Online since 1999 | 11,187 IT Jobs Live NOW

Security Engineer

Premium Job From Cambridge University Press & Assessment
Recruiter: Cambridge University Press & Assessment
Listed on: 15th March
Location: Cambridge
Salary/Rate: £33000 - £39000
Type: Permanent
Start Date: ASAP

This job has now expired please search on the home page to find live IT Jobs.

We are Cambridge University Press & Assessment, a world-leading academic publisher and assessment organisation, and a proud part of the University of Cambridge.
We are looking for a Security Engineer to join our Group Security & Risk department, based in Cambridge on a hybrid working basis. This role is ideal for someone with some prior cyber security or information security experience who may be looking to move on to the next step in their career, enhancing the department's capabilities whilst advancing their own knowledge and skills through our training and certification programmes.
Our mission is to contribute to society through the pursuit of education, learning, and research at the highest international levels of excellence. Which is why every year, we give vital support to millions of people in more than 170 countries around the world. From teachers and learners to researchers and academics, we help to build confidence, unlock potential, and enable success. We give people the opportunity to show what they've learnt, we spread knowledge, spark enquiry, and aid understanding.
We achieve this by embracing change, and continuously focusing on our customers' needs. And by collaborating, and carefully listening to our customers and to each other, we keep moving forward, keep innovating, and keep finding newer and better ways of doing things.
The Role
The Security Engineering team are primarily security generalists. We must all maintain a baseline knowledge across a broad range of security topics, but each team member is given the opportunity to explore and grow into their own individual specialisms that interest them.
Our Security Engineers assist on the continual improvement of our security platforms and their integrations, our policies, processes, and configurations, and other effective security controls to mitigate potential threats to Cambridge and its people, information, and technology. We facilitate and perform security assurance testing such as penetration tests and vulnerability assessments, serve as an escalation route from the Security Operations Centre (SOC) for incident response and digital forensics investigations, and provide technical security support and advice to our colleagues across the wider Group Security & Risk department as well as the rest of the organisation.
Day to day, our Security Engineers will:

Perform security assurance testing, from maintaining our vulnerability management platform, to performing internal testing and arranging for external penetration tests
Perform technical audits to ensure our systems and their configurations align with good practice and published security frameworks and standards - such as CIS, PCI-DSS, Cyber Essentials, NIST etc.
Develop Security Orchestration, Automation & Response (SOAR) opportunities, through scripting and integrations
Actively research current cyber security trends, threats & vulnerabilities, and assist our SOC to threat hunt and monitor our systems by building and tuning our threat detection rules
Maintain our Security-owned platforms and assist in the running of the department's processes and operational procedures
Fundamentally, raise awareness of cyber security & information privacy throughout the organisation

We will support you in your role by providing regular training opportunities, from access to online eLearning platforms, red team and blue team online labs, to virtual and/or in-person training courses and certification opportunities such as BTL1. From a baseline grounding across a wide range of security topics, you will have the space to grow and develop your own specialisms to become a subject matter expert within the team on your own areas of interest.
About you
Knowledge
Knowledge at a baseline level across a broad range of information technology and information security / cyber security topics:

Threat Assessment & Security Risk
Implementing Secure Systems and Controls
Assurance, Audit and Compliance Testing
Operational Security - Security Monitoring, Guidance and Platform Operations
Incident Management, Investigations and Digital Forensics
Data Protection and Privacy
Security Awareness

This knowledge can be evidenced via completion of relevant accredited certification scheme(s), academic qualifications at BSc or MSc, or from prior personal work experience and other training.
Skills & Experience
Ideally you will have a minimum of one years' working experience within a technical information security role, or at least two years' experience within information technology and able to evidence technical security skills gained through other means (i.e., self-led training). Skills and experience can come from within a mix of information security disciplines, such as:

Network and application security controls
Cyber Threat Intelligence
Digital forensics and/or incident response
Operational security platform management
Security event monitoring (SIEM) and threat detection engineering
Security assurance testing (penetration testing)
Automation of operational security processes
Security standards and frameworks such as CIS CSC and Benchmarks, PCI-DSS, ISO 27001, Cyber Essentials Plus, etc.


Any skills within the following areas are desirable, but not essential:

Scripting or programming skills, such as Python or PowerShell
Microsoft 365 Security & Compliance Centre configuration and alert management
Anti-Virus system and policy management in platforms such as Microsoft Defender, McAfee Endpoint Security or Sophos Intercept-X
Detection engineering with Sysmon, and alert tuning in machine-learning & analytical SIEM platforms like Exabeam, Azure Sentinel or Securonix
Use of vulnerability management platforms such as Qualys, Tenable or Rapid7, and penetration testing tools like Kali, Metasploit, and Burp Pro

The key to our work is our colleagues, whose shared commitment enables us to have an ever-greater impact. We are a united, vibrant, and respectful global community of people, and we ensure that every individual is recognised, listened to, and cared for. And because our impact is amplified when our people are empowered, we give everyone the opportunity to develop in their own way. Whether you want a career that's linear, or want to follow your own path, we'll support you, and help give you the resources and training you'll need to be bold and take ownership of what you do.
The closing date for application is 3rd of April.
For more information and to apply please click APPLY NOW
Cambridge University Press & Assessment is committed to being a place where anyone can enjoy a successful career, where it's safe to speak up, and where we learn continuously to improve together. We welcome applications from all candidates, regardless of demographic characteristics (age, disability, educational attainment, ethnicity, gender, marital status, neurodiversity, religion, sex, and sexual identity), cultural, or social class/background.
We believe that diversity of thought, background, and approach create better outcomes. More importantly, fostering an inclusive culture is the right thing to do, and it's part of how we achieve our purpose: to contribute to society through the pursuit of education, learning and research at the highest international levels of excellence. Ensuring that anyone, no matter who they are, feels they belong here is an essential part of who we are and the contribution we make to society, and to our planet.
To enable an environment which our people can thrive in, our customers benefit from, and where work complements life, we empower everyone to manage their time and capacity, and to prioritise their wellbeing. That's why from day one everyone at Cambridge University Press & Assessment can discuss flexible working options to find the best solution for them and their role.