Job Title: Junior Cyber Security Engineer
Location: London

DWS Group (DWS) is one of the world’s leading asset managers with EUR 928bn of assets under management (as of 31 December 2021). Building on more than 60 years of experience, it has a reputation for excellence in Germany, Europe, the Americas and Asia. DWS is recognised by clients globally as a trusted source for integrated investment solutions, stability and innovation across a full spectrum of investment disciplines.

We offer individuals and institutions access to our strong investment capabilities across all major asset classes and solutions aligned to growth trends. Our diverse expertise in Active, Passive and Alternatives asset management – as well as our deep environmental, social and governance focus – complement each other when creating targeted solutions for our clients. Our expertise and on-the-ground-knowledge of our economists, research analysts and investment professionals are brought together in one consistent global CIO View, which guides our investment approach strategically.

DWS is transforming and growing its internal information and cyber security team. As the Junior Security Engineer reporting to the DWS Group Head of Security Architecture and Engineering you will be responsible for providing support for implementing and maintaining security platforms and tools to protect sensitive information from hacks or theft.

We are open for candidates in Germany (Frankfurt) and London (UK).

What we’ll offer you:

A healthy, engaged and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That’s why we are committed to providing an environment with your development and wellbeing at its centre. You can expect:

• Competitive salary and non-contributory pension
• 30 days’ holiday plus bank holidays, with the option to purchase additional days
• Life Assurance and Private Healthcare for you and your family
• A range of flexible benefits including Retail Discounts, a Bike4Work scheme and Gym benefits
• The opportunity to support a wide-ranging CSR programme + 2 days’ volunteering leave per year

Your key responsibilities:

• Define, implement, document and maintain security controls for MS Azure and GCP cloud environments (SaaS, IaaS, PaaS)
• Define and maintain policy configurations for Endpoint Protection (EDR, DLP, HIDS) according to DWS policy including whitelists, blacklists, and other policies and rules
• Provide criteria and guidelines for establishing policy exceptions and maintain approved exceptions
• Approval of changes for addition/deletion/modification HIDS signatures in detection and prevention mode
• Define and maintain policy for File Integrity Monitoring according to DWS policy
• Maintain certificate life cycle for external and internal Certificates
• Define and maintain a list of ‘owners’ responsible for issued Certificates
• Work with network scan team to run monthly discovery scans to identify unmanaged key and Certificates
• Act as a SME on SIEM and EDR products (Sentinel, Defender ATP)
• As part of a team participate in 3rd line incident troubleshooting and resolution and 3rd line service request fulfilment
• As required participate in relevant projects and service improvement workstreams whilst supporting technical team members on relevant security technologies
• Ensure that documentation is maintained and updated, in line with JMIT standards and policies

Your skills and experience:

• Degree in Information Systems or Computer Science or related Information Systems or Computer Science
• Previous experience in implementing and deploying security controls in at least one of areas: network security, cloud security, endpoint security, or application security
• Security professional related certification – CISSP, CCSP, OSCP, SANS or equivalent desirable
• In-depth understanding of protective and detective security controls
• Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Knowledge of applications, databases, middleware to address security threats against the same and patch management of toolsets and the technical understanding of troubleshooting issues.
• Proficient in preparation of reports, dashboards and documentation and understanding of use case development and building out controls for security baselines
• Understanding of cybersecurity standards and frameworks e.g., ISO27001, NIST, CIS, OWASP, SANS

How we’ll support you:

• Training and development to help you excel in your career
• Flexible working to assist you balance your personal priorities
• Coaching and support from experts in your team

Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.