Security Operations Engineer

Job Description:

The role

As Security Operations Engineer, you will work as part of a growing team of Security Engineers in the management of vulnerabilities from identification through to resolution. You will work closely with IT Operations, Cyber Security and the wider IT teams including line of business teams to ensure vulnerabilities are remediated in a timely manner.

Be a contributor to Operational Security improvements, developing robust resolutions in-line with IT information security and/or Cyber requirements.

The role will require active participation in a technology aligned community focused on continuous service delivery and improvement, along with improving the knowledge and skills of the squad. Engineers will work to improve learning, knowledge, and experience on Davies IT systems and processes.

You will adopt an automation-first, problem focussed mindset, ensuring our security operations are efficient, innovative with a culture for continuous improvement.

Key responsibilities

• Using a vulnerability management platform, assess and add business context to vulnerabilities to determine their priority.
• Scan networks, using vulnerability assessment tools to identify vulnerabilities.
• Test and deploy patches for vulnerabilities within a timely manner.
• Assist Cyber colleagues with the investigation of security-related incidents.
• Update tickets in line with business SLAs
• Adhering to service management principles, provide technical support, acting as escalation point for any issues highlighted to the IT Support Teams, ensuring timely resolution and regular communication.
• Collaborate with Cyber Security and Information Security teams to assist with risk management tasks; Identification and risk assessment of newly identified vulnerabilities.
• Assist internal audit teams with the collection of evidence relating to the Security Operations Team’s function
• Reduce repeat security issues by driving the resolution of problems rather than addressing individual issues 
• Liaising with other business and IT Teams, where necessary to implement permanent fixes and solutions 

Key skills and experience required

• Proven technical hands-on knowledge of the implementation, maintenance, and tuning of security systems and integrating those systems into the enterprise.
• One or more relevant IT security qualifications from a recognised body, such as GIAC GSEC and ISC2 CISSP.
• Experience of Compliance (NIST, GDPR, PCI).
• Knowledge of industry standard vulnerability management concepts and processes.
• Experience with Microsoft and third-party patch management tooling.
• Ability to manage and work on multiple concurrent deliverables at various stages of development and completion.
• Strong problem solving and analytical skills.
• Highly focused customer service approach with excellent interpersonal skills.
• Experience with the Microsoft on premise and cloud platforms.
• Ability to communicate technical information to both technical and non-technical people.
• Management of third-party relationships.
• Strong attention to detail, with excellent communication skills, both written and verbal.
• Flexible and approachable.
• You are self-motivated, result driven and business oriented.
• Willingness to seek out and implement coaching, suggestions, and guidance from others.
• Advanced knowledge of security operations.