Information Security Engineer

My client is a Tier one bank looking for an Information Security Engineer, you will be joining a growing Security Team who manages the security of the BPS gateway; covering security consultancy, governance, vulnerability management and audit control

Overall purpose of role

The Information Security Engineer will be part of Security Team. Primary focus will be on ensuring the infrastructure is secure, robust, resilient and compliant to PCI standards through security tools and analytics to identify possible security vulnerabilities that need to be hardened.

Key Accountabilities

This activity will include:

• Support the Security & Compliance team to ensure adherence to defined Standards and Policy
• Support and maintain PCI DSS compliance
• Work with 3rd Party partners to assure compliance with internal and industry Standards in order to protect the organisation’s Information Assets
• Have involvement with all Information Security functions
• Execute technical information security controls to ensure the business operates securely
• Coordinate regular internal & external penetration testing as required
• Perform Vulnerability scans, analysing and managing the initiation of any required remediation
• Monitoring and management of systems through the relevant security tool sets available e.g. FIM & SIEM
• Coordinate/implement security changes with internal and external suppliers
• Risk assess and recommend controls to reduce risk and potential vulnerabilities
• Perform wireless scanning
• Respond to Requests For Information (RFI), Requests for Proposals (RFP) and Security Assurance Questionnaire’s
• Support other Information Security tasks as required
• Perform the role of key custodian in line with key management procedures
• Producing monthly reports on our security position
• Stakeholder Management and Leadership
• Decision-making and Problem Solving

Adhere to the Change Management process, including presenting change requests with sufficient clarity to allow the appropriate authority to understand the reason for the change, the associated risk, the ease of regression and the implications of making or not making the change.

Stakeholder Management and Leadership

You will be interacting with the Security Operations Team to ensure the infrastructure is secure and compliant to PCI standards. Reports will be created and released to the head of the department as part of the monthly security reporting package. You will be liaising with our PCI QSA within audits as required.

Person Specification

You must have technical understanding, enabling understanding of information security implementations

• Knowledge/experience of PCI DSS, in particular operating in a PCI compliant environment
• Strong organisational skills with the ability to plan and coordinate daily tasks and track them effectively
• Security risk management knowledge
• Security systems - AV, Malware, Firewalls, IPS/IDS, log management & Content Filtering
• Security Incident & Event Management
• Networking Fundamentals (LAN/WAN/WiFi/TCPIP, DHCP & DNS)
• Knowledge of IT Security principles, techniques and technologies
• Understanding the technical aspects of the Information Security
• Experience supporting environments with large (>100) numbers of Servers.