Are you an IT or Analyst who is passionate about protecting your company from unauthorised access?
The primary purpose of the role of Security Engineer is to help to ensure that the Company’s information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction, through the implementation of properly managed security solutions, and continued application of effective security controls.
The individual will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions.
About the role
Be a key member of the Security Engineering team who responsible for technical security solutions, and helping to ensure that these are implemented effectively in conjunction with the Infrastructure Engineering and Service Operations teams, 3rd parties, whilst working closely with the Hastings Risk team
Engineering support of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, and plays an integral part in all information security related projects
Evaluates new security technologies and products and performs engineering work and analysis to determine if solutions should be pursued, and subsequent implementation as required
Contributing to the Security Technology roadmaps
Support the delivery of new projects by helping to ensure that these are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles
Assist in the development and maintenance of security policies, standards and procedures to support the Group's risk management framework and business strategy
Ensure security controls continue to be effective by implementing an ongoing roadmap of work to review and remediate
Implementing the penetration test and vulnerability management process and schedule and working with relevant stakeholders such as Infrastructure Engineering, DevOps and 3rd parties to remediate effectively and properly in accordance to their criticality
Responsible for assisting with the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk, including RAG based status tracking, security dashboard reporting and trending for ExCo and Risk Management audience
5 years hands-on security engineering experience of Operating Systems, Active Directory, DNS, Group Policy, Network Protocols, PKI, proxies, access management, etc.
3 years implementation and administration experience of a wide range of security products such as access audit tools, anti-
virus, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
Experience of implementing and monitoring SIEM systems and managing associated incident response processes
Working knowledge of host hardening techniques including Windows / UNIX / Linux
An understanding and, ideally, practical experience of enterprise information security and knowledge of some standards including Cyber Essentials, ISO 27001, PCI-
DSS, Data Protection Act and GDPR
Understanding, or willingness to learn, of tools and techniques used by ethical hackers including vulnerability testing tools and methodologies
Ability to demonstrate an interest in Information Security generally, including knowledge of current and evolving Cyber threats
Experience with security testing tools, development of threat assessments and security testing methodologies is desirable
What will you get in return?
Hastings will provide you with initial training across our core platform (Guidewire) and associated technologies and be assigned a buddy to provide mentoring and support within your allocated agile team.
Working with Hastings Direct, means you can bring yourself to work and be a part of our growth and success. Working alongside our expert IT Leadership team in a dynamic, fun and friendly environment!
In return you will receive a competitive starting salary, a £5K car allowance, an end of year bonus potential (up to 10% of salary), 27 days holiday + bank holidays alongside an excellent company pension scheme.