Information Security Engineer – Nationwide Software Company – Worthing, West Sussex
Stratospherec is recruiting for an Information Security Engineer to be based in the West Sussex office of our client who is a leading software company. In this role you will use your Information Security Engineer/Analyst expertise both supporting and enhancing this nationwide company’s cybersecurity posture through the securing of enterprise applications, data and infrastructure and by identifying, assessing, and mitigating security risks. This is a hands‑on, predominantly office‑based role requiring experience in application and data security, vulnerability assessments, security administration, threat monitoring and response.
KEY ACTIVITIES
* Perform security reviews of application architecture, source code, and third‑party integrations.
* Collaborate with development teams to implement secure coding practices and conduct secure SDLC assessments.
* Use tooling to identify application vulnerabilities and support remediation efforts.
* Manage and configure security tools and systems (e.g., firewalls, SIEM, IDS/IPS, endpoint protection, etc.).
* Monitor security policies, standards, and best practices.
* Review and monitor user access and identity management controls across systems.
* Conduct internal and external penetration tests to evaluate system security.
* Perform regular vulnerability scans using tools like Nessus, Qualys, or OpenVAS.
* Analyze scan results, prioritize risks, and coordinate with stakeholders for remediation.
* Monitor networks, systems, and applications for potential threats and unusual activity.
* Respond to security incidents, investigate breaches, and lead root cause analyses.
* Maintain incident response procedures and participate in tabletop exercises.
* Recommend technical and procedural improvements to strengthen security defences.
* Stay current with emerging security threats, vulnerabilities, and compliance requirements.
* Conduct security awareness training and collaborate across departments to promote a security‑first culture.
* Liaise with stakeholders to understand requirements, provide updates, and ensure project alignment with business objectives.
* Implement monitoring and alerting systems to ensure the health and performance of all systems.
* Ensure all systems and processes comply with security best practices and industry standards.
* Troubleshoot and resolve issues related to security breaches.
* Provide monthly information security reporting.
* Maintain comprehensive documentation of systems, processes, and procedures.
KEY SKILLS
* Demonstrable experience of Information and Cyber Security practices like NIST, Cyber Essentials +, ISO27001.
* Familiarity with regulatory compliance and auditing standards.
* Ability to identify, assess and mitigate security risks.
* Knowledge of penetration testing and vulnerability scanning tools like Nessus and Qualys.
* Proficiency in applying security tooling including firewalls, VPN’s, Network Traffic Analysis.
* Knowledge of network protocols TCP/IP, HTTP, DNS, SSH.
* Familiarity with network segmentation.
* Experience with endpoint protection software EDR, Anti‑Virus, DLP and securing mobile, tablet, laptop, desktop devices.
* Familiar with Zero Trust security models.
* Proficient in using SIEM tools.
* Experience with log analysis and incident detection.
* Familiarity with securing cloud‑native applications, containers and microservices.
* Incident detection, containment and mitigation through post‑incident investigations and root cause analysis.
* Data encryption and Data Loss Prevention.
* Identity Access Management deployment Azure AD, MFA, SSO, RBAC.
* Security auditing and monitoring.
* Experience in deploying security solutions across business projects.
* Excellent analytical and problem‑solving abilities.
* Strong communication skills and stakeholder management skills.
EDUCATION & EXPERIENCE
* Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
* 3–5+ years of experience in cybersecurity or information security engineering/analysis.
* Strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks.
* Experience with security tools.
* Familiarity with scripting languages (Python, Bash, PowerShell) is a plus.
If you have 3–5+ years of experience in cybersecurity or information security engineering/analysis with relevant certifications, along with strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks alongside experience with security tools, and you are looking to join a team at a friendly, supportive company that prides itself on encouraging further professional development then please get in touch as soon as possible to arrange a conversation regarding this exciting new Information Security/Analyst role?
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: IT System Operations and Maintenance and IT System Custom Software Development
Referrals increase your chances of interviewing at Stratospherec Limited by 2x
#J-18808-Ljbffr