Position: Principal Security Engineer
Salary: £105,000 plus benefits package
We are currently working with a prestigious financial services business who are currently undergoing an enormous transformation within their IT function. They are looking to recruit a Principal Security Engineer to assist in developing their cyber defence capabilities to protect the group from cyber threats which seek to impact the confidentiality, integrity, and availability of group assets. Domain area is Network Security.
Skills and Experience:
- Enterprise and service provider network, architecture, engineering, and operations. Level of knowledge in the domain area would be considered an expert.
- Network security architecture, engineering, and operations. Level of knowledge in the domain area would be considered an expert.
- Architecture and engineering of layered control capabilities to an expert level.
- A strong understanding of information security principles and best practices.
- Adversary Tools, Techniques and Procedures. A deep understanding of TTP's is required.
- Threat Modelling experience.
- Broad technology knowledge across non-core domain area.
- Modern engineering practices, automation to drive efficiencies. Infrastructure as Code mindset. Code /scripting for practical tasks and tool integrations.
- Structured and methodical troubleshooting practices for resolving the most complex problems.
- Policies, standards and security frameworks, NIST, CIS. Strong skills to author formal documentation.
- Risk and control, management, monitoring and reporting.
- The role holder works independently and with guidance only in the most complex of situations. The role holder is expected to solve problems with sound judgement and in a way that is aligned to good practice and in the long-term interests of the organisation.
- The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant to the role/domain area.
- Business and sector expertise
- Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.
- Must have significant experience of working in security focussed roles. Likely will have greater than 5 years full time in security roles as part of an overall career in technology in excess of 10 years focussed predominantly in the domain area for the role. Expected to have direct hands-on experience in some of the domain area technologies.
- Leadership and management experience
- Managing a non-FTE delivers from contingent and/or partner/vendors in delivery.
- Experience in advocating for and influencing change in order to reach best outcome based on the needs of the organisation, stakeholders and from monitoring industry trends.
- Mentoring and guiding those at earlier career stages to grow the competence and experience of the team.