Cyber Security Engineer

Cyber Security Engineer| Remote| FT| Perm| Occasional Travel York/London| Salary DOE

We are one of the UK’s leading independent hospital groups and the largest in terms of revenue. From our 39 hospitals and 33 clinics, medical centres and consulting rooms across England, Wales, and Scotland, we provide diagnostics, inpatient, day case and outpatient care in areas including orthopaedics, gynaecology, cardiology, neurology, oncology, and general surgery. We also operate a network of private GPs and provide occupational health services to over 700 corporate clients. We are the principal independent provider by volume of knee and hip operations in the United Kingdom.

The group was founded with the acquisition and re-branding of 25 Bupa hospitals in 2007. Since then, Spire Healthcare has made significant capital investments in its estate and continues to deliver successful and award-winning clinical outcomes and high levels of patient satisfaction.
Spire is listed on the London Stock Exchange and is a member of the FTSE 250. We were the first private hospital provider to publish outcomes data on our website and we have received awards for our clinical quality and high levels of patient satisfaction.

Spire Healthcare is committed to the highest quality of patient care. Working in partnership with over 8,760 experienced consultants, we delivered tailored, personalised care to approximately 926,500 inpatients, outpatients, and day case patients in 2022.Patients, consultants, and general practitioners trust Spire Healthcare to deliver the high-quality care they expect from a leading private healthcare provider.

As a Cyber Security Engineer you will be part of a growing team responsible for the day-to-day operation of the Spire's security infrastructure, monitoring for security events, and responding accordingly. You will help design, implement, monitor and support our IT security toolsets, working on complex issues in a large-scale enterprise hybrid environment. You will work on a mix of BAU and project-based work including multiple Azure related security projects (strong M365 focus), general automation projects and ensuring new applications are deployed securely. This is an exciting time to be joining the Spire as we embark on large scale transformation and IT maturity. 

Key Responsibilities: 

• Help build and mature the Microsoft Security practices within the organisation utilising the Azure M365 application stack and E5 capabilities 
• Evaluate the effectiveness and coverage of security products and tooling to continuously monitor and protect company assets
• Identification, mitigation, and management of security threats, vulnerabilities and risks
• Work closely with Spires managed security operation centre 
• Assess and respond to external threat intelligence reports
• Conducting internal audits of security controls in place developed/supported/ implemented by Spire’s technical infrastructure and development teams
• Support ISO 27001, NIST, Cyber Essentials Plus and other internal and external audit programmes
• Providing support and guidance within IT and the Wider Business to ensure compliance with security policy and standards
• Support the continuous improvement of security policies, procedures, standards and guidelines
• Implement and improve technical processes to create efficient and secure methodologies
• Support the management and investigation of security events including post incident reviews in conjunction with other IT teams and members of the Information Security function
• Develop awareness materials to ensure continuous improvements to the security culture for the organisation
• Research security enhancements and make recommendations
• Stay current on information technology trends and security standards 
   

Key Requirements:

• You will have at least 3 years’ experience in a similar technical IT Security role for a medium to large enterprise, involving a broad range of technology including some of the following: Demonstrable Specific M365 experience is essential: SharePoint Online, Purview, InTune, Defender, Sentinel, Azure AD (Entra)
• Knowledge & understanding of security principles surrounding ▪ SIEM, Antivirus, DLP, Firewalls, Open Source Filtering tools, Cloud security (Azure), EDR, Scanning/vulnerability tools, IdAM (PAM) etc
• Experience working with SOC desirable
• Recognised IT or Information Security qualifications including Cisco, SANS, ISO27001, CCSP, CISA, or SSCP desirable 
• AZ500, SC200, SC900 desirable 
• CEH desirable
• Knowledge of Windows Servers and Linux Servers
• Endpoint and network security technologies
• Knowledge of IT Security and Governance best practices and industry standards, including, but not limited to, ISO27001, NIST, Cyber Essentials etc
• Strong understanding of technical security risk, threat, and vulnerability management principles
• Ability to drive own workload identifying risks and requirements working flexibly where required 
   

Benefits:
We offer employed colleagues a competitive salary as well as a comprehensive benefits package which includes but is not limited to:

• 35 days annual leave inclusive of bank holidays
• Employer and employee contributory pension with flexible retirement options
• ‘Spire for you’ reward platform - discount and cashback for over 1000 retailers
• Free wellness screening
• Private medical insurance
• Life assurance

Spire Healthcare is committed to creating an environment that will attract, retain, and motivate its people. We are an equal opportunities employer, committed to the health and wellbeing of all our colleagues and consultants.
We firmly believe that it is our people that make the business successful, and everyone should have the opportunity to work in a motivated team, free from discrimination on any grounds. We, therefore, are keen to receive and review applications from all candidates of under-represented groups who feel they offer the requisite skills.
 

For us, it's more than just treating patients; it's about looking after people.