Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.
We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.
We have an opportunity for a Cyber Security Engineer to join us, based within our Security Operations function.
Reporting to our Senior Security Operations Manager, you’ll work as part of a delivery team responsible for security remediation activities across a hybrid IT estate.
This will be a fixed term contract position for a period of 12 months.
You’ll be required to travel to Cumberland House in Carlisle as and when required for meetings and operational tasks. The expectation will be a minimum of 2 days per month, on average.
The Benefits
* Salary – up to £62,063 p.a. depending on skills and experience.
* Holidays - 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
* Learning and Development opportunities - We want you to grow in your role. We’ll work together to support your personal and professional development.
* Hybrid Working - the tools and equipment you need to be able to work from home when you need to, depending on your role.
* Health and Wellbeing - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
* Community Day - We offer our people an extra paid day off every year to help local charities and community organisations.
What will you be doing?
You’ll work alongside infrastructure engineers and security analysts to identify and remediate security issues to deliver positive results, identifying and addressing threats across our networks, platforms, and systems, making sure our security controls meet UK regulations, industry standards, and business needs. This will involve both technical hands-on security and clear communication with stakeholders, including reporting on vulnerabilities, implementing best practice procedures that will help the society remain secure.
Key Responsibilities
* Lead on vulnerability remediation activities and security validation testing
* Support patching of Windows and Linux IT estates both on premise and in the cloud
* Use and optimise security tooling (e.g. firewalls, IDS/IPS, SIEM and endpoint protection)
* Contribute to evolving internal controls and support continuous improvement
* Implement security controls across IT operations through collaboration
* Provide practical security guidance to colleagues, supporting awareness and best practice
About you:
You’ll have strong, practical knowledge of security frameworks, industry standards, and regulatory requirements, such as Cyber Essentials Plus, ISO 27001, and GDPR as well as experience with Microsoft security tools, including the Defender, Entra ID, Purview, and cloud platforms (Primarily Azure).
We’re looking for experience of configuring and management SIEM tooling in medium sized enterprise along with certifications such as CISSP, CISM, Cyber Essentials/Plus, Azure or AWS accreditations are desirable. We’d also like to see experience working as a cyber security engineer or similar role in a regulated UK financial environment.
Other essential requirements include:
* Hands-on skills in areas such as identity and access management, endpoint protection, vulnerability and patch management, and cloud security.
* Ability to explain complex technical issues clearly to different audiences, both technical and non-technical.