Information Security Engineer Nationwide Software Company Worthing, West Sussex (Office based) 50K to 55K plus excellent benefits
Stratospherec is recruiting for an Information Security Engineer to be based in the West Sussex office of our client who is a leading software company. In this role you will use your Information Security Engineer/Analyst expertise both supporting and enhancing this nationwide companys cybersecurity posture through the securing of enterprise applications, data and infrastructure and by identifying, assessing, and mitigating security risks. This is a hands-on, predominantly office-based role requiring experience in application and data security, vulnerability assessments, security administration, threat monitoring and response.
You will work alongside a multidisciplinary team of infrastructure, support staff and developers, cross-functionally supporting colleagues from across the business and the wider IT team to ensure security requirements are met and outstanding service delivered.
Collaborating with development teams to implement secure coding practices and conduct secure SDLC assessments.
Using tooling to Identify application vulnerabilities and support remediation efforts.
Monitoring security policies, standards, and best practices.
Reviewing and monitoring user access and identity management controls across systems.
Key activities in relation to Penetration Testing & Vulnerability Assessments will include conducting internal and external penetration tests to evaluate system security.
Analysing scan results, prioritizing risks, and coordinating with stakeholders for remediation.
Key activities in relation to threat monitoring and response will include monitoring networks, systems, and applications for potential threats and unusual activity.
Responding to security incidents, investigating breaches, and leading root cause analyses.
Conducting security awareness training and collaborating across departments to promote a security-first culture.
Liaising with stakeholders to understand requirements, provide updates, and ensure project alignment with business objectives.
Implementing monitoring and alerting systems to ensure the health and performance of all systems.
Providing Monthly Information Security reporting.
You must have demonstrable experience of Information and Cyber Security practices like NIST, Cyber Essentials +, ISO27001.
Familiarity with regulatory compliance and auditing standards.
Ability to identify, assess and mitigate security risks.
Knowledge of penetration testing and vulnerability scanning tools like Nessus and Qualys.
Proficiency in applying security tooling including firewalls, VPNs, Network Traffic Analysis.
Knowledge of network protocols TCP/IP, DNS, SSH
Familiarity with network segmentation
Experience with endpoint protection software EDR, Anti-Virus, DLP and securing mobile, tablet, laptop, desktop devices.
Experience with log analysis and incident detection.
Incident detection, containment and mitigation through post-incident investigations and root cause analysis.
Data encryption and Data Loss Prevention.
Identity Access Management deployment Azure AD, MFA, SSO, RBAC
Security auditing and monitoring.
Experience in deploying security solutions across business projects.
Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
35+ years of experience in cybersecurity or information security engineering/analysis.
Familiarity with scripting languages (Python, Bash, PowerShell) is a plus.
If you have 35+ years of experience in cybersecurity or information security engineering/analysis with relevant certifications, along with strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks alongside experience with security tools, and you are looking to join a team at a friendly, supportive company that prides itself on encouraging further professional development then please get in touch as soon as possible to arrange a conversation regarding this exciting new Information Security/Analyst role?