Information Security Engineer
- Employer
- BPP EDUCATION GROUP
- Location
- London, United Kingdom
- Salary
- Competitive
- Closing date
- 20 Nov 2019
View more
- Academic Discipline
- Computer Science, Engineering & Technology
- Job Type
- Professional Services, IT Services
- Contract Type
- Permanent
- Hours
- Full Time
Job Details
Location: London
Closing date: 20/11/2019
Salary: Competitive
Employment type: Permanent
Department: Group IT - IT Operations
London, office based, with travel throughout the UK & Channel Islands
Job Purpose:
The InfoSec Engineer will be an integral part of the Infrastructure Team, planning and carrying out security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
The InfoSec Engineer will define, implement, uphold and maintain security standards. Safeguarding the infrastructure and resources, supporting day-to-day operations, along with current and future project initiatives.
Responsibilities:
Develop Information Security Plans and Policies
- Help plan and carry out information security strategy
- Develop a set of security standards and best practices, and recommend security enhancements to management as needed
- Develop strategies to respond to and recover from a security breach
- Responsible for educating the workforce on information security through training and building awareness
Implement Protections
- Install and use software, such as firewalls and data encryption programs, to protect organizations’ sensitive information.
- Assist computer users with installation or processing of new security products and procedures.
Test for Vulnerabilities
- Conduct periodic scans of networks to find any vulnerability
- Conduct penetration testing, in which they simulate an attack on the system to highlight or find any weaknesses that might be exploited by a malicious party
Monitor for Security Breaches
- Constantly monitor networks and systems for security breaches or intrusions
- Install software that helps notify of intrusions and watch out for irregular system behaviour.
Investigate Security Breaches
- If a breach has occurred, leads incident response activities to minimise the impact
- Lead a technical and forensic investigation into how the breach happened and the extent of the damage
- Prepare reports of findings to be reported to management.
Core skills:
- design new security systems and upgrade existing ones
- use advanced analytic tools to determine emerging threat patterns and vulnerabilities
- engage in 'ethical hacking', for example, simulating security breaches
- identify potential weaknesses and implement measures, such as firewalls and encryption
- investigate security alerts and provide incident response
- monitor identity and access management, including monitoring for abuse of permissions by authorised system users
- monitor for attacks, intrusions and unusual, unauthorized or illegal activity
- test and evaluate security products
- monitor and respond to 'phishing' emails and 'pharming' activity
- direct experience with anti-virus software, access management, vulnerability management, intrusion detection, firewalls and content filtering
- experience with CyberEssentials, ISO27001 and PCI-DSS
- DNS, DMARC, SPF, DKIM
- experience designing secure networks, systems and application architectures on prem and cloud based
- Professional experience in a system administration role supporting multiple platforms and applications
- keep up to date with the latest security and technology developments
- research/evaluate emerging cyber security threats and ways to manage them
- knowledge of disaster recovery, computer forensic tools, technologies and methods
- liaise with stakeholders in relation to cyber security issues and provide future recommendations
- generate reports for both technical and non-technical staff and stakeholders
- knowledge of risk assessment tools, technologies and methods
- assist with the creation, maintenance and delivery of cyber security awareness training for colleagues
- give advice and guidance to staff on issues such as spam and unwanted or malicious email
- Ability to communicate network security issues to peers and management
- Ability to read and use the results of mobile code, malicious code, and anti-virus software
- Strong understanding of endpoint security solutions to include File Integrity Monitoring and Data Loss Prevention
Knowledge, skills and experience required
- To proactively implement, update, maintain, manage, monitor, and support enterprise network and systems infrastructure
- To mentor and lead other technical engineers and technical personnel
- Experience planning, researching, developing & communicating security policies, standards and procedures
- To lead/facilitate meetings and conduct presentations to technical and business staff
- To communicate technical concepts and proposals into understandable and justifiable business initiatives
- To participate in the definition of specific technical design, product selection, device standardization
- Be aware of key business objectives and ensure these are applied appropriately to all business activities
- Develop effective relationships
- Able to anticipate and understand customer expectations, and ensure customer requirements are met and expectations appropriately managed
- Able to build partner relationships with customers and focus on solving their problems.
- Effective communication skills suitable for the management of and liaison with departmental staff and senior management, both on a one to one and one to many basis
- Demonstrate effective communication, both orally and in writing, with peers, colleagues, clients and customers including producing reports, preparing, organising and delivering presentations using appropriate tools and techniques, and taking a leading role in meetings and discussions.
- Effective at determining a course of action by breaking it down into smaller steps and by planning and resourcing each of these, making allowance for potential problems
- Must manage the field of responsibility within allocated budgets and be able to plan and forecast future budgets based on business priorities.
- Awareness of BPP strategy, policies and procedures. Aware of how the organisation operates.
- Able to contribute effectively towards the objectives of a team, and be able to share knowledge, ideas and information
- Aware of the needs, objectives and constraints of those in other disciplines and functions
- Able to solve problems in a measured and creative way
- Capable of independently assessing a wide variety of tasks and be proactive in relation to identifying and undertaking activities that are to the benefit of the business
- Able to balance long and short-term objectives and understand business value. Be responsible for own decisions.
- Act in a professional manner and exhibit the required behaviour that should act as an example to other employees
- Able to network throughout the wider IT community.
- Undertake tasks with a positive attitude and respond well to management and client requests.
- Must be prepared to meet business goals and respond well to change.
- Azure, AWS, On prem
- Tenable, Nessus, Bluecoat, Checkpoint, Cisco, Meraki, Windows, Linux, NetAPP, f5
- Extensive experience in a similar role
- CISSP Certification
- AWS Certified Security – Speciality
- Azure Security Engineer Associate
- ITIL Foundation
Company
When you work with BPP, you will be part of a business that really believes in supporting your personal and professional development. With so many different business areas, we offer a wide range of exciting opportunities across the UK and abroad – from teaching to marketing to business development to human resources to name only a few. But what really makes working at BPP rewarding, is the culture of encouragement, respect and teamwork.
- Location
-
BPP HOUSE
ALDINE PLACE
142-144 UXBRIDGE ROAD
SHEPHERD'S BUSH
LONDON
W12 8AW
GB
Get job alerts
Create a job alert and receive personalised job recommendations straight to your inbox.
Create alert