Systems & Security Engineer

Reporting to the Executive Technical Manager, the Systems & Security Engineer is responsible for supporting the development platform, cloud operations, and secure administration of endpoint assets within the SIG UK division.

The objective of this job role is to ensure that the BAU functions of SIG UK are conducted in accordance with global IT policy and in respect of the compliance standards to which SIG UK operate.

This would include being an interface with global IT and Infosec expert teams, supporting the Azure VPC operations of SIG UK, undertaking SecOps workstreams, lifecycle management of SIG UK endpoint assets, and being a trusted source of knowledge in respect of IT operations.

OPERATING LEVELS

The role would broadly align to the following skills areas and levels of the SFIA 9 framework.

RESPONSIBILITIES

• Enforce – and where necessary establish/evolve – the baseline standards and practices used within the SIG UK (MS Azure) VPC.

• Provide assurance to the SIG UK Asset Management process (of both physical and virtual assets), evidencing the same at internal and external compliance audit.

• Identify, triage, and remediate Vulnerabilities in the SIG UK operating environment.

• Engage with technical stakeholders to capture SIG UK requirements in respect of the selection, implementation, and operation of enterprise tooling.

• Represent SIG UK business’ interests in organisational strategic initiatives as needed.

• Undertake a CPD curriculum and achieve (or retain) certifications commensurate to the role, and according to business requirements.

• Provide ancillary support to the SIG UK userbase as required, being an interface if required, between user and the corporate IT and Infosec functions.

• Support tactical plans as a trusted advisor regarding enterprise and public cloud technology.

• Advocate the compliant implementation and use of Hexagon technology throughout SIG UK.

• Contribute to the internal and external audit process as needed; substantiating, articulating, and evolving our documentation in support of ISO27001 and Cyber Essentials+.

Requirements

Must be able to demonstrate applied ability in the following:

• Microsoft Entra/AD in a hybrid model.

• Microsoft InTune/Group-Policy.

• Microsoft Windows Defender EDR.

• Microsoft Windows OS,

• Microsoft Azure VPC (Particularly VM, Virtual networks, Application Gateway).

• SQL Server/T-SQL/Azure SQL.

• Core networking (DNS, IPv4, TCP/IP).

• Role-Based and Discretionary Access Controls.

• CVE+CVSS based Vulnerability Management processes.

• Must be able to obtain security clearance

• Commutable from home to Swindon office

• IT degree/certification advantageous but not essential.

Desirable experience or conceptual understanding of the following:

•  Tenable/Nessus or other vulnerability management tooling.

• Asset Management techniques/tooling such as OctoSAM.

• PIM/PAM tooling, such as Beyond Trust.

• IDaaS/Federated Identity architectures/processes.

• Information Security standards (ISO27001, Cyber Essentials, CSA CCM).

• Any Linux within the Redhat family.

• Oracle Database/PL-SQL.

• Kubernetes (Helm, AKS/EKS/GKE)

• Docker (ACS, ACR, ACI)

• Virtual Private Networks

• Virtual LANs and Network Access Controls.

• Administration of PKI and/or X509 operations.

Personal Characteristics:

• A methodical and pragmatic problem solver.

• An effective communicator, able to explain complexity to a variety of audiences.

• Proactive in their approach; able to work autonomously if needed.

• Resilient, and able to face into challenges; Naturally inquisitive and enjoys learning.

We Offer You

• 25 days Company Holiday

• Hybrid Working

• Life cover 4x salary

• PHI Insurance

• Company pension

• Achievement and Service awards

• Free Parking