19 Jun 2017

Full-Time Security Engineer

Directline Group – Posted by AdminOrpington, England, United Kingdom

Job Description

Security Engineer

This is a fantastic opportunity to progress your career within the Security Operations team at Direct Line Group, a market leading Insurer based in Bromley.

The Security Engineer is a member of the Security Engineering & Operations team and reports to the Security Engineering Lead. The purpose of this role is to oversee the technical implementation of security services and controls, participate in service introduction activities ensuring operational security requirements are met and provide technical security subject matter expertise that supports stable operations.

Key Responsibilities

Information Technology Operations

  • Responsible for participating in service introduction activities by  reviewing, validating and assuring that new DLG services meet all operational security requirements and are fit for delivery.
  • Responsible for providing technical oversight of all security tools and infrastructure services in use throughout the DLG estate, making recommendations on configuration improvements and driving changes through with the relevant third party.
  • Responsible for maintaining the vulnerability management service, ensuring that each stage of the lifecycle runs effectively and management information is delivered to all key stakeholders regularly and on time.
  • Responsible for the deployment, management and support of all internal DLG security tools or infrastructure.
  • Responsible for designing firewall access rules that meet the business requirements and maintain adherence to security policies and standards.
  • Responsible for monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and provide escalations of any unknown threats to the Security Engineering Lead.
  • Responsible for providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management.
  • Responsible for reporting metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop remediation plans as required.
  • Responsible for collaborating with the Security Architecture team to report appropriate operational issues that may be resolved at an architecture level.
  • Responsible for collaborating with the Threat Intelligence team to identify opportunities for security controls optimisation in line with threats affecting technology services.

Operational On-Call Requirement

  • This role has a shared, rotational 24 / 7 on-call requirement and also forms part of information security incident response capability.

Stakeholder Management

Responsible for developing and maintaining relationships with various stakeholders, including Technology Services and IT Risk.

Required Skills/Competencies

  • Strong knowledge of security management principles and practices, including vulnerability management, event management and application security.
  • Strong practical experience with security technologies such as Web Application & Network Firewalls, Intrusion Detection/Prevention Systems, File Integrity Monitoring, SIEM, Advanced End-point Protection.
  • Strong knowledge and experience of enterprise grade technologies including operating systems, databases & web applications, including the ability to clearly articulate best practise security configurations for the associated technology.
  • Experience of working in high performing teams and understanding the dynamics of teamwork in a Security Operations Center (SOC) environment.
  • Communicate and present concisely and effectively based on appropriate level of management interaction.
  • Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc.
  • Knowledge and experience of performing network traffic analysis for identifying any developing patterns.
  • Ability to manage competing deadlines and prioritise responsibilities to effectively meet business needs.
  • Ability to work both independently and as part of a team.
  • Strong analytical skills to monitor information and perform detailed data analysis to identify any vulnerabilities.
  • Ability to identify and understand key issues and areas for improvement in the Information Security realm.
  • Motivated to delivering quality and striving for continual improvement.
  • Logical thinking and analytical ability.
  • Aptitude in solving problems independently.

Desirable Skills/Competencies

  • C#, Java, Python or PHP programming language knowledge.
  • Experience delivering and integrating security controls with cloud environments.
  • Experience in the implementation and management of an enterprise grade Privileged Access Management tool and associated processes.

Qualifications/Certifications

  • Undergraduate degree (preferably 2:1 or higher) in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math) is strongly preferred and a Master’s degree in relevant field is desired.
  • Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body are required.
  • Security certifications such as SANS Enterprise Defender (SEC501), EC-Council Certified Ethical Hacker (CEH) by a recognised professional body are strongly preferred.

Career benefits and rewards

Rewarding you is really important to us, as well as offering a competitive salary and generous holiday entitlement; you can take advantage of a wide range of benefits. The best part is you can pick and choose the benefits to suit your own lifestyle, but also pass on some of the savings to family and friends. Here are just a few we have on offer:

  • A competitive salary, benchmarked against our competitors, which will grow as you do.
  • Pension 9% of your base salary, you can choose to contribute less or more than this, and anything you don’t wish to put in to your pension you can take as cash instead!
  • Private medical insurance (anyone can choose this through our flexible benefits scheme, and managers receive this as standard)
  • Attractive holiday entitlement
  • 50% off our Home, Motor and Pet insurance
  • Free Travel insurance
  • Free Green Flag breakdown cover
  • Flexible rewards including Life insurance, income protection, critical illness insurance, personal accident insurance
  • Retail card, with discounts at big name retailers
  • My Discounts – a discounts website for all our employees, with great discounts, cash back savings and offers across hundreds of brilliant  high street brands, travel, tickets, gym memberships and much more.

Who we are
Direct Line Group is an organisation with a clear mission: to make insurance much easier and better value for customers. We are one of the leading motor, home and small business insurers in the UK. We are home to some of the nation’s best-known brands, including Direct Line, Churchill, Privilege, Green Flag and NIG.

Closing date – Undisclosed

To apply for this job click here to register your interests.

How to Apply

To apply for this role click the link shown above.

Job Categories: Engineering and sECURITY. Job Types: Full-Time and Permanent. Job Tags: diversity, equality, full time, inclusion, London - Bromley, permanent, and security engineer. Salary: Competitive.

Apply for this Job