Contract typePermanent Full Time
The primary purpose of the role of Security Engineer is to help to ensure that the Company’s information and information systems are protected from unauthorised access, use, disclosure, disruption, modification or destruction, through the implementation of properly managed security solutions, and continued application of effective security controls. The individual will play a key role in defining, implementing, maintaining and ensuring the integrity and consistency of end to end information security solutions.
About the role
· Be a key member of the Security Engineering team who responsible for technical security solutions, and helping to ensure that these are implemented effectively in conjunction with the Infrastructure Engineering and Service Operations teams, 3rd parties, whilst working closely with the Hastings Risk team
· Engineering support of the Security Infrastructure with hands-on technical design, implementation and management of core security platforms, and plays an integral part in all information security related projects
· Evaluates new security technologies and products and performs engineering work and analysis to determine if solutions should be pursued, and subsequent implementation as required
· Contributing to the Security Technology roadmaps
· Support the delivery of new projects by helping to ensure that these are risk assessed, security controls are identified and implemented successfully before going live, and that solutions meet relevant information security principles
· Assist in the development and maintenance of security policies, standards and procedures to support the Group's risk management framework and business strategy
· Ensure security controls continue to be effective by implementing an ongoing roadmap of work to review and remediate
· Implementing the penetration test and vulnerability management process and schedule and working with relevant stakeholders such as Infrastructure Engineering, DevOps and 3rd parties to remediate effectively and properly in accordance to their criticality
· Responsible for assisting with the creation of detailed metrics and reports based on information security risk analysis to reduce and mitigate risk, including RAG based status tracking, security dashboard reporting and trending for ExCo and Risk Management audience
· 5 years hands-on security engineering experience of Operating Systems, Active Directory, DNS, Group Policy, Network Protocols, PKI, proxies, access management, etc.
· 3 years implementation and administration experience of a wide range of security products such as access audit tools, anti-virus, IDS, IPS, DLP, Firewalls, End Point security, encryption, DDOS protection, etc.
· Experience of implementing and monitoring SIEM systems and managing associated incident response processes
· Working knowledge of host hardening techniques including Windows/UNIX/Linux
· An understanding and, ideally, practical experience of enterprise information security and knowledge of some standards including Cyber Essentials, ISO 27001, PCI-DSS, Data Protection Act and GDPR
· Understanding, or willingness to learn, of tools and techniques used by ethical hackers including vulnerability testing tools and methodologies
· Ability to demonstrate an interest in Information Security generally, including knowledge of current and evolving Cyber threats
· Experience with security testing tools, development of threat assessments and security testing methodologies is desirable
What will you get in return?
Hastings will provide you with initial training across our core platform (Guidewire) and associated technologies and be assigned a “buddy” to provide mentoring and support within your allocated agile team.
Working with Hastings Direct, means you can bring “yourself” to work and be a part of our growth and success. Working alongside our expert IT Leadership team in a dynamic, fun and friendly environment!
In return you will receive a competitive starting salary, a £5K car allowance, an end of year bonus potential (up to 10% of salary), 27 days holiday + bank holidays alongside an excellent company pension scheme.
Hastings Group is an equal opportunities employer which means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion/belief, sexual orientation, gender reassignment or marital/family status. Please also note that we have a thorough referencing process, which includes credit and criminal record checks.