Our client which is a global asset management firm is currently looking for a regional information security engineer.
The main purpose of this role is to provide security-engineering expertise to the global information security function. It will be essential to be able to integrate and work collaboratively with regional and global Information Technology teams. It will lead and develop security-engineering initiatives across multiple teams, helping to build and establish a collaborative security presence.
- Lead the design and support implementation of new security systems and maintenance of existing Information Security solutions.
- Developing technical security requirements and documenting standard operating procedures for security solutions.
- Ensure all security platforms are tuned to minimise or mitigate threats faced (e.g. SIEM, EDR/XDR, WAF, IDS/IPS, SOAR etc.).
- Script and implement detection use cases into monitoring solution, implement and maintain automation workflows in SOAR technologies.
- Connect and maintain all appropriate logs sources to security monitoring systems, sources.
- Support security operations during cyber events, through the collection and analysis of logs and security events and including forensic analysis and recovery scenarios (preserve the chain of custody), and where necessary provide cover.
- Perform internal security tests to confirm business status against internal security standards, analysing issues and preparing comprehensive reports and metrics and propositions for further system security enhancement or mitigation.
- Actively research and keep up to date on current and or emerging threats, which guide the actions for implementing security controls (e.g. updating the IDS/IPS signatures and WAF rules). Proactively use this knowledge to spot potential risks and suspicious activities.
- Provide technical guidance to the application team for secure SDLC.
- Constantly challenge existing practices and processes and suggest improvements. Developing, Implementing, and sharing best practice including providing technical security guidance on system changes
- Work collaboratively and where necessary integrate with the other technology teams.
- Extensive understanding of working as a security engineer.
- Understanding of cyber security methodologies
- Knowledge of security products such as NG Firewall, Secure Web Gateways, IDS/IPS, IAM, Sandbox & Simulation, WAF, DLP, SASE or any other security solutions.
- Knowledge of incident response and root cause analysis. Malware analysing skill is advantageous.
- Ability to review system changes for security implications and recommending improvements.
- Significant low-level networking experience with the TCP/IP stack.
- Attention to details and good problem-solving skills.
- Ability to multi-task with a calm demeanour and work under pressure in a fast-paced environment.
- Advanced knowledge of working with EDR/XDR and Anti-Virus.
- Familiar with cybersecurity frameworks, such as CIS, NIST, OWASP, MITRE ATT&CK
- Experience in one or more public cloud security products.
- Knowledge and experience with vulnerability and patch management.
- Familiar with secure Software Development Lifecycle (SDLC).