Security Engineer

Management Level

• Lead in developing and maintaining a Security Technology Framework and Roadmap, jointly with the Group IT Technical Architecture team, for agreement and endorsement by the CISO and the Group Chief Technology Officer (CTO).
• Identify efficient and cost-effective solutions for the security mechanisms highlighted by the Technology Framework and Roadmap and by demands arising from business-driven application development.
• Within the Technology Framework and Roadmap:
  • Identify, evaluate and recommend standard security products as potential security solutions.
  • Specify, document and publish standard secure configurations for general IT platforms that will provide generic security solutions within the Company’s infrastructure.
  • Develop and document designs for bespoke standard security components that deliver re-usable security functionality.
  • Liaise closely with Group IT infrastructure operations and development teams to support the implementation of the standard security solutions.
  • Prepare standard security products and standard bespoke security solutions in a form that is easier for systems development teams to re-use across projects and systems, thus ensuring the right security mechanisms is implemented in a cost-effective manner; this would not include the coding or building of a standard solutions, but rather the facilitation of the use of existing solutions.
• Provide advice to development project teams on the incorporation of standard security solutions into project code or infrastructure, to meet specific security requirements, as derived from Policy, through Threat Modelling or the Risk Process.
• Identify gaps now and in future in line with the Security Technology Framework and Roadmap, and assist the Head of Security Architecture & Engineering in producing business cases to fund the implementation of technologies and processes to fill the gaps through investment.
• Act as the Technical Design Authority for the implementation of standard security solutions, providing ad hoc consultancy advice to systems and infrastructure development projects.
• Effectively and efficiently guide the implementation of new or changed, enterprise-wide security processes and technologies, funded through investment, as the Technology Framework and Roadmap requires.
• From time to time, lead additional project-specific activity, funded by investment to implement transformation change in security processes and technologies in pursuit of the Security Technology Framework and Roadmap. Additional contingent resources will likely be obtained to support this work.
• Organise and steer the performance of pre-production application level testing of security mechanisms; this would normally involve the use of external testing resources, providing a degree of independent assurance that the identified security requirements have been fulfilled and that the engineered mechanisms function correctly to specification.
• Liaise with the Security Operations team to ensure that suitable operational security guidelines are developed for new applications in a timely manner.
• Provide education and advice to the systems development community on secure development practices, using existing and new information-sharing initiatives; coordinate these awareness-raising efforts with the broader Security Awareness campaign(s).

We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks.