Cyber Security Engineer

Accountabilities:
• Help build and mature the Microsoft Security practices within the organisation utilising the Azure M365 application stack and E5 capabilities
• Evaluate the effectiveness and coverage of security products and tooling to continuously monitor and protect company assets
• Identification, mitigation, and management of security threats, vulnerabilities and risks
• Work closely with Spires managed security operation centre
• Assess and respond to external threat intelligence reports
• Conducting internal audits of security controls in place developed/supported/ implemented by Spire’s technical infrastructure and development teams
• Support ISO27001, NIST, Cyber Essentials Plus and other internal and external audit programmes
• Providing support and guidance within IT and the Wider Business to ensure compliance with security policy and standards
• Support the continuous improvement of security policies, procedures, standards and guidelines
• Implement and improve technical processes to create efficient and secure methodologies
• Support the management and investigation of security events including post incident reviews in conjunction with other IT teams and members of the Information Security function
• Develop awareness materials to ensure continuous improvements to the security culture for the organisation
• Research security enhancements and make recommendations
• Stay current on information technology trends and security standards

PERSONAL PROFILE:
Qualifications and Training

• Recognised IT or Information Security qualifications including Cisco, SANS, ISO27001, CCSP, CISA, or SSCP (desirable)
• AZ500, SC200, SC900 (desirable)

• CEH (desirable)
 

Knowledge and Technical Ability
You will have at least 3 years experience in a similar technical IT Security role for a medium to large enterprise, involving a broad range of technology including some of the following:

Demonstrable Specific M365 experience is essential
▪ SharePoint Online, Purview, InTune, Defender, Sentinel, Azure AD (Entra)
o Knowledge & understanding of security principles surrounding SIEM, Antivirus, DLP, Firewalls, Open Source Filtering tools, Cloud security (Azure), EDR, Scanning/vulnerability tools, IdAM (PAM) etc.
o Experience working with SOC desirable
o Knowledge of Windows Servers and Linux Servers
o Endpoint and network security technologies
• Knowledge of IT Security and Governance best practices and industry standards, including, but not limited to, ISO27001, NIST, Cyber Essentials etc
• Strong understanding of technical security risk, threat, and vulnerability management principles
• Ability to drive own workload identifying risks and requirements working flexibly where required

Skills and Behaviours
• Someone intuitive and self-motivating
• Likes to problem solve by researching and investigating better ways of operating utilising the people, processes, and technologies
• Excellent verbal and written communications skills
• Excellent inter-personal skills
• Ability to work accurately and at pace commensurate with a rapidly changing risk environment
• Ability to respond to risks and issues quickly
• An innovative thinker and detail oriented
• Friendly and approachable
• Willingness to learn and undertake formal and informal training should it be required