Information Systems Security Engineer
- Inside IR35 3 month contract
- 3/4 days in office
This role is pivotal in establishing and driving the security engineering capability within the Information Security team. The role involves ensuring adequate security across projects and reporting to the Information Security Engineering Lead.
As a security engineer, you will identify requirements, design, and advise on the implementation of technical security standards and controls across organisational projects.
The role is responsible for ensuring robust security measures across the organisation. This includes understanding the problem space and stakeholder information protection needs, developing security requirements, recommending controls, and ensuring security is integrated throughout the lifecycle of projects and systems.
Key Responsibilities and Accountabilities
- Ensure security by design across technical projects and develop trusted systems.
- Participate in the acquisition process, addressing security considerations.
- Define and manage non-functional requirements related to security.
- Capture and refine information security requirements, integrating them into information systems via design or configuration.
- Collaborate with stakeholders throughout the lifecycle of projects and systems to ensure adequate security measures are implemented.
- Conduct security reviews, identify gaps in security posture, and develop risk management plans.
- Document the impact of new systems or interfaces on the security posture of the current environment.
- Perform risk assessments to identify vulnerabilities and threats to systems and data.
- Design and implement secure solutions to address identified needs.
- Manage risks, assumptions, issues, decisions, opportunities, constraints, and dependencies throughout the system lifecycle.
Key Skills
- Proficient understanding of security engineering requirements and best practices.
- Strong risk management and security engineering practices throughout system lifecycles.
- Excellent communication and stakeholder management skills, with the ability to work collaboratively across business units and external partners.
- High initiative and ability to drive change, translating technical security issues into business risks for non-technical audiences.
Knowledge and Experience
- Bachelor's degree in Computer Science, Systems Engineering, Cyber Security, or related discipline; or professional security management certifications.
- Multi-year experience in security engineering.
- Experience with common security frameworks such as NIST, ISO 27001, PCI, CIS, OWASP.
- Extensive experience ensuring security by design throughout lifecycles.
- Cloud security qualifications (e.g., Microsoft Certified Cybersecurity Architect Expert, AWS Solutions Architect)
- ISSEP (Information Systems Security Engineering Professional)
Personal Characteristics
- Strong problem-solving skills and critical thinking in complex and constrained scenarios.
- High level of personal integrity and ethics, with sound judgement in security matters.
- Advanced skills in communication, collaboration, problem-solving, and stakeholder management.
- Demonstrates initiative and the ability to work independently to shape and lead change.
