Security Engineer
Recruiter
Cambridge University Press & Assessment
Listed on
15th March 2022
Location
Cambridge
Salary/Rate
£33000 - £39000
Type
Permanent
Start Date
ASAP
This job has now expired please search on the home page to find live IT Jobs.
We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation, and a proud part of the University of Cambridge. We are looking for a Security Engineer to join our Group Security & Risk department, based in Cambridge on a hybrid working basis. This role is ideal for someone with some prior cyber security or information security experience who may be looking to move on to the next step in their career, enhancing the department's capabilities whilst advancing their own knowledge and skills through our training and certification programmes. Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence. Which is why every year, we give vital support to millions of people in more than 170 countries around the world. From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success. We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding. We achieve this by embracing change, and continuously focusing on our customers' needs. And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things. The Role The Security Engineering team are primarily security generalists. We must all maintain a baseline knowledge across a broad range of security topics, but each team member is given the opportunity to explore and grow into their own individual specialisms that interest them. Our Security Engineers assist on the continual improvement of our security platforms and their integrations, our policies, processes, and configurations, and other effective security controls to mitigate potential threats to Cambridge and its people, information, and technology. We facilitate and perform security assurance testing such as penetration tests and vulnerability assessments, serve as an escalation route from the Security Operations Centre (SOC) for incident response and digital forensics investigations, and provide technical security support and advice to our colleagues across the wider Group Security & Risk department as well as the rest of the organisation. Day to day, our Security Engineers will: Perform security assurance testing, from maintaining our vulnerability management platform, to performing internal testing and arranging for external penetration tests Perform technical audits to ensure our systems and their configurations align with good practice and published security frameworks and standards - such as CIS, PCI-DSS, Cyber Essentials, NIST etc. Develop Security Orchestration, Automation & Response (SOAR) opportunities, through scripting and integrations Actively research current cyber security trends, threats & vulnerabilities, and assist our SOC to threat hunt and monitor our systems by building and tuning our threat detection rules Maintain our Security-owned platforms and assist in the running of the department's processes and operational procedures Fundamentally, raise awareness of cyber security & information privacy throughout the organisation We will support you in your role by providing regular training opportunities, from access to online eLearning platforms, red team and blue team online labs, to virtual and/or in-person training courses and certification opportunities such as BTL1. From a baseline grounding across a wide range of security topics, you will have the space to grow and develop your own specialisms to become a subject matter expert within the team on your own areas of interest. About you Knowledge Knowledge at a baseline level across a broad range of information technology and information security / cyber security topics: Threat Assessment & Security Risk Implementing Secure Systems and Controls Assurance, Audit and Compliance Testing Operational Security - Security Monitoring, Guidance and Platform Operations Incident Management, Investigations and Digital Forensics Data Protection and Privacy Security Awareness This knowledge can be evidenced via completion of relevant accredited certification scheme(s), academic qualifications at BSc or MSc, or from prior personal work experience and other training. Skills & Experience Ideally you will have a minimum of one years' working experience within a technical information security role, or at least two years' experience within information technology and able to evidence technical security skills gained through other means (i.e., self-led training). Skills and experience can come from within a mix of information security disciplines, such as: Network and application security controls Cyber Threat Intelligence Digital forensics and/or incident response Operational security platform management Security event monitoring (SIEM) and threat detection engineering Security assurance testing (penetration testing) Automation of operational security processes Security standards and frameworks such as CIS CSC and Benchmarks, PCI-DSS, ISO 27001, Cyber Essentials Plus, etc.Any skills within the following areas are desirable, but not essential: Scripting or programming skills, such as Python or PowerShell Microsoft 365 Security & Compliance Centre configuration and alert management Anti-Virus system and policy management in platforms such as Microsoft Defender, McAfee Endpoint Security or Sophos Intercept-X Detection engineering with Sysmon, and alert tuning in machine-learning & analytical SIEM platforms like Exabeam, Azure Sentinel or Securonix Use of vulnerability management platforms such as Qualys, Tenable or Rapid7, and penetration testing tools like Kali, Metasploit, and Burp Pro The key to our work is our colleagues, whose shared commitment enables us to have an ever-greater impact. We are a united, vibrant, and respectful global community of people, and we ensure that every individual is recognised, listened to, and cared for. And because our impact is amplified when our people are empowered, we give everyone the opportunity to develop in their own way. Whether you want a career that's linear, or want to follow your own path, we'll support you, and help give you the resources and training you'll need to be bold and take ownership of what you do. The closing date for application is 3rd of April. For more information and to apply please click APPLY NOW Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it's safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, and sexual identity), cultural, or social class/background. We believe that diversity of thought, background, and approach create better outcomes. More importantly, fostering an inclusive culture is the right thing to do, and it's part of how we achieve our purpose: to contribute to society through the pursuit of education, learning and research at the highest international levels of excellence. Ensuring that anyone, no matter who they are, feels they belong here is an essential part of who we are and the contribution we make to society, and to our planet. To enable an environment which our people can thrive in, our customers benefit from, and where work complements life, we empower everyone to manage their time and capacity, and to prioritise their wellbeing. That's why from day one everyone at Cambridge University Press & Assessment can discuss flexible working options to find the best solution for them and their role.
