Senior IT Security Engineer

Our client, a Government Department, is looking to recruit an experienced technical professional to join their team.

With 2 direct reports, consisting of 1 IT Security Analyst, and 1 Junior IT Security Engineer, this position is the perfect role for someone looking to step in their first leadership position.

The Role:

You will be responsible for managing IT and Cyber Security operations within the IT Operations Department, and reporting into the IT Security & Assurance Manager.

• Technical and process ownership, maintenance and operation of security and assurance systems and operational security control
• Leading IT security incident response, including routine processes of security monitoring and vulnerability management
• Working with IT and wider organisational projects to represent the needs of security operations, eg risks, monitoring, operational handover
• Will look after day–to–day security operations, and maintain an expert knowledge of security practice
• They will be a subject matter expert in technical projects, leading improvements to existing security systems, and representing security operational needs for new projects and upcoming technologies

Responsibilities:

• Lead on the use, maintenance, monitoring and improvement of operational security controls, processes and procedures, and data systems for IT security and information assurance, including:
  • Vulnerability management, intrusion prevention, web/email filtering, endpoint protection, security monitoring, data loss prevention
  • Data systems for information asset reporting, records management, information risk.
• Lead on the security incident management process, monitor effectiveness, and make changes where needed, ensuring that day–to–day operations are carried out: monitoring, triage, investigation, reporting and escalation.
• Lead investigation of, and response to, security incidents and breaches, carrying out incident management where reporting lines are unclear.
• Manage operational security processes, procedures and internal documentation to meet security and compliance needs, implementing policy and making changes where practices can be improved over time.
• Manage IT security guidance documentation for staff, other colleagues, and members of the public, coordinating within IT Operations and more widely to ensure consistent security awareness.
• Maintain detailed and up–to–date knowledge and skills of technologies and security operations, both within IT and the wider organisation, and including existing and potential new practices.
• Contribute to the development and improvement of IT security strategy and policies, making use of knowledge of best practice and of the organisation.
• Lead on deliverables and tasks to support IT Operations security compliance activities with internal colleagues and external suppliers: IT Health Check penetration testing, ISO 27001 and Cyber Essentials auditing.
• Line management of a team of IT security practitioners, carrying out and supporting security operations tasks.
• Leadership and development of a security operations capability within IT Operations, with key tasks identified, documented, and carried out as part of the role and within the team.
• Deputise for the IT Security & Assurance Manager as required.

In addition, you will also collaborate with other Government Departments and wider stakeholders on Security projects, conducting a consistent review of security risks assessment, identifying and mitigating risks, and advising on new solutions.

Experience:

• In–depth specialist technical expertise, preferably in enterprise IT infrastructure technologies within a production IT service: Firewalls, networking, Servers, cloud services, security controls,
• Keen and capable problem–solver, with analytical and critical thinking, and a logical and methodological approach to solving complex and unusual problems,
• Relevant bachelors degree, or comparable IT/information security learning and experience,
• Experience of technology and/or security operations, such as: incident investigation and resolution, root cause analysis, incident reporting, change and problem management, service improvement,
• Excellent communications skills, and ability to influence and persuade through research, engagement, and understanding.

Beneficial Experience:

• CISSP, CEH or similar qualifications
• Line management or supervisory experience
• Knowledge of UK Public Sector practises
• Knowledge of ISO 27001, NIST, Cyber Essentials, etc

Key Requirements:

• SC Cleared

The Package:

• Base Salary – up to GBP46,000
• Hybrid Working – 2 Days per Week in the Department Offices in Richmond, Surrey
• Plus Extensive Public Sector Benefits Package including Pension, Childcare Vouchers, Gym, On–site Cafe, etc

For more information get in touch now.