urgent

Cybersecurity Engineer | Cyber Security Jobs Edinburgh, UK

Full time Permanent in Cyber Security Engineer
  • Post Date : February 23, 2022
  • Salary: $4,081.00 - $6,082.00 / Monthly
  • 1 Click(s)
  • View(s) 47
Email Job
  • Share:

Job Detail

  • Offered Salary 1000
  • Experience 3 Years
  • Gender Male
  • Industry software-and-internet-services
  • Qualifications computer-science

Job Description

Security Operations
Overview of Department

As Baillie Gifford are a global firm some out of hours working may be required to meet the needs of the business.

Purpose of Role

Information Systems is the largest department within Baillie Gifford and sits at the core of the business. We aim to enable the rest of the business and deliver the applications and platforms in a secure, resilient and performant manner to all our users globally. The department has three areas of specialisation, Infrastructure, Application Delivery and Architecture & App Platforms.

Security Integrations Team

The Security Integrations team is a new team that sits within the Technology Service & Delivery side of Information Systems. It works closely with Application Delivery, Architecture & App Platforms, and Information Assurance. The team is responsible for ensuring that security technology is operating as expected and ensuring that security subject-matter-expertise and security oversight are available to other teams within the organisation. In addition, they assist in defining security best practices in our cloud and on-premises IT environments and ensuring that the other teams and product owners adhere to our security standards.

The Security Integrations Team is responsible for managing the technical cybersecurity posture of Baillie Gifford’s technology estate. The Team stands between Baillie Gifford’s cybersecurity strategy and Baillie Gifford’s infrastructure and applications teams, ensuring the technology estate aligns with the cybersecurity strategy and does not expose us to unacceptable levels of cyber-risk. The Team achieves this by guiding, challenging, and assessing preventative and detective controls within the technology estate.

You will play a part in our Security Integrations Team, responsible for managing the technical cybersecurity posture of Baillie Gifford’s technology estate.

This will involve contributing to technology projects by providing expertise and advising on implementing cybersecurity best practices. It will require technical cybersecurity knowledge and understanding of risk and modern information technology systems.

You will work closely with infrastructure and application development teams to develop technical cybersecurity standards and implement guardrails to ensure those standards have been adhered to. This will involve understanding business processes, the technologies we use, and how these technologies may expose us to additional cybersecurity risks.

To ensure the effectiveness of Baillie Gifford’s cybersecurity controls, you will work with the CSOC and technology teams to emulate adversary behaviours (Atomic Red Teaming, Breach and Attack Simulation, and coordinating Penetration Testing) as well as manage the implementation of improvements so we may have confidence in our prevention and detection capabilities.

As part of the Security Integrations team, you will also implement ways to continuously monitor the preventative and detective controls across our estate and report our defensive capability to our CISO team, helping to inform our cybersecurity strategy.
Responsibilities

The duties of the role will incude the following activities:

  • Defining, measuring and ensuring the delivery of cybersecurity objectives in major technology projects
  • Measuring the effectiveness of our defences by using atomic red teaming, breach and attack simulations, and coordinating penetration tests
  • Liaising closely with the Development Operations and Platforms teams to ensure cybersecurity standards for virtual, containerised and cloud-based platforms are defined and met using tools like Palo Alto Prisma Cloud, Microsoft Acting as a defender for Cloud, AWS GuardDuty etc
  • Working with the Application Development department to ensure vulnerabilities are tracked and remediated throughout the development pipeline into production
  • Working with the Infrastructure teams to ensure technology is implemented specifically to mitigate the threats posed to Baillie Gifford from pertinent threat actors
  • Monitoring, assessing and reporting on the implementation of cybersecurity controls across the technology estate
  • Contributing to Baillie Gifford’s cybersecurity strategy and ensure its uptake throughout the business
  • Supporting the CSOC in cybersecurity incident response
  • Consulting with staff and assist Service Desk to address security in all elements of cyber-related process
  • Liaising as security subject matter experts to our Third-Party Oversight team, in relation to vendor management
  • Contributing to the process of regular surveillance audits and meetings for ISO27001 certification
  • Assessing the marketplace of security related products and recommend the relevant ones for adoption within the firm
  • Maintaining relationships with senior members of staff, key vendors, and user group members to ensure an appropriate level of security is achieved.

Knowledge, Skills and Experience: –
Qualifications: –

  • Cybersecurity related qualifications (CISSP, CISM, GSEC) (Desirable)
  • Architectural related qualifications (SABSA, CRTSA, GDSA) (Desirable)
  • Cloud Security related qualifications (Microsoft Azure Security Technologies, AWS Security Specialty) (Desirable)
  • MITRE ATT&CK related qualifications (ATT&CK Cyber Threat Intelligence or Security Operations Center Assessment) (Desirable)

Experience and Knowledge: –

  • Understanding across information security and cybersecurity
  • Understanding of Financial Services cybersecurity threat landscape
  • Experience of threat modeling and MITRE ATT&CK
  • Foundational understanding of risk management
  • Understanding of end-user & device security, including endpoint protection and device management
  • Good understanding of cloud security (Azure, AWS, OCI) and CIS Foundation Benchmarks

Desirable

  • Knowledge of network security (including firewalls and micro segmentation), email security and vulnerability management
  • Passion for technology, self-development and cybersecurity

Abilities and Skills: –

  • Self-motivated with a desire to develop
  • Ability to work alone, as well as collaboratively and to build stakeholder relationships
  • Sense of ownership and responsibility
  • Strong communication skills
  • Technical aptitude

Competencies (not limited to): –

  • Team Working
  • Communication
  • Technical Competence
  • Business Understanding
  • Relationship Building

Closing Date

March 8, 2022
At Baillie Gifford we are committed to fostering an inclusive and respectful culture in which each of our colleagues can thrive and develop. We believe that our clients are best served by a diverse workforce with the experiences, ideas and perspectives that this brings.

If you are a currently working at Baillie Gifford as an employee or contractor please apply to this job from the firm’s Workday internal career site.

Job Type: Full-time

Other jobs you may like