Cyber Security Engineer

The opportunity

As Cyber Security Engineer, you'll be responsible for supporting the ongoing operation and improvement of Cyber and Information Security systems to ensure Openwork's systems are protected against threats to its IT systems.
You'll need to understand IT infrastructure, how to deploy, and manage security tools and controls, evaluate threats that could potentially harm the organisation, and respond to security breaches.

This role would suit someone from a technical background who is proficient at deploying, optimising, and maintaining security tooling, implementing security controls, and investigating technical IT issues. Working with internal teams and/or suppliers to resolve or mitigate risks identified.

Our systems are primarily built using the Microsoft stack with a desire to make increased use of cloud technology including but not limited to Azure, Dynamics 365, and Office 365.

The role sits within the Technology division's Information Security Team. You will work closely with Cyber Security Analysts who are our first responders to cyber security incidents, although the role holder should be comfortable in security incident response.

To be successful in this role, you'll need to foster strong peer relationships across the business to promote and encourage good security practice and support your colleagues across the business in delivering the required programme of security-related change.

This is a hybrid role with 2 days per week in our Swindon office.

The benefits:

• Salary - up to £70,000
• Bonus scheme - on target bonus - 10%
• Pension scheme - contribute up to 5% of your salary and Openwork will match you and put in an extra 5%
• Critical illness cover
• Income protection - 1x salary
• Death in service - 4x salary
• 25 days holiday + bank holidays, with the opportunity to buy up to an additional 10 days
• A range of other flexible benefits to include private medical insurance, dental insurance and much more.

Key Accountabilities:

• Security Tooling: Design, implement, maintain, and troubleshoot security systems and protocols to protect sensitive data and systems from infiltration and cyber-attacks.
• Vulnerability Management: Proactive review and improvement of our vulnerability management posture (manage the tooling, ensure accurate reporting, and prioritise risk) to provide visibility across the entire estate.
• Controls Assurance: Assist with ongoing implementation, monitoring, testing, and reporting of security control coverage, compliance with policy and control effectiveness at reducing risk.
• Proactive Monitoring: Utilise Security tools and features to protect the Openwork boundary, endpoints, servers, and O365 systems.
• Security Incident Investigation: Be proficient in responding to security incidents working closely with an outsourced SOC and internal team.
• Security Testing: Help deliver a security testing programme covering critical systems and services to identify, track and remediate findings.
• Audit: Support regular internal and external audit activities.
• Project & Change Engagement: Support the security by design approach through articulation of security requirements and ensuring appropriate security due diligence.
• Continuous Improvement: Mature the security function by continuously improving technical systems and documented processes.
• Threats: Keep abreast of emerging threat types, active threats, and ways to protect Openwork systems against these.
• Security Policies and Standards: Support the development and implementation of security policies and standards.
• Reporting: Gather and collate data to assist with the production of security-related reporting.
• Data Security: Ensure appropriate data security utilising various data loss prevention tools, methods, and techniques.
• Vendor Management: Foster good working relationships with 3rd party vendors to ensure tooling is appropriately configured, active lines of communication, and escalation procedures are in place.

What will you need to succeed?

Qualifications:

• BA/BS degree, practitioner-level qualifications, or equivalent experience in the field of Information / Cyber Security.
• CompTIA Security+, Microsoft or vendor-specific security qualifications, ISC2, ISACA, or SANS GIAC certifications.

Experience:

• Established experience across a variety of cyber security disciplines.
• Excellent communication skills.
• Strong knowledge of information security principles and practices.
• Proven track record of deploying, managing, and utilising security tools.
• Participation in audits, assurance reviews, and risk assessments across complex environments.
• Experience working in financial services or a regulated environment would be advantageous.
• Exposure to the tools and techniques used for vulnerability scanning, penetration testing, firewalls, WAF, endpoint security, browsing, and email controls.
• Investigating and troubleshooting technical issues from identification to resolution, working with internal teams and suppliers as necessary.
• Understanding of security best practices across multiple domains of information security, ideally in a Microsoft-dominated ecosystem.
• Familiarity with security technologies and tooling (e.g., Microsoft Defender 365, vulnerability management, threat intelligence, and web proxy tooling).
• Knowledge of cybersecurity frameworks and standards (e.g., NIST, CIS, ISO27001, OWASP, Cyber Essentials).
• Ability to confidently convey security concepts to peers in technical teams.
• Ability to operate in a fast-paced environment with the skills to deal with complex issues.
• Demonstrable experience of producing security-related data and reports.
• Strong 'can do' attitude and a self-starter looking to progress in the field of information security.
• Highly organised to be able to lead product rollouts or upgrades in an efficient and low-risk manner.
• Thorough and detailed orientation to be able to complete low-level designs and implementation plans, based on vendor documentation and discussion.

Why us?

We're a dynamic, fast-paced, and growing business with huge ambition. This is all made possible by the brilliant people who are part of The Openwork Partnership family. We're investing heavily in our colleagues, continuously striving to give them the platform to develop personally and professionally and reach their full potential.

We're also very proud of our culture, as one of the Best 100 Large Companies to work for in 2022. The Openwork Partnership values and respects individuality and we are committed to building an inclusive culture and environment where you can balance a successful career with your commitments and interests outside of work. We believe that you will bring your best self to work if you are trusted to choose when, where, and how you do it.

On top of offering a modern workplace with bags of development opportunities, we also offer a highly attractive benefits package to reward you for your hard work. This includes a competitive base salary, an industry-leading annual bonus, enhanced pension, critical illness cover, income protection, and a range of other flexible benefits.