IT Security Engineer


Premium Job From Southern Water

Recruiter

Southern Water

Listed on

7th June 2022

Location

West Sussex

Type

Permanent

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

About the Role:

Job Title: I.T. Security Engineer
Location: Durrington, West Sussex
Perm/FTC: Permanent
Hours: 37 hours per week Monday - Friday
plus On-call support as part of a managed rota 1 week in 5 with additional allowances paid

Salary: Up to £59,100 depending on experience

Benefits: Up to 11% pension contribution; performance related annual bonus; 25 days holiday plus bank holidays; Perk Box (discount scheme); BUPA health cash plan and more!

Southern Water is powered by your talent. You are the power behind our business goals and customer mission. You will join a security team whose goals are to secure, prevent and respond to ensure the business is protected and impacts are minimal. You will join our mission to ensure we deliver processes that safe, secure, and sustainable for our data, infrastructure, staff, and our business. Our diverse IT teams create innovative, integrated solutions to empower the business, bringing automated solutions that use latest technologies to assist in delivering clean, efficient, and environmentally friendly water and wastewater solutions to our customers. We are all about improving and protecting our technology, data, staff, and business. Join our dynamic team to grow and make an impact.

What you will do: This role will perform Security Operational duties responsible for incident response and vulnerability management and other core capabilities. Responding immediately to security threats across our networks, using cutting edge technology to prevent, detect and analyse security incidents. Defend against malicious or unusual activity, you will administer these capabilities by installing and maintaining infrastructure tools and related system software. You will be continuously improving application, system, and data security by proactively analysing, monitoring, and resolving related suspicious activity or behaviour and security incidents.

How you will do it: Working in a team within SOC Security operations you will perform all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction. Monitor and analyse network traffic and security event data. Investigate intrusion attempts and perform in-depth analysis of exploits. Provide network intrusion detection expertise to support timely and effective decision making Conduct proactive threat and compromise research and analysis. Review security events that are populated in a Security Information and Event Management (SIEM) system. Analyse a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident. Independently follow procedures to contain, analyse, and eradicate malicious activity. Document all activities during an incident and providing leadership with status updates during the life cycle of the incident. Create a final incident report detailing the events of the incident Provide information regarding intrusion events, security incidents, and other threat indications and warning information to teams Assist with the development of processes and procedures to improve incident response times, analysis of incidents, and overall SOC functions. Provide guidance and mentorship to analyst team on investigative and response methodologies. Participates in special projects as required. The Security Specialist is responsible for carrying out all activities regarding SOC policies and SOC procedures. What we look for: The successful candidate will be a passionate information security professional with the ability to communicate to different business and IT leaders. The candidate will be able to execute the Information Security Incident Response and Vulnerability Management strategy. The candidate will demonstrate drive, intelligence, maturity, and energy and will have a proven dedicated desire and attitude towards Information security related topics. Security related experience in incident analysis, incident handling, vulnerability management or testing, log analysis, intrusion detection, network operations Strong verbal/written communication and interpersonal skills are required to document and communicate findings, escalate critical incidents to technical and non-technical audiences at different seniority levels and interact with customers Ability to create and maintain good business relationships with counter parts, customers, and external entities to achieve the security operations management goals Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters An understanding of adversary motivations including cybercrime, cyber hacktivism, cyber war, cyber espionage and the difference between cyber propaganda and cyber terrorism An understanding of security operations concepts such as perimeter defence, kill chain analysis, Threat Intelligence and Threat Profiling Familiarity with network security methodologies, tactics, techniques, and procedures Experience with Intrusion Detection Systems (IDS)/ Intrusion Protection Systems (IPS), SIEM and other network defence security tools Understanding of network packet capture and ability to review Experience performing security/vulnerability reviews of network environments Knowledge of network security architecture, understanding of the TCP/IP protocol and remote access security techniques/products Experience with enterprise anti-virus/malware solutions, virus outbreak management and the ability to differentiate virus activity from directed attack patterns Have experience monitoring, detecting and leading response efforts of advanced persistent threats Experience generating and modifying network and host-based Indicators of Compromise (IOC) Additional knowledge you may have: A bachelor's degree in computer engineering, computer security or computer science discipline. Experience in three or more of the following: security operations, system patching, firewall administration, engineering, system administration on Linux or Windows, BYOD (Bring your own device) management, Security management of M365 or Azure, data loss protection risk assessment and security metrics. Experience with Three or more of the following tools & technologies: Splunk, Symantec Enterprise Security, Qualys or Tenable Vulnerability Management, Darktrace, Varonis, Palo Alto Firewalls, Checkpoint, M365, Azure, AWS, F5 and VMWare tools and technologies would be an advantage. Desired Certifications (but not essential): GIAC Certified Incident Handler (GCIH) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH) Cisco Certified Network Associate Security (CCNA Security) Cisco Certified Network Associate (CCNA) Cisco Certified Network Professional Security (CCNP Security) Cisco Certified Network Professional (CCNP) Server Platform Certifications (Microsoft, Linux)

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below: