of authentication mechanisms, encryption technologies, and security protocols such as IPSec, SSL, and SSH. Experience in developing and testing software using Python, C++, and Java. Excellent problem-solving skills and the ability to work well under pressure. Ability to communicate technical ideas and issues to both technical and non-technical audiences.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
27/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Position: Senior Cyber Security Engineering SME Location: Rugby, UK - Hybrid Duration: Permanent JOB DESCRIPTION: Role Summary/Purpose The Senior Cyber Security Engineering SME (Endpoint/Engineering Security SME) to provide strong subject matter expertise within the component area of Endpoint Management (Antivirus/DLP, endpoint security and Forensics), including, Disk Encryption, Anti-Malware, Device and Application Control, event collection & monitoring and SIEM platform guidance methodologies. Essential Responsibilities/Qualifications Proven track-record in a similar role . Be responsible for Endpoint Protection related designs and deployments across the projects enterprise systems. Bring Strong subject matter knowledge in relation to Endpoint Protection/Security including, but not limited to, Encryption techniques, Event monitoring, Anti-Malware and Endpoint protection software, (Trellix product experience as additional advantage) . Strong subject matter knowledge in relation to SIEM tool configuration, logging, alerting and monitoring. Strong knowledge of forensics tools, (Axiom product experience as additional advantage) Demonstrable subject matter knowledge in at least one of the core Endpoint Security products within the scope of the MM contract, ie, Encryption techniques, Event monitoring, Anti-Malware & Endpoint Protection tooling. A working knowledge of the management/fault rectification of recent product versions in relation to the subject matter field. Experience communicating across multiple stakeholder levels including End users, Suppliers & IT leadership. Experience supporting the audits such as cyber essentials. (Experience supporting the CE/CE+ experience as additional advantage) Ability to author design and process documents related to Endpoint Protection. Ability to create and maintain technical documents, such as operational support guidelines, policies, and procedures. Stay current and follow UK Cyber Security and UK Compliance policies, processes, and strategies. Must be willing to work out of Rugby, UK site (subject to COVID regulations and customer requirements). Security Clearance level Restrictions apply. Desired Characteristics Experience with HMGSPF, JSP 440, JSP 490, NCSC ten steps to cyber security, MOD Cyber Security Directives. Any relevant Cyber security certifications (SANS, ISACA, ISC2, SSCP, CISSP, GIAC, CISA, CISM) Quickly able to technically analyses, diagnose, and resolve incidents and requests. Customer first delivery. Resolve issues with a desire to ensure that IT infrastructure remains secure and compliant. Good understanding of networks and Domain Structure. Experience with HLD,LLD development from a security engineering prospective. Should have knowledge & experience of implementing Security Controls & Configuration of Network appliances. (Routers, Switches, Firewall) Working knowledge & experience of Tenable SC. (Vulnerability Management, Scanning, Remediation)
27/06/2024
Full time
Position: Senior Cyber Security Engineering SME Location: Rugby, UK - Hybrid Duration: Permanent JOB DESCRIPTION: Role Summary/Purpose The Senior Cyber Security Engineering SME (Endpoint/Engineering Security SME) to provide strong subject matter expertise within the component area of Endpoint Management (Antivirus/DLP, endpoint security and Forensics), including, Disk Encryption, Anti-Malware, Device and Application Control, event collection & monitoring and SIEM platform guidance methodologies. Essential Responsibilities/Qualifications Proven track-record in a similar role . Be responsible for Endpoint Protection related designs and deployments across the projects enterprise systems. Bring Strong subject matter knowledge in relation to Endpoint Protection/Security including, but not limited to, Encryption techniques, Event monitoring, Anti-Malware and Endpoint protection software, (Trellix product experience as additional advantage) . Strong subject matter knowledge in relation to SIEM tool configuration, logging, alerting and monitoring. Strong knowledge of forensics tools, (Axiom product experience as additional advantage) Demonstrable subject matter knowledge in at least one of the core Endpoint Security products within the scope of the MM contract, ie, Encryption techniques, Event monitoring, Anti-Malware & Endpoint Protection tooling. A working knowledge of the management/fault rectification of recent product versions in relation to the subject matter field. Experience communicating across multiple stakeholder levels including End users, Suppliers & IT leadership. Experience supporting the audits such as cyber essentials. (Experience supporting the CE/CE+ experience as additional advantage) Ability to author design and process documents related to Endpoint Protection. Ability to create and maintain technical documents, such as operational support guidelines, policies, and procedures. Stay current and follow UK Cyber Security and UK Compliance policies, processes, and strategies. Must be willing to work out of Rugby, UK site (subject to COVID regulations and customer requirements). Security Clearance level Restrictions apply. Desired Characteristics Experience with HMGSPF, JSP 440, JSP 490, NCSC ten steps to cyber security, MOD Cyber Security Directives. Any relevant Cyber security certifications (SANS, ISACA, ISC2, SSCP, CISSP, GIAC, CISA, CISM) Quickly able to technically analyses, diagnose, and resolve incidents and requests. Customer first delivery. Resolve issues with a desire to ensure that IT infrastructure remains secure and compliant. Good understanding of networks and Domain Structure. Experience with HLD,LLD development from a security engineering prospective. Should have knowledge & experience of implementing Security Controls & Configuration of Network appliances. (Routers, Switches, Firewall) Working knowledge & experience of Tenable SC. (Vulnerability Management, Scanning, Remediation)
- Head of Site Reliability/Infrastructure - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
27/06/2024
Full time
- Head of Site Reliability/Infrastructure - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
Position Available: Cyber Security Engineer Location: Bristol & Dynamic Working Hours Salary: Up to £55,000 + Paid Overtime & Company Bonus & Very Good Pension Package About the role We are a leading defence company who are at the forefront of innovation in the industry and your work will have a direct impact on the safety and security of the UK & our allies. We are currently looking for a Cyber Security Engineer to work in our team. In this role you will support the team in: Identifying & assessing security risks to systems and ensuring security measures are implemented and validated Working together to take account of complex trades and requirements on cyber security design and assurance Delivering the project's cyber security risk management process and provide guidance and support on the project based on a risk management methodology Producing the project security case and engage with project collaborators to deliver against project achievements What we need from you: An ability to undertake risk assessments and propose security measures in response across the range of physical, personnel, procedural and technical measures. Understanding of MOD and Government information security policy, standards and guidance and the ability to tailor them to the specific needs of our product range A validated delivery focussed mind-set, aware of the exciting demands on cyber security design, implementation and assurance Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes A curiosity about emerging risk assessment approaches and next generation security functions and approaches. If you would like to know more details about the position or want to register your interest, hit apply below. We'd love to hear from you!
27/06/2024
Full time
Position Available: Cyber Security Engineer Location: Bristol & Dynamic Working Hours Salary: Up to £55,000 + Paid Overtime & Company Bonus & Very Good Pension Package About the role We are a leading defence company who are at the forefront of innovation in the industry and your work will have a direct impact on the safety and security of the UK & our allies. We are currently looking for a Cyber Security Engineer to work in our team. In this role you will support the team in: Identifying & assessing security risks to systems and ensuring security measures are implemented and validated Working together to take account of complex trades and requirements on cyber security design and assurance Delivering the project's cyber security risk management process and provide guidance and support on the project based on a risk management methodology Producing the project security case and engage with project collaborators to deliver against project achievements What we need from you: An ability to undertake risk assessments and propose security measures in response across the range of physical, personnel, procedural and technical measures. Understanding of MOD and Government information security policy, standards and guidance and the ability to tailor them to the specific needs of our product range A validated delivery focussed mind-set, aware of the exciting demands on cyber security design, implementation and assurance Understanding of systems and security verification, validation, testing and evaluation approaches, including HMG Information Assurance schemes and processes A curiosity about emerging risk assessment approaches and next generation security functions and approaches. If you would like to know more details about the position or want to register your interest, hit apply below. We'd love to hear from you!
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
26/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Security Engineer - CyberArk vacancy for a Zurich based company in the financial sector . Your tasks: Being responsible for the design and implementation of comprehensive CyberArk based security solutions within an automated environment Acting as a security engineer and CyberArk expert with the including responsible tasks Working within an agile IT team and project Your experience/knowledge: Working experience with complex CyberArk based security solutions in the automated area Excellent knowledge in the design and implementation of automated network security solutions in secure and highly available data centers Languages: English, fluent in speaking and writing Location: Zurich or Bern, Switzerland Sector: Telecommunication Start: 07/2024 Duration: 06MM+ Ref.Nr.: BH21822 Take the next step and send us your resume along with a daytime phone number where we can reach you. Due to Swiss work permit restrictions, we can only consider applications from Swiss nationals, EU citizens as well as current work-permit holders for Switzerland. Ukrainian refugees are warmly welcomed, we will support you all the way. We welcome applications from individuals of all genders, age groups, sexual orientations, personal expressions, ethnic backgrounds, and religious beliefs. Therefore, there is no requirement to provide gender information or a photo in your application. As per client requirements, we need information about your marital status, nationality, date of birth, and a valid Swiss work permit. For applicants with disabilities, we are happy to explore potential solutions with our end client.
26/06/2024
Project-based
Security Engineer - CyberArk vacancy for a Zurich based company in the financial sector . Your tasks: Being responsible for the design and implementation of comprehensive CyberArk based security solutions within an automated environment Acting as a security engineer and CyberArk expert with the including responsible tasks Working within an agile IT team and project Your experience/knowledge: Working experience with complex CyberArk based security solutions in the automated area Excellent knowledge in the design and implementation of automated network security solutions in secure and highly available data centers Languages: English, fluent in speaking and writing Location: Zurich or Bern, Switzerland Sector: Telecommunication Start: 07/2024 Duration: 06MM+ Ref.Nr.: BH21822 Take the next step and send us your resume along with a daytime phone number where we can reach you. Due to Swiss work permit restrictions, we can only consider applications from Swiss nationals, EU citizens as well as current work-permit holders for Switzerland. Ukrainian refugees are warmly welcomed, we will support you all the way. We welcome applications from individuals of all genders, age groups, sexual orientations, personal expressions, ethnic backgrounds, and religious beliefs. Therefore, there is no requirement to provide gender information or a photo in your application. As per client requirements, we need information about your marital status, nationality, date of birth, and a valid Swiss work permit. For applicants with disabilities, we are happy to explore potential solutions with our end client.
IT Infrastructure Technician Key benefits include: Attractive salary based on experience Annual bonus Pension matched to 7.5% Earn an extra day off per month with time in lieu Free onsite gym 25 days holiday Free parking/electric charging Based onsite Redhill Opportunity for an IT Infrastructure Technician with a successful, growing organization with headquarters based in Redhill, Surrey. In this role, you will provide IT infrastructure support to the organization, its client projects and its staff. You will work as part of the IT team delivering a quality 24/7 service to internal users (both at HQ and remote users) and nominated customer gateways, Servers and laptops. Please note you must be eligible for and happy to undergo UK Security Clearance (SC/DV) if you don't already hold it. Key Responsibilities will include: Build laptops, PC's according to internal & customer specifications and inline with company security policies and accreditation standards, including the creation of standardised build images. Ensure smooth running and patching of the desktop environment. Monitoring usage/performance, ensuring they are working efficiently, including tight controls on hardware/software obsolesce Manage and support onsite A/V equipment including Video Conferencing, Projectors etc. Follow departmental change control process and procedures. Adhere to organization cyber security policies. Assist with the administration of nominated customer IT equipment and networks. Be part of the support team for user fault finding and solving problems, ensuring you own the problem until resolved ensuring users are regularly informed of progress and that all issues are logged within Service Desk. Work with external suppliers where support cannot be done in house to assist IT with problem resolution. Be part of the 24/7 on call IT rota responding to emergencies as required including remote access or site visits for NSSLGlobal corporate network and users as well as nominated customer networks. Support the IT Infrastructure Engineers as required in providing: Support the IT Hosting Infrastructure as required including Storage, Virtual Environments, Email, Backups(recovery/monitoring) Support the IT Security Infrastructure as required, including Antivirus, Update/Patch management, Web Filtering Support the Telephony equipment and Servers, installation of telephones onto desks. Support the remote working environment including VPN's and RDP. Key skills and experience required: Mandatory HND/Degree or equivalent in Computer Science or related discipline OR at least 5 years applicable experience working in a demanding environment within a busy 100+ user network including remote sites/users. Broad range of technical skills is required in terms of diverse IT hardware and business applications. Sound technical knowledge of core Microsoft Windows 10/11 desktop environments, including building, troubleshooting, patching Sound technical knowledge of Windows Server 2019/2022 administration skills Good understanding of IT Security (anti-virus, hard drive encryption, authentication) Experience of Microsoft Exchange and Email services such as spam filtering and cloud continuity/messaging services. Previous experience covering 1st/2nd line support roles. Must be able to achieve Security Clearance (SC/DV). Desirable Sound technical knowledge of Windows Group Policies and Active Directory would be highly advantageous. Sound technical knowledge of any of the following: Endpoint Central, McAfee/Trellix Security, WebMarshal, Veeam Sound technical knowledge of Virtual Environments (VMware) Experience of administering and supporting Mitel phone system. Relevant Microsoft qualifications. Experience of administering/supporting Blackberry UEM and mobile device management (MDM).
26/06/2024
Full time
IT Infrastructure Technician Key benefits include: Attractive salary based on experience Annual bonus Pension matched to 7.5% Earn an extra day off per month with time in lieu Free onsite gym 25 days holiday Free parking/electric charging Based onsite Redhill Opportunity for an IT Infrastructure Technician with a successful, growing organization with headquarters based in Redhill, Surrey. In this role, you will provide IT infrastructure support to the organization, its client projects and its staff. You will work as part of the IT team delivering a quality 24/7 service to internal users (both at HQ and remote users) and nominated customer gateways, Servers and laptops. Please note you must be eligible for and happy to undergo UK Security Clearance (SC/DV) if you don't already hold it. Key Responsibilities will include: Build laptops, PC's according to internal & customer specifications and inline with company security policies and accreditation standards, including the creation of standardised build images. Ensure smooth running and patching of the desktop environment. Monitoring usage/performance, ensuring they are working efficiently, including tight controls on hardware/software obsolesce Manage and support onsite A/V equipment including Video Conferencing, Projectors etc. Follow departmental change control process and procedures. Adhere to organization cyber security policies. Assist with the administration of nominated customer IT equipment and networks. Be part of the support team for user fault finding and solving problems, ensuring you own the problem until resolved ensuring users are regularly informed of progress and that all issues are logged within Service Desk. Work with external suppliers where support cannot be done in house to assist IT with problem resolution. Be part of the 24/7 on call IT rota responding to emergencies as required including remote access or site visits for NSSLGlobal corporate network and users as well as nominated customer networks. Support the IT Infrastructure Engineers as required in providing: Support the IT Hosting Infrastructure as required including Storage, Virtual Environments, Email, Backups(recovery/monitoring) Support the IT Security Infrastructure as required, including Antivirus, Update/Patch management, Web Filtering Support the Telephony equipment and Servers, installation of telephones onto desks. Support the remote working environment including VPN's and RDP. Key skills and experience required: Mandatory HND/Degree or equivalent in Computer Science or related discipline OR at least 5 years applicable experience working in a demanding environment within a busy 100+ user network including remote sites/users. Broad range of technical skills is required in terms of diverse IT hardware and business applications. Sound technical knowledge of core Microsoft Windows 10/11 desktop environments, including building, troubleshooting, patching Sound technical knowledge of Windows Server 2019/2022 administration skills Good understanding of IT Security (anti-virus, hard drive encryption, authentication) Experience of Microsoft Exchange and Email services such as spam filtering and cloud continuity/messaging services. Previous experience covering 1st/2nd line support roles. Must be able to achieve Security Clearance (SC/DV). Desirable Sound technical knowledge of Windows Group Policies and Active Directory would be highly advantageous. Sound technical knowledge of any of the following: Endpoint Central, McAfee/Trellix Security, WebMarshal, Veeam Sound technical knowledge of Virtual Environments (VMware) Experience of administering and supporting Mitel phone system. Relevant Microsoft qualifications. Experience of administering/supporting Blackberry UEM and mobile device management (MDM).
IT Security Engineer Glasgow - Hybrid working 3 days per week in the office £50,000 - £55,000 + benefits Fantastic new permanent opportunity for an experienced IT Security Engineer with a broad background within IT Infrastrucutre and security engineering and operations for this specialist financial services analytics business based in Glasgow. As a specialist Security Engineer, you will work as part of their DevSecOps team based in Glasgow. The role will involve working closely with the wider technology teams to enhance their cyber maturity. Furthermore, it provides the opportunity to contribute towards the implementation and management of various security technologies. Main responsibilities: Analysing security events and incidents relating to internal and customer assets. Designing and developing SIEM security use cases. Designing and implementing security controls and secure configurations. Maintaining proactive vulnerability scanning ensuring that all known vulnerabilities are addressed in line with policy. Collaborating with development teams to implement secure development practices. Configuring and maintaining security tooling across the infrastructure. Collaborating on maturing security incident management processes and playbooks. Collaborating with third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems. Identifying, assessing, managing, remediating, and tracking information security risks through our risk management framework and ensuring key risks are reported to the CISO. Performing regular internal security audits aligned to ISO/IEC 27001 and SOC2 controls. Developing our security awareness training programme aligned with internal security policies. Comfortable engaging with customers and internal stakeholders to discuss security related matters. Skills Required: Proven hands-on experience as an IT Security Engineer or similar working with tools such as SIEM, vulnerability management, endpoint detection & response (EDR), applications security, identity, and access management, etc. Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the security strategy. Technical knowledge and experience with SIEM, SOAR, IDPS, DDoS, Malware Protection, Vulnerability Management, and Application Security tooling, etc. Knowledge of Information Security frameworks (CIS, NIST, NCSC CAF), supporting processes and toolsets. Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and/or complex security incidents. Knowledge and experience of threat hunting and problem-solving through reviewing logs and identifying anomalous activities (Desirable). For any further queries regarding the role, please contact Danny Palmer at (see below)
25/06/2024
Full time
IT Security Engineer Glasgow - Hybrid working 3 days per week in the office £50,000 - £55,000 + benefits Fantastic new permanent opportunity for an experienced IT Security Engineer with a broad background within IT Infrastrucutre and security engineering and operations for this specialist financial services analytics business based in Glasgow. As a specialist Security Engineer, you will work as part of their DevSecOps team based in Glasgow. The role will involve working closely with the wider technology teams to enhance their cyber maturity. Furthermore, it provides the opportunity to contribute towards the implementation and management of various security technologies. Main responsibilities: Analysing security events and incidents relating to internal and customer assets. Designing and developing SIEM security use cases. Designing and implementing security controls and secure configurations. Maintaining proactive vulnerability scanning ensuring that all known vulnerabilities are addressed in line with policy. Collaborating with development teams to implement secure development practices. Configuring and maintaining security tooling across the infrastructure. Collaborating on maturing security incident management processes and playbooks. Collaborating with third-party led security tests, assessments and audits of our information security information security policies, procedures, and systems. Identifying, assessing, managing, remediating, and tracking information security risks through our risk management framework and ensuring key risks are reported to the CISO. Performing regular internal security audits aligned to ISO/IEC 27001 and SOC2 controls. Developing our security awareness training programme aligned with internal security policies. Comfortable engaging with customers and internal stakeholders to discuss security related matters. Skills Required: Proven hands-on experience as an IT Security Engineer or similar working with tools such as SIEM, vulnerability management, endpoint detection & response (EDR), applications security, identity, and access management, etc. Ability to work in a small high performing team, collaborating with other technical resources whilst aligning to the security strategy. Technical knowledge and experience with SIEM, SOAR, IDPS, DDoS, Malware Protection, Vulnerability Management, and Application Security tooling, etc. Knowledge of Information Security frameworks (CIS, NIST, NCSC CAF), supporting processes and toolsets. Ability to breakdown and solve complex problems across multiple domains and successfully lead the recovery of major and/or complex security incidents. Knowledge and experience of threat hunting and problem-solving through reviewing logs and identifying anomalous activities (Desirable). For any further queries regarding the role, please contact Danny Palmer at (see below)
Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. Senior Infrastructure Engineer (Team Lead) Salary: Up to £55000 + Car Allowance + Bonus Location: Newton-Le-Willows (2-3 days a week on site) Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their dynamic team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. With a focus on effective team management and smooth incident management, this role is perfect for those who thrive in fast-paced environments. Additionally, the ability to provide accurate reporting on infrastructure delivery is essential, showcasing your organisational skills. What you'll do: As an Infrastructure Technical Lead, you will be at the forefront of technical delivery, strategy, and leadership within the IT Operations Teams. Your role will involve participating actively in the development and delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications. You will ensure adherence to information security standards, corporate governance policies, and standards. Working closely with senior leadership, you will help develop and deliver IT strategies that align with company's goals and objectives. Managing a team of experienced Infrastructure Operations Engineers, you will provide excellent support in all aspects of IT infrastructure operations. Your responsibilities also include supporting the design of best-in-class IT infrastructure and cloud services solutions. Furthermore, you will be responsible for providing accurate reporting on the delivery of IT Infrastructure and services across a wide range of activities. Provide technical delivery, strategy and leadership across the IT Operations Teams Participate in the development and active delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications Ensure information security, corporate governance, policies and standards are adhered to Work closely with senior leadership to develop and deliver IT strategies that align with company's goals and objectives Manage a team of experienced Infrastructure Operations Engineers to provide excellent support in all aspects of IT infrastructure Operations Support the design of best in breed IT infrastructure and cloud services and solutions Responsible for providing accurate reporting on the delivery of IT Infrastructure, and services across the full range of activity What you bring: The ideal candidate for this Infrastructure Technical Lead position brings a wealth of experience in both technical expertise and leadership. With a strong background in IT infrastructure and cloud services, you have proven your ability to design and deliver top-tier solutions. Your understanding of cyber security standards ensures that all projects adhere to necessary regulations. Your leadership skills shine through your ability to manage teams effectively, while your experience in incident management ensures smooth operations. Your ability to provide accurate reporting on infrastructure delivery is a testament to your organisational skills. Proven skills in Networking, VMware, MPLS, Storage and backup solutions Experience with Azure, data factory, power apps Strong knowledge of IT Security Ability to manage teams effectively Experience in incident management within an IT operations context Strong technical background in IT infrastructure and cloud services What sets this company apart: Our client is a leading organisation with a strong commitment to excellence and innovation. They offer an inclusive and supportive work environment where every team member is valued for their unique contributions. Their focus on continuous learning and development ensures that their employees are always at the forefront of industry advancements. This is an exciting opportunity to join a dynamic team and make a significant impact. Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
25/06/2024
Full time
Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. Senior Infrastructure Engineer (Team Lead) Salary: Up to £55000 + Car Allowance + Bonus Location: Newton-Le-Willows (2-3 days a week on site) Our client is seeking an experienced and dedicated Infrastructure Technical Lead to join their dynamic team. This role offers a unique opportunity for a seasoned professional with a strong background in IT infrastructure and cloud services, coupled with exceptional leadership skills. The successful candidate will have the chance to design and deliver top-tier solutions, ensuring all projects adhere to necessary cyber security standards. With a focus on effective team management and smooth incident management, this role is perfect for those who thrive in fast-paced environments. Additionally, the ability to provide accurate reporting on infrastructure delivery is essential, showcasing your organisational skills. What you'll do: As an Infrastructure Technical Lead, you will be at the forefront of technical delivery, strategy, and leadership within the IT Operations Teams. Your role will involve participating actively in the development and delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications. You will ensure adherence to information security standards, corporate governance policies, and standards. Working closely with senior leadership, you will help develop and deliver IT strategies that align with company's goals and objectives. Managing a team of experienced Infrastructure Operations Engineers, you will provide excellent support in all aspects of IT infrastructure operations. Your responsibilities also include supporting the design of best-in-class IT infrastructure and cloud services solutions. Furthermore, you will be responsible for providing accurate reporting on the delivery of IT Infrastructure and services across a wide range of activities. Provide technical delivery, strategy and leadership across the IT Operations Teams Participate in the development and active delivery of the IT Infrastructure, Microsoft cloud estate, supporting services and applications Ensure information security, corporate governance, policies and standards are adhered to Work closely with senior leadership to develop and deliver IT strategies that align with company's goals and objectives Manage a team of experienced Infrastructure Operations Engineers to provide excellent support in all aspects of IT infrastructure Operations Support the design of best in breed IT infrastructure and cloud services and solutions Responsible for providing accurate reporting on the delivery of IT Infrastructure, and services across the full range of activity What you bring: The ideal candidate for this Infrastructure Technical Lead position brings a wealth of experience in both technical expertise and leadership. With a strong background in IT infrastructure and cloud services, you have proven your ability to design and deliver top-tier solutions. Your understanding of cyber security standards ensures that all projects adhere to necessary regulations. Your leadership skills shine through your ability to manage teams effectively, while your experience in incident management ensures smooth operations. Your ability to provide accurate reporting on infrastructure delivery is a testament to your organisational skills. Proven skills in Networking, VMware, MPLS, Storage and backup solutions Experience with Azure, data factory, power apps Strong knowledge of IT Security Ability to manage teams effectively Experience in incident management within an IT operations context Strong technical background in IT infrastructure and cloud services What sets this company apart: Our client is a leading organisation with a strong commitment to excellence and innovation. They offer an inclusive and supportive work environment where every team member is valued for their unique contributions. Their focus on continuous learning and development ensures that their employees are always at the forefront of industry advancements. This is an exciting opportunity to join a dynamic team and make a significant impact. Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates
Vulnerability Assessment Manager VA Manager/Attack Surface Reduction Manager is required for this financial based in Buckinghamshire x2 days a week in office, x3 remote. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £80 - 95,000 Hybrid working. Buckinghamshire based x2 days a week, x3 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
25/06/2024
Full time
Vulnerability Assessment Manager VA Manager/Attack Surface Reduction Manager is required for this financial based in Buckinghamshire x2 days a week in office, x3 remote. You will be experienced in vulnerability management tools and their implementation, vulnerability risk management as well as an eye for detail and structure. You will play a critical role in proactively identifying and mitigating potential unauthorized access, data breaches, and other security incidents. £80 - 95,000 Hybrid working. Buckinghamshire based x2 days a week, x3 remote working available. You will have an Infrastructure background, which might include Sys Admin, Service Desk, Infra Engineering then moved in to the Vulnerability Management arena. This role requires solid communication skills, where you could be liaising at all levels, including the CISO. You will: Manage Deliverables which are closely coordinated with and integrated across all UK CISO functions for strategy development, continuous learning and awareness, reporting, innovation, service development and business/3rd party engagement. Delivering solutions to reduce the attach surface of UK assets from analysis of cyber metrics. Reporting of detailed findings, exploitation procedures and mitigation techniques and to effectively communicate with stakeholders. Ensuring continuous operations for core capabilities: threat identification and monitoring, vulnerability life cycle, critical vulnerability triage, risk reporting, and consultation on mitigation. Analysing cyber metrics to identify, prioritise and remediate root cause to reduce attach surface. You will bring: Experience in application vulnerability assessment and management, able to accurately assess the potential impacts of security flaws and involve technical teams accordingly. Understanding vulnerability analysis in the context of the most common infrastructure models (on-prem DC infrastructure & DMZ, cloud IaaS/PaaS, Enterprise SaaS.) Knowledge of common vulnerabilities and exposures (CVEs), common attack vectors, and security best practices. Ability to design and execute scenario-based tests tailored to the firm's infrastructure and practices. Project management (technical) experience preferably within cyber security.
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
25/06/2024
Full time
Key Responsibilities: Define Penetration Test Strategy Support the development of security testing within the Hardware in The Loop, (HiLs), test rigs supporting Product Engineering to develop further capability in this area Governance and Assurance of the 1LoD Pen Testing Squad within DPP in line with Regulations and Vehicle Type Approval Build and Run a Certified Forensic Pen Test Lab Develop cutting edge Vulnerability and Pen Test Techniques which can be flowed into the 1LoD Pen Test Service and HiLS and ViLS functional testing Work with Management to ensure information security risk findings are reviewed and solutions are implemented, and risks are properly managed Monitor and measure company compliance with its Security Penetration Policies and Procedures as well as worldwide standards and laws to ensure organizational compliance Lead and build an Automotive Certified Forensic Pen Test Lab Development of common attacks and vulnerabilities to develop Penetration Testing scopes for ECUs, Vehicle and Connected Offboard Systems Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and revision of Penetration Testing scope Your Profile Key skills/knowledge/experience: Proven Penetration Testing experience and track record of delivery in a field relevant to the role, eg In-Vehicle Network, (CAN, FLexray etc.), Embedded systems security, threats and attacks within Infotainment, Telematics, Power Train etc. Good experience in EMBEDDED AUTOMOTIVE SECURITY PEN TESTING Experience of security assessment and Penetration Testing Tools within Vehicle Electrical Architecture and external interfaces such as Bluetooth, WiFi, Mobile Communications, etc. Technical understanding of Automotive cyber security controls at both ECU and Vehicle level Previous experience of Autosar Architecture, RTE integration and SecOC Knowledge of ASpice, ISO21434, R155, R156, R157 Good understanding of automotive communication busses (CAN and Ethernet mandatory, Flexray and LIN desirable) Git experience required
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
25/06/2024
Project-based
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
Penetration Tester Location: Manchester Job type: Hybrid Are you passionate about cybersecurity and ready to join an elite team of experts? We're seeking a skilled Penetration Tester to join our renowned technical security team. Why You'll Love This Role: Cutting-Edge Work: Identify and address security weaknesses before real attackers can exploit them. Expert Team: Collaborate with some of the brightest minds in the industry. Innovative Environment: Use the latest techniques and tools in cybersecurity. What You'll Do: Conduct on-site and remote penetration testing to help clients secure their assets. Deliver top-quality technical solutions and guidance. Mentor and support team members. What We're Looking For: Skills: Networking, mobile security, SDLC implementation, programming/Scripting, security research, cryptography, application security, source code review, reverse engineering, fuzzing, cloud service testing (AWS/Azure). Traits: Client-focused, collaborative, eager to learn, inclusive, and excellence-driven. Security clearance Please note that this role involves mandatory pre-employment background checks due to the nature of the work. To apply, you must be willing and able to undergo the vetting process. Join us and be part of a team that's setting the highest standards in cybersecurity. Apply now!
24/06/2024
Full time
Penetration Tester Location: Manchester Job type: Hybrid Are you passionate about cybersecurity and ready to join an elite team of experts? We're seeking a skilled Penetration Tester to join our renowned technical security team. Why You'll Love This Role: Cutting-Edge Work: Identify and address security weaknesses before real attackers can exploit them. Expert Team: Collaborate with some of the brightest minds in the industry. Innovative Environment: Use the latest techniques and tools in cybersecurity. What You'll Do: Conduct on-site and remote penetration testing to help clients secure their assets. Deliver top-quality technical solutions and guidance. Mentor and support team members. What We're Looking For: Skills: Networking, mobile security, SDLC implementation, programming/Scripting, security research, cryptography, application security, source code review, reverse engineering, fuzzing, cloud service testing (AWS/Azure). Traits: Client-focused, collaborative, eager to learn, inclusive, and excellence-driven. Security clearance Please note that this role involves mandatory pre-employment background checks due to the nature of the work. To apply, you must be willing and able to undergo the vetting process. Join us and be part of a team that's setting the highest standards in cybersecurity. Apply now!
We are currently looking on behalf of one of our important clients for an IAM Systems Engineer. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: As an Identity Access Management Systems Engineer; hold responsibility for the planning, implementation & operation of IAM solutions. Support an IAM Product Owner in the strategic development of an IAM product & hold responsibility for the identity life cycle management process. Develop IAM solutions based on product backlog requirements. Integrate IAM solutions into an existing application landscape & implement the necessary technical security solutions. Ensure smooth functionality & comply with security guidelines & legal requirements. Create & update technical documentation of IAM solutions & processes. Carry out topic-specific projects if necessary. Your Skills: At least 3 years of professional experience in IT System Engineering in IAM environments. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Experienced in IAM tools such as Identity Management, Access Management, Directory Services & Federations. Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.
24/06/2024
Full time
We are currently looking on behalf of one of our important clients for an IAM Systems Engineer. This role is permanent position based in Zürich Canton & comes with good home office allowance. Your Role: As an Identity Access Management Systems Engineer; hold responsibility for the planning, implementation & operation of IAM solutions. Support an IAM Product Owner in the strategic development of an IAM product & hold responsibility for the identity life cycle management process. Develop IAM solutions based on product backlog requirements. Integrate IAM solutions into an existing application landscape & implement the necessary technical security solutions. Ensure smooth functionality & comply with security guidelines & legal requirements. Create & update technical documentation of IAM solutions & processes. Carry out topic-specific projects if necessary. Your Skills: At least 3 years of professional experience in IT System Engineering in IAM environments. A very good knowledge of IAM Concepts, Architectures & Technologies. A good understanding in the field of Identity Management (SSO, identity encouragement, role-based access control, etc.). Experienced in IAM tools such as Identity Management, Access Management, Directory Services & Federations. Your Profile: Completed University Degree in the area of Computer Science or similar, ideally with focus on Cyber Security/IAM. High self-motivated, analytical, methodical, structured & quality, solution & goal-oriented. Fluent in English & very good German language skills (to at least B2 Level) are mandatory requirements.