Hackajob Stockport, England, United Kingdom
2 days ago Be among the first 25 applicants
hackajob is collaborating with UK Biobank to connect them with exceptional tech professionals for this role.
Job Description
Job Title: IT Systems Security Engineer (Level 3)
Department: Data and Technology
Reports To: Head of Information Security
Direct Reports: None
Location: UK Biobank’s facilities in Greater Manchester (Initially based in Stockport with a move to Manchester Science Park date in 2026/27).
Purpose Of The Role
Reporting to the Head of Information Security, this is a specialist role within the Data & Technology Team. Working closely with internal and external stakeholders, the role holder will use their knowledge and experience to identify information security risks and implement practical measures to protect the organisation’s data, services, and physical assets. The role holder will also be involved in the Data & Technology transformation programme, supporting the introduction of new technologies and services that deliver proactive threat prevention whilst ensuring staff and other authorised users are able to access services easily, securely, and without unnecessary barriers.
Principal Duties And Responsibilities
* Provide expert advice and assistance to enhance the security of UK Biobank data, services, and physical assets.
* Work with the Head of Information Security to develop a long-term strategy to address vulnerabilities and protect sensitive data from loss, compromise, and misuse.
* Work with the IT Manager to protect information assets in accordance with data classification.
* Assist with the re-design of the organisation’s security architecture.
* Monitor the vulnerability exposure of all end point operating systems, applications, and services.
* Oversee the deployment of security patches, firmware, drivers, and general updates.
* Undertake information security risk assessments, including for end point devices that are in exception and cannot be updated due to concerns regarding business continuity.
* Ensure that risks are recorded accurately and that risk owners are aware of their exposure.
* Where appropriate, manage identified risks to mitigation.
* Work across Data & Technology to implement controls necessary to maintain a robust security posture.
* Work with Infrastructure and Network specialists to employ technologies such as network segmentation, software defined networking, and Security Service Edge (SSE) solutions.
* Contribute to the continuous development of security processes, and overall IT capability in the management of security.
* Ensure security and technology controls are documented and are operating in compliance with both internal and external requirements.
* Review and manage SIEM alerts from our managed SOC, escalating incidents when needed.
* Produce regular reports on various information security metrics.
* Respond to, investigate, and aid in the resolution of information and cyber security incidents.
* Participate in the development and testing of the security incident response plan.
* Engage with partners, suppliers, and other third parties to evaluate risk, examine contracts, and identify data privacy issues.
* Assist with the completion of regulatory audits.
* Follow defined IT service management practices to ensure agreed service levels are maintained.
* Analyse proposed changes from an IT security standpoint to ensure risks are not introduced.
* Assist with the evaluation and testing of new technologies and services.
* Perform all duties in accordance with UK Biobank standards and regulations.
* Support IT projects as directed by the Head of Information Security or IT Manager.
Secondary Duties And Responsibilities
* Participate in general security management activities, including the installation of patches and updates, and the maintenance of antivirus/EDR software.
Person Specification
Essential Experience And Knowledge
* At least 5 years operational experience working in a security analyst, engineer, or similar role within a complex, multi-site organisation.
* CompTIA Security+, SSCP, or equivalent qualification.
* Knowledge of security models, standards, practices, benchmarks, and controls advocated by ISO, NIST, CIS, OWASP, CAF and NCSC.
* Experience of risk management and third-party assurance.
* Experience of technical and information security compliance reviews and audits, with grounding in ISO27001/2, ISO27018, PCI DSS, and NIST.
* Understanding of data privacy regulatory compliance (DPA, GDPR, HIPAA).
* Strong knowledge of the cyber threat landscape and security for operating systems, databases, networks, cloud platforms, applications, and software code.
* Experience with vulnerability scanning and threat detections tools, including those used on cloud platforms (Azure experience is advantageous).
* Experience with security technologies such as antivirus/EDR (ideally CrowdStrike), device encryption, and SIEM (ideally Microsoft Sentinel).
* Knowledge of networking and Zero Trust Network Architectures.
* Experience delivering information security risk assessments, continuity planning, incident management, and incident response.
* Ability to write security or design documentation, including policies and standards.
* Excellent verbal and written communication skills; ability to engage with both technical and non-technical stakeholders.
* Strong analytical and problem-solving skills; attention to detail; ability to gather information effectively.
Desirable Experience And Knowledge
* CISM, CISSP, or CCSP qualification.
* Experience of firewall administration, ideally Fortinet.
* Experience with identity management, data classification, and access control systems.
* Knowledge of cryptography and secure communication protocols.
Seniority level
* Mid-Senior level
Employment type
* Full-time
Job function
* Information Technology
Industries
* Software Development
Referrals increase your chances of interviewing at hackajob by 2x.
Get notified about new Information Technology Security Engineer jobs in Stockport, England, United Kingdom.
#J-18808-Ljbffr