Cloud Security Engineer required for global blue-chip. The Cloud Security Engineer is a mission critical hire and the successful candidate will be an SME in Cloud Security with responsibilities that include implementation of Cloud security controls to protect key Infrastructure for multiple cloud platforms including Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform.

The Cloud Security Engineer will also Implement and configure best of breed security tools for Cloud ecosystems, including Anti-Malware, Encryption, Proxy, NGFW and WAF to cloud specific tool sets like container and serverless security.

Working in collaboration with teams across the company, The Cloud Security Engineer will embed modern automation and orchestration techniques; utilizing DevSecOps concepts to deliver highly secure, resilient, scalable and efficient solutions while playing a lead role in researching new and emerging Cloud and Cybersecurity solutions to solve client challenges.

The Cloud Security Engineer will come with the following skills ; Azure/AWS Architecture experience with the appropriate vendor certification, Experience with one or more general purpose programming languages including but not limited to: AWS CLI, Bash, Java, C/C++, C#, Objective C, Python, JavaScript, Knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security ,Understanding of networking and core Internet Protocols such as TCP/IP

The successful candidate will come with 5 + years’ experience securing cloud software, platforms and/or infrastructure as an architect or engineer and my client welcomes recognised and relevant certifications such as CISSP, CISM, CCSP, AWS, Google, Azure, etc.

More information about this fantastic opportunity please contact Neil Morgan at McGregor Boyall.

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Application Security Remediation Manager – Secure by Design

We have an excellent opportunity available to be part of our client’s Cyber Security Technology Risk team. You will own AppSec Technical Remediation and engage with teams to promote security awareness, encourage a defensive mindset, influence their processes and priorities and provide expert security guidance.

You will also have a stake in helping build robust and secure solutions that scale to the needs of professionals that depend on our client’s products daily.

This is more of a “hands-off” role in terms of development, however strong technical knowledge is required.

Key Responsibilities:

• Work in a fast-paced development environment and partner with engineering and product teams to ensure that new product feature development adheres to security best practices.
• Conduct regular security reviews of both software and processes.
• Review and create threat models.
• Build and own Technical Remediation plans
• Identify common themes so that the business can start initiatives to remediate
• Coordinate remediation of any application security weaknesses uncovered.
• Promote the use of automation tools to assist manual reviews in identifying issues. Promote security training and awareness in the organization.
• Pull results from penetration testing and interact with penetration testers and other external vendors to validate that security controls work as expected.

Required Expertise/Experience:

• Recent experience or background in application security
• Experience in the software development lifecycle
• Full understanding of remediation logging, planning and ongoing activities
• Full understanding of web stack, web security and common vulnerabilities.
• Experience facilitating code reviews or tool development.
• Very strong knowledge in security with respect to web development and enterprise app development.
• Good understanding of cloud technologies (SaaS, PaaS, IaaS).
• Experience with automation tools and deployments.

Application Security Remediation Manager – Secure by Design

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

IT Security & Pre-sales Consultant

We have an exciting opportunity to join our client in Basingstoke as an IT Security & Pre-sales Consultant, to support the sales and delivery processes across a range of security technologies.

Responsibilities

• Provide pre-sales assistance to our Southern team of Account Managers; attend customer facing meetings in a technical capacity; understand the security product portfolio and be capable of advising, scoping and deploying key technologies within it.
• Undertaking webinars, conference calls and meetings, presenting the solutions on offer.
• Successful candidates will have excellent awareness of the cyber security industry; be able to demonstrate knowledge with relevant certifications where appropriate for solutions including;
  • Firewall technology
  • Vulnerability management
  • Content security
  • SIEM solutions
  • Authentication solutions
  • Network
  • Cloud
  • Endpoint security technologies

Experience Required

• Excellent TCP/IP networking skills
• A working knowledge of the Unix Operating System
• An understanding of other Operating Systems and platforms such as Microsoft, iOS and Virtual infrastructures
• A working knowledge of Check Point solutions
• A working knowledge of Tenable (or other) Vulnerability Management solutions such as Nessus.
• Knowledge and appropriate certifications on any of the following technologies: firewalls, IDS, content security solutions, proxies, SEIM
• Check Point; CCSA/CCSE certifications would be preferable

IT Security & Pre-sales Consultant

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Senior Security Analyst – SOC – Permanent

We have an exciting opportunity for an experience SOC Analyst to join our client as a Senior Security Analyst, based in a state-of-the-art Security Operations Centre in Glasgow.

Overview

Act as a point of escalation for security events and incidents, establishing the threat and risks associated with the event. Additionally, aid with the overall maturity of the SOC, including the administration and maintenance of the SOC tools.

Key responsibilities include;

• Monitoring and responding to security alerts generated by technologies such as SIEM, IDS and NGFW’s within a given SLA, performing triage, in-depth analysis and investigation
• Mitigate, resolve or escalate security incidents
• Tuning security tools to reduce false positives
• On-boarding and off-boarding customers
• Producing MI reports for customers and the SOC manager
• Building security policies and security use cases
• Creating, reviewing and updating documentation
• Helping with the maintenance of open, collaborative, team focused, can do culture within the SOC
• Writing shell scripts to automate remediation actions

Experience Required;

• An advanced knowledge of common attack vectors and how to detect them as well as defend against them
• In-depth knowledge of SIEM or Security Monitoring
• An advanced understanding of event logging within Windows and *nix environments
• Excellent TCP/IP networking skills
• Advanced knowledge of the Windows Operating system
• A good understanding of other Operating Systems and platforms such as *nix, iOS and Virtual infrastructures
• A working knowledge of Tenable (or other) Vulnerability Management solutions
• Knowledge and appropriate certifications on any of the following technologies: firewalls, IDS, content security solutions, proxies, SEIM

Senior Security Analyst – SOC – Permanent

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Information Security & Business Continuity Manager – Permanent

We are searching for an InfoSec and Business Continuity Manager to work with our client in Liverpool. In this role. You will be responsible for the management and maintenance of the Information Security ISO certificate and Business Continuity frameworks.

Day to day, you will be creating, implementing and maintaining the necessary policies and procedures required to protect the business, employees and other stakeholders from the loss, misuse, corruption or unacceptable disclosure of information and or serious business continuity incidents.

Key responsibilities

• Responsible for the Information Security and Business Continuity (IS&BC) data and information frameworks, creating the necessary policies, procedures and controls.
• Responsible for short and long term IS&BC planning, ensuring they are effectively implemented to the required standards
• Retain and develop the firm’s ISO certification status
• Responsible for managing all non-conformances from ISO audits
• Manage, log and report on IS&BC breaches incidents, developing and implementing solutions to minimise future repeats
• Scope, schedule and audit our current IS&BC processes, identifying potential risks and report on exposures and make recommendations for improvement
• Responsible for conducting audits of suppliers and vendors
• Manage the Business Continuity process if it were to be invoked
• Manage testing of the Business Continuity Plan
• Liaise with key stakeholders to gain an understanding of their IS&BC requirements
• Manage contractors and suppliers involved in the IS&BC processes
• Responsible for cost centre budgeting and spend for IS&BC

Essential skills

• Proven background in Information Security and Business Continuity management
• Proven experience of Risk and Incident Management
• Thorough and demonstrable knowledge of Information Security & Business Continuity threats, processes, protection methods, etc.
• Experienced in leading on ISO27001-6 and ISO22301 frameworks standards
• Excellent communication and networking skills
• Ability to explain technical issues to a wide audience
• CISM Qualification
• Knowledge of current statutory and regulatory requirements relating to information security and business continuity essential

Information Security & Business Continuity Manager – Permanent

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Senior Risk Assessment Consultant – Cybersecurity – Permanent

We are currently seeking an experienced individual to join the Risk Assessment team in Sheffield.

This role is responsible for conducting risk assessments and providing cloud security consultancy within the Risk Assessment team. You will operate as part of a global team within the Cybersecurity organisation, leading activities to analyse and execute activities around Cybersecurity process, controls, standards and regulatory requirements.

Responsabilities

• Review design and development artefacts to ensure security quality in the products being developed.
• Risk assess Critical Assets for potential security threats and report findings to IT Service Owners and the Business.
• Identify risks associated with hosting applications on a Cloud environment.
• Support peers and provide guidance to more junior members of the team.
• Present and articulate risks to Stakeholders.
• Be "hands on" with technology and contribute to the security design, development and support of projects with security recommendations.

Essential skills

To be successful in this role you will need to have:

• An excellent understanding of general security concepts and principles as well as a good understanding of applications design and architecture
• Risk assessment experience with knowledge of Threat Modelling and assessing the impact and likelihood of threat scenarios
• Understanding of emerging technologies and corresponding security threats
• Problem-solving and analytical skills
• Experience of Cybersecurity best practices, risk assessment and/or security testing/ethical hacking
• Experience with Cloud platforms - AWS, Microsoft Azure, Google Cloud Platform etc…

Senior Risk Assessment Consultant – Cybersecurity – Permanent

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

IT Security Architect – Permanent – Canary Wharf

An exciting opportunity has arisen for a highly experienced Security Architect to join our client’s security team in Canary Wharf on a permanent basis. The business in question operates in a niche area of the Financial Services industry and absolutely dominate their market.

Responsibilities

• As part of the IT Security team, develop and implement the regional security strategy.
• Evaluate, design and implement new technology and processes to help protect the group, whilst adopting a risk-based design methodology.
• Evolve security architecture and solution principles to support business projects.
• Oversee design principles and controls relating to 3rd party solution providers.
• Ratify control decisions and technical controls.
• Research new security related products and services to ensure that the business is equipped with appropriate industry tools and solutions.
• Promote security awareness throughout the business.
• Conduct security risk assessments for projects (including 3rd parties).

Requirements

• Sound knowledge of enterprise security concepts, frameworks and products.
• Experience of working in financial services sector (especially banking) and knowledge of the security requirements for this sector and associated standards and frameworks.
• Extensive experience of enterprise security solutions and best practice controls for infrastructure and application architectures.
• Technical security implementation and analysis experience in a first-class international business.
• Prior relevant experience gained in a security project/consultancy/infrastructure/architect orientated role.
• Experience with intelligence gathering regarding security threats.
• Experience of conducting risk assessments using best practice risk management methodologies.
• Cost effective approach to safeguarding the integrity, availability and confidentiality of data and risk mitigation.

IT Security Architect – Permanent – Canary Wharf

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

GRC Specialist – Canary Wharf – Permanent

Job overview

We are partnered with a well-established, highly regulated and world class FX business based in Canary Wharf, who are looking for several GRC specialists to bolster the existing team and help manage the Governance Risk and Compliance function of the company.

You will be working for a business that truly understands and prioritises Information Security, offers excellent financial compensation and provides outstanding career progression. Certainly a “career boosting” name to add to your CV.

Responsibilities

• Lead and support the Security response to regulatory deliverables, including examinations, continuous monitoring sessions, and responses to regulatory correspondence.
• Serve as a Security liaison to the Regulatory Affairs division; translate relevant directives, guidance, and rules into actionable data for the CISO and wider Information Security team.
• Serve as the accountable individual for Internal Audit deliverables
• Prepare and deliver Security briefings for Security teams, the CISO, the Executive Management Committee and the Board.

Requirements

• Extensive experience in a similar role
• Experience working in a highly regulated and complex environment
• Strong work ethic with focus on meeting deadlines and objectives
• Ability to manage company wide, strategic projects
• Strong verbal and written communication skills. Ability to communicate effectively and confidently with users, team members, and management
• Strong analytical, strategic thinking and problem-solving skills, including a thorough understanding of how to interpret business needs and translate them into application and operational requirements
• Strong skills working with MS Excel, MS Project, MS Word, MS Power Point

GRC Specialist – Canary Wharf – Permanent

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Lead SIEM Engineer – Permanent – QRadar – Resilient – Nottingham

We are searching for a lead SIEM Engineer to work with our market-dominating client’s QRadar platform. This role is based in Nottingham and is a really great opportunity to elevate your career in a lead / hands-on managerial position.

Responsibilities

• Responsible for the monitoring and stability of the SIEM platform
• Develop integration and automation solutions to extend the capability of IBM QRadar and Resilient
• Gather use case requirements and develop solutions for the cyber threat detection team
• Remediate ongoing and new SIEM Application defects / process failures
• Facilitation of SIEM Change Requests (upgrades, tuning, break fixes etc.)
• Onboard new application and platform logs via syslog, endpoint agents, and APIs
• Build and maintain operational documentation to support SIEM platform
• Serve as the lead SIEM Engineer while mentoring and developing junior members of the team

Essential Requirements

• Strong experience with IBM QRadar in an engineering/consultative capacity
• Demonstrable QRadar integration and application development skills using the App SDK and RestAPI
• Proficient in development and maintenance of Python script language (v2.7 and v3.x)
• Strong Linux/UNIX and/or Windows administration skills
• Good understanding of network transport protocols and services (TCP/IP, Syslog, ODBC, SFTP, SSH, PKI, etc.)
• Good understanding of the MITRE ATT&CK framework
• Experience handling multiple projects, deadlines, and resources with minimal supervision
• Possess excellent written, verbal communication skills and attention to detail
• Occasional travel including international travel may be required (team meetings, training, etc.) up to 15% of the time.

Desirable Requirements

• Experience in BASH, Ruby, Perl, PowerShell script languages
• Experience with administration and integration/automation of IBM Resilient
• Experience with SOAR or similar automation/orchestration technologies
• Experience working as a member of a geographically diverse team
• SANS, Microsoft, Linux, Networking, or Security certifications

Lead SIEM Engineer – Permanent – QRadar – Resilient – Nottingham

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.

Cyber Security Project Manager required for leading, global name in financial services.

The Cyber Security Project Manager will work within the Cyber Resilience Enhancements team which has specific focus on Security Tooling & Information Security Processes and Policies for the organisation.

The Cyber Security Project Manager will have a minimum of 2 years’ experience managing the full lifecycle of projects covering Identity and Access Management, Privileged Access Management, Security Incident and Event Monitoring and Security Governance tooling, preferably within a financial institution, or Information Technology services provider. Any additional experience and knowledge around Information Security, Governance , Risk & Compliance is strongly desired.

My client will also welcome experience in IT Security technology, tooling, controls frameworks and best practice along with a working knowledge of IT Security frameworks (E.G. NIST) and experience of using structured methodologies (e.g. Prince2, ITIL, PMI, APM, Lean/Six Sigma).

The Cyber Security Project Manager will works closely with Solutions Architects , Security Engineers, and other Operational and Product Management teams to ensure all services are delivered successfully. They will come with first class communication skills coupled with the ability to build strong stakeholder relationships across the business.

Applications from candidates with a IT security or business management related degree are welcomed.

For more information and a more detailed job spec please contact Neil Morgan at McGregor Boyall

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.