Working as part of the Security Engineering Team the Security Engineer will oversee the implementation, configuration and administration of our technical security control suite.
You will work on the design and implementation of new security controls/technologies to help further improve Next's security posture, working with the other security and IT teams to ensure they integrate with our existing systems. Once implemented the Security Engineer will help ensure these systems are maintained and tuned by working with our Red and Blue teams so as to ensure they remain effective against new and emerging threats.
As a Security Engineer you will also help mentor more inexperienced members of the team. You will also maintain an awareness of the changing threat landscape and industry standards, working to identify, justify and progress opportunities to improve the security of our environment and counter new threats.
Your role will involve participating in a shift and call out rota to help ensure our environment is monitored and supported on a 24x7 basis.
- Manage and maintain Next's technical security controls
- Establish, monitor and maintain automated processes that aid in alert information enrichment and incident management
- Maintain control baselines to identify capacity and licencing requirements for future budgets
- Ensure controls meet required standards
- Work with other Information Security teams to identify control gaps and implement improvements to address
- Work with the Information Security Management team to identify new technical controls and implement
- Work with other IT Teams to ensure that new and existing security controls integrate seamlessly with our IT systems
- Assist Incident Response team with the investigation and resolution of Security Incidents
- Create and maintain operational procedures, configuration and technical documentation to a high standard
- Manage and maintain metrics and reporting to ensure the performance of our security controls is understood
- Maintain an awareness of new and emerging security technologies and threats
- Be a mentor for more inexperienced members of the Security Engineering team
- Promote and follow good change management practices
- Help manage and resolve operational issues with technical controls, helping coordinate and direct team efforts
- Information Technology experience with an understanding of network protocols and server infrastructure
- Project delivery and design experience
- plan and prioritise workloads, and to measure and report on current progress
- Strong Windows Server and/or Linux experience
- Solid comprehension of Information Security including malware, new threats, attack techniques, and vulnerability management
- Experience installing, configuring and maintaining common security tools such as Anti-Virus, FIM, IDS/IPS
- Experience mentoring other team members
- Take a lead role in coordinating the diagnosis and resolution of major issues
- Report technical solutions to senior management in a clear and concise manner
- Must follow and promote team standards including documentation.
- Understand and operate change management
- Relevant industry recognised security qualification
- Experience with Risk Management and/or Threat Modelling
- Experience with security or compliance standards such as PCI-DSS or ISO27001
- Experience of working for a Retail company