Security Operations Engineer

Join our Operations team

Application deadline: 30th jun 2021

Job Purpose

Egress are recruiting a Security Operations Engineer, with experience of supporting services provides to the UK Government. The purpose of the role is to develop, maintain and manage effective cyber security operations. The role requires the candidate to produce and manage ISO27001:2013, HMG Risk / Assurance Document Sets and other policies and processes as required.

This role will report directly to the Security Operations Lead and be a virtual member of the Operations team. The candidate will work closely with a range of teams providing security guidance on best practice and compliance; developing a culture where Security is at the heart of everything we do.

As a Security Operations Engineer, you will need to demonstrate effective communication skills working with internal and external stakeholders, including customer accreditor’s and security teams.

Role and Responsibilities

Process and Policy

  • Produce and maintain documentation to support Egress’ ISO27001:2013 certification, including internal audits against the defined controls. Our scope in 2020 expanded to include our Boston office, so may involve travel
  • Produce and maintain the Assurance Document Set required for providing OFFICIAL services to the UK Government, notably the MoJ (CJSM)
  • To undertake security risk assessments, producing an action plan and reporting on progress to the Director of Security and Compliance

ISMS

Provide support for the operation and maintenance of the ISMS which includes, but is not limited to the following tasks:

  • Assist the Director of Security and Compliance with all ISMS tasks
  • Annual review of ISMS policies and writing new ones when required
  • Identify Information Security goals to meet business requirements
  • Risk Assessments and mitigation
  • Monitor internal and external threats and provide mitigation solutions
  • Management and monitoring of controls to ensure that they are fully and correctly implemented
  • Management of information security incidents, including review and lessons learnt
  • Support the Egress internal audit program for all areas of the business, utilising the skill set of all trained internal auditors

Information Security

  • Be a company point of contact for all questions and queries around Information Security, including RFIs
  • Assist the Director of Security and Compliance in GDPR requests (Data Subject Access and Deletions)
  • Investigate and support queries and events raised by our SIEM
  • Assisting the Security Engineering team on planning and executing penetration tests of our core service lines, including remediation planning
  • Oversee access requests to sensitive / production data
  • Assist with vulnerability management in critical systems
  • Conduct due diligence checks on proposed new suppliers/software, including annual reviews and vendor assessments

Stakeholder Engagement

  • To support the Security Operations Lead as a single point of contact with Egress UK Government customers for Security Operations, including security incidents and problem management
  • Attend customer meetings and own Egress actions that arise from these
  • Supplier onboarding and ongoing security management of key sub-contractors
  • Work with various teams across the organisation to complete customer information requests in a timely manner

Reporting

  • Support monthly reporting to Egress ISMS and customers
  • Assist in providing internal ISO audits
  • Defining and reporting on security KPIs
  • Reviewing monthly reports, ensuring accuracy and sharing with relevant parties

Training

  • Design and deliver Security Training material for internal Security Awareness training and new starters
  • Assist with the internal security training

Certifications

  • Define and shape the compliance roadmap for all Egress sites (including US and UK specific certifications) that will help drive sales and enhance our security posture
  • Assist the Director of Security and Compliance in obtaining new certifications as they are released

Role Requirements

Essential

  • Strong educational background with a degree in Information Security or related field
  • Experience in producing and maintain UK HMG Accreditation / Assurance Documentation Set
  • Knowledge of the NCSC Cloud Security Principles
  • Knowledge of ISO27001
  • Excellent communication, verbal and written skills

Desirable

  • Certified Information Systems Security Professional (CISSP)
  • Experience of working on Secure Email Services
  • Experience of working with Cloud-hosted solutions
  • Qualified and experienced ISO27001 lead implementer or lead auditor
  • Awareness of:
    • ISO9001:2015 Quality Management Systems
    • ISO27701:2019 Privacy Information Management
    • ISO27017:2015 Code of Practice for information security controls for cloud services
    • ISO27018:2014 Code of Practice for protection of PII in public clouds (to align with all our host providers)
    • PCI DSS
    • Certified Product Assurance (CPA)
    • SOC2
    • HIPPA
    • NIST 800 Controls

Benefits

Social
  • Regular charity events and fundraisers
  • Monthly socials paid for by the company
  • Annually fully funded company kickoff
  • Management / peer recognition programmes with rewards
  • Regular employee personal development and training reviews
  • Flexible dress code
  • Social pool league

Physical
  • Free eyecare vouchers
  • Free breakfast, fruit and all the coffee you can drink
  • Fully funded private medical
  • Discounted gym membership
  • Cycle to work scheme




Financial
  • 25 days annual leave, increasing to 26 after your first year in the business
  • Contributory pension scheme
  • £2,000 employee referral scheme
  • Eligibility to participate in Enterprise Management Investment (EMI) stock option scheme
  • Egress perks portal and retail discount scheme

Similar Jobs

Job Department Location Closing Date
Graduate Platform Engineer Operations Boston 30 juni 2021