Description
Security Operations Engineer required to work with a Government department. This is an initial 6 month contract, paying £650 per day, inside IR35, remote until further notice (offices based in London)
The Security Operations Engineering area consists of the following remit;
*Implementation and oversight of security tools that provide insight into the security environment.
*Closely collaborate with the Cyber Assistance Team's consultancy arm to provide technical support and guidance.
*Act as the technical leads and SME on project teams, providing advice, knowledge sharing, and technical assistance to other sections of the digital estates.
Responsibilities include:
*Design, develop and evolve security for new/existing systems.
*SME on security solutions
*Manage security vulnerabilities.
*Ensure best practice is carried out throughout the development life cycle.
*Developing a training framework to raise in-team skill sets.
*Engineering defence of the digital and technology solutions against cyber security threats.
*Developing and implementing tools and techniques to automate as much of the team's 'basic' work as possible, providing continuous assurance that systems are protected against common threats.
*Reviewing computer security configurations to incorporate new software, configurations or correcting errors.
*Working closely with operational zone teams, developers and service suppliers, to ensure threat and vulnerabilities detection and prevention are understood and implemented.
*Communicating team findings to stakeholders in a clear and actionable fashion, focusing on real-world impact and with pragmatic options for resolution.
*Configure infrastructure resources with the appropriate parameters and manage their allocation to new services
*Integrate new services in the cloud infrastructures and integrate into existing monitoring tools
*Provide the technical cloud requirements for integrating a new service or evolving an existing service
*Monitor overall infrastructure performance
*Create infrastructure change orders for scheduled system
'solicited in the escalation process of the incident management
*Responsible for issue management support
*Administrative support for AWS or Azure user or account management
*Participating in IT investigations that are performed effectively, lawfully, and appropriately, using the skills of the whole cyber security team as required.
*Developing and mentoring junior team members to improve their skills and capabilities, along with wider knowledge transfer to other security and non-security teams to help build a culture of cyber security in the department.
Essential skills and Experience required:
*Strong knowledge of security monitoring approaches, techniques and widely-used products. Experience of developing and implementing cyber security monitoring strategies, .
*Experience of running and developing a team of technical specialists, ideally in the field of security operations.
*Experience of IT investigations, e-Discovery tasks, digital forensics, etc.
*Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated at scale.
*Experience with threat and vulnerability management, and other security operations processes and techniques (such as identity management, cryptography, patch management etc). Good knowledge of threat to widely used digital and technology systems, including on-prem and cloud-based solutions.
*Enabling and informing risk-based decisions - Works with risk advisors to advise and give feedback. Advise on risk impact. Propose realistic and pragmatic mitigations that address these problems, and work with the product/project team to implement these effectively into their work.
*Understanding security implications of transformation - Can interpret and apply understanding of policy and process, business architecture, and legal and political implications in order to assist the development of technical solutions or controls.
*Research and development experience, building and automating common security operation team processes and activities.
Extensive Experience of:
*Working with network defense technologies including Firewalls IDS, IPS, DLP, UTM and WAF
*With core Internet and application protocols including IP, TCP, UDP, ICMP, DNS, HTTP, SQL
Good Experience in:
*Firewall log analysis and ACL configuration
*IDS/IPS alert analysis and signature development
*Working with SIEM technologies such as Qradar, ArcSight, Splunk, Logrhythm
*Working with content filtering technologies such as web and application proxies,
*Service Management best practice backed up by industry qualifications (ITIL). ITIL Foundation v3
*Demonstrable Cyber Security experience
*Knowledge of secure development practices such as OWASP
*Knowledge of compliance standards like CIS, NIST and GDPR
Essential Technical requirements (Deep knowledge)
*Cloud Technologies (Azure, AWS, G-Suite)
*Office 365
Desirable Technical requirements
*Azure Sentinel
*Hands on Azure security configuration and Scripting skills
*Demonstrable experience and execution of security automation
*Related cybersecurity architecture, engineering, and/or SOC work experience (monitoring, detection, incident response
*Good Networking knowledge
*Linux administration knowledge
*DB administration knowledge
*Multi-factor authentication conceptual knowledge
Please apply should you meet the above requirements
Badenoch + Clark acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers. Badenoch + Clark UK is an Equal Opportunities Employer.
By applying for this role your details will be submitted to Badenoch + Clark. Our Candidate Privacy Information Statement explains how we will use your information.