Security Engineer
Job Description
A leading consultancy firm known for delivering innovative solutions to our clients across various industries. They are committed to excellence, integrity, and the continuous improvement of their security practices to protect our clients' assets and data. As they expand their security team, they are seeking a skilled and experienced Security Engineer to join our ranks.
They looking for a dedicated Security Engineer to join the dynamic team. The ideal candidate will be responsible for securing application architecture design, promoting DevSecOps practices, and ensuring that our security measures are up-to-date with the latest industry standards and best practices. This role requires a proactive approach to security, with a focus on integrating security into the development lifecycle from the ground up.
Key Responsibilities:
- Design, implement, and maintain security measures for the protection of company and client data.
- Conduct security assessments and penetration testing to identify vulnerabilities in application architecture.
- Promote and implement DevSecOps practices to integrate security into the CI/CD pipeline.
- Collaborate with development teams to ensure secure coding practices and secure software development lifecycle (SSDL) adherence.
- Provide guidance and support on security best practices, policies, and procedures.
- Monitor and analyse security alerts and incidents, and respond to security breaches in a timely manner.
- Stay abreast of the latest security trends, technologies, and threats to maintain a robust security posture.
- Conduct security training and awareness programs for staff.
- Document security processes, policies, and procedures.
- Perform regular security audits and risk assessments.
- Develop and implement cloud security strategies to protect data and applications in cloud environments.
- Write and update security policies and procedures to align with industry standards and regulatory requirements.
- Establish and enforce DevSecOps governance frameworks to ensure continuous security improvement.
- Assess and manage cyber risk across the organisation, providing recommendations for mitigation.
- Engage with ISO 27001 standards and contribute to the implementation and maintenance of the information security management system.
Qualifications:
- Bachelor's degree in Computer Science, Information Technology, or a related field (or equivalent practical experience).
- CISSP certification is required; CSSLP certification is preferred.
- Experience with DevSecOps practices is a plus.
- Proficiency with security tools such as Kali Linux, OWASP ZAP, and other security testing tools.
- Experience with version control systems, particularly GitLab.
- Knowledge of CI/CD tools and platforms.
- Familiarity with cloud security concepts and experience with major cloud providers (AWS, Azure, GCP, etc.).
- Strong understanding of network security concepts, including firewalls, VPNs, and intrusion detection/prevention systems.
- Excellent problem-solving skills and the ability to think critically about security issues.
- Exceptional communication and interpersonal skills, with the ability to work collaboratively across different teams and departments.
- Coming from a consultancy background is a big plus.
- Experience with policy writing and governance frameworks.
- Understanding of cyber risk management and assessment methodologies.
- Familiarity with ISO 27001 standards and experience with information security management systems.