Enterprise Security Engineer
- Job Reference: 00027974-1
- Date Posted: 19 November 2020
- Recruiter: CV-Library
- Location: City of London, London
- Salary: On Application
- Sector: I.T. & Communications, Covid-19
- Job Type: Permanent
Enterprise Security Engineer
Remote / City of London post Covid-19
We have an opportunity for an Enterprise Security Engineer to join a global marketing and advertising co to be responsible for the engineering of security solutions for the protection of computer systems, networks and data, from the identification of requirements and evaluation of solutions, through to design and implementation.
Determine requirements, and research and evaluate security solutions; provide recommendations for licensing.
Design, implement and support security solutions.
Prepare and document standard operating system procedures
Configure and troubleshoot security infrastructure devices
Develop technical solutions and new security tools to help mitigate security vulnerabilities and to automate repeatable tasks
Write comprehensive reports, including assessment-based findings, outcomes and propositions for further security system enhancement
Provide consulting and advice to the CISO team, Engineering team and agency IT teams in research and design of secure solutions.Suitable candidates will have:
Strong experience of designing and implementing security systems in conformance with security policy, security standards and best practices
Experience of administering, designing and implementing Splunk.
Knowledge of web application security, remediation and tools (dynamic application security testing, OWASP Top-10, Burp Suite). Familiarity with static and interactive application security testing tools and procedures.
Experience of the design and implementation of
Web application firewalls, web services security and API gateways
Database security solutions such as encryption, data tokenization and masking, database firewalls and database access monitoring
Authentication mechanisms (multi-factor authentication, single sign-on and public key infrastructure)
Mobile application and device security controls
Microsoft Active Directory security controls
Office 365 security controls (data loss prevention, encryption, DMARC)
Amazon Web Services and Microsoft Azure security controls
Public key infrastructure and privileged account management
Experience or working knowledge of penetration testing methods and tools (Kali Linux, Metasploit, Mimikatz)
A proven ability to interface across a global organization with other teams, such as EIS Engineering and Security, Corporate Applications, Enterprise Applications, Internal Audit, agency CIOs, and agency security teams and compliance coordinators, etc.
An analytical demeanour and the ability to effectively communicate with individuals across all levels the organization
Excellent written and verbal communications skills
Ability to adjust to changing priorities while multitasking effectively
Working knowledge of compliance frameworks and security management standards (e.g., ISO 27001, COBIT, NIST CSF, CIS Controls)Working knowledge of best practices/standards (e.g., PCI DSS, HIPAA, State data breach laws) for implementing application-level data encryption
Security certification: CISSP, GIAC, GSEC or AWS Security