Senior Cyber Security Engineer

My client is a leading UK-based consulting and administration business and their Cyber Security division is growing and are seeking an experienced and dynamic Senior Cyber Security Engineer to join their team.

This role is ideal for someone with experience in web application security, web application firewalls, vulnerability management, and penetration testing. Experience working with cloud hosting providers, managing application security testing, and collaborating with system owners and developers to improve security is highly desirable.

Their Cyber Security team consists of internal engineers, operations analysts, and an external 24/7 Security Operations Centre. The Senior Cyber Security Engineer will work closely with the Head of Cyber Security and collaborate with other Senior Engineers to implement effective security solutions and strengthen existing systems.

Role

As a Senior Cyber Security Engineer, you will:

• Utilize your technical expertise to continuously analyse and recommend effective security controls, system hardening, and security improvement projects.
• Lead application/web hosting security efforts, assisting IT and development teams with patching and security fixes.
• Manage vulnerability analysis and penetration testing, ensuring timely and risk-assessed implementation.
• Perform cyber security engineering tasks using best-practice service management (ITIL) while adhering to the company’s values.
• Develop an understanding of evolving threats, risks, and vulnerabilities.
• Assist the Operations team with security incident investigations in complex environments.
• Work to defined SLAs and KPIs, representing Information Security at IT meetings.
• Contribute to security training, awareness campaigns, and market reviews for security solutions.

Responsibilities

• Strong communication skills with the ability to create and maintain network diagrams.
• Experienced with security products, including Web Application Firewalls, access control, SIEM, firewalls, load balancers, TCP/IP, routing, and switching.
• Knowledge of security initiatives such as OWASP standards, zero-trust, and risk-based vulnerability management.
• Background in infrastructure/networks to support security initiatives.
• Strong understanding of Security Infrastructure design, IT security best practices, and common IT protocols.
• Qualifications in Information Security (e.g., CISSP, SANS GCIA, CompTIA Security+, CCNA/CCNP) or equivalent.
• Knowledge of ISO27001, Cyber Essentials, and AAF control frameworks.