Security Engineer Resilience

Security Engineer (Resilience)
Banking
Hybrid: 2 days onsite at your preferred location - Edinburgh, Leeds, Manchester, Birmingham, Bristol
6 months+
£750 per day

In short: Security Engineer required to join a large bank's resilience team in supporting remediation activities across 3000 applications covering SAST and DAST testing, cryptography, encryption - typical security engineering in banking.

In full:

About the Role

As the Data Resilience Security Engineer, you will focus on Data Security; assuring the group safeguards data and associated assets from vulnerabilities and threats that could lead to a compromise of the integrity and availability leading to customer harm.

The role reports into the Data Resilience Technical Lead and requires ambitious individuals with a proactive, can-do attitude and solution-oriented mindset to deliver at pace.

Key Responsibilities:

• The primary security contact for data resilience.
• Provide input and direction on security assessments to identify gaps that could lead to IBS Impact Tolerance thresholds being breached.
• Develop security initiatives and guidance for Operational Resilience, Chief Security Office and change frameworks.
• Oversee the development of security controls and collaborate with platform teams and Chief Security Office to remediate security gaps.
• Perform horizon scanning and provide input to group policies and procedures.
• Support and grow team members in security domains of data resilience.
• Present data resilience security gaps to peers and senior stakeholders

What we're looking for;

We will need to see evidence of the following in your CV;

• Multiple examples of security scanning and testing, including Qualys, Ethical Hacking, SAST & DAST
• Vulnerability management (CVSS)
• Hands on experience of modern security architecture along with diagnostic and monitoring tooling.
• Proficient in Cryptographic key management and encryption deployments.
• Knowledge of ISO 27001/27002, NIST and/or CIS
• Knowledge of SIEM tooling (Splunk)
• Knowledge of Endpoint Detection and Response tooling (SentinelOne)
• Knowledge of zero trust security for applications
• Knowledge of Operating Systems (Windows, Linux, zOS, F5)
• Familiar with analytic platforms and databases such as MSSQL, Kafka, S3, etc
• Exposure to security concepts (MITRE, Kill-Chain)
• Experience of incident response (triage, classification, investigation, and escalation)
• Financial Services experience and exposure to some but not all; payments, cards, pensions, insurance, markets, trade & settlement, logon customer journeys.
• Solid verbal and written communication skills to discuss and describe the target architecture with stakeholders.

Its great if you have:

• Public cloud (AWS, GCP, Azure) experience
• Knowledge of Extract, Transform & Load (ETL), Disaster Recovery or back-up and restore domains.
• Prior experience working of supporting or remediating resilience issues on assets such as batch, messaging queues, third party data connections, data recovery & backup, data vaulting, data integrity.
• Technical knowledge of FCA, PRA, EBA guidelines on operational resilience.

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.