Principal Cyber Security Engineer (Remote)
- Full Time
Principal Cyber Security Engineer / Cyber Security Engineering Lead (Remote)
PE Global are seeking to identify a Principal Cyber Security Engineer / Cyber Security Engineering Lead to join one of our highly sophisticated specialist fintech clients for a number of locations. This is an award-winning innovative company constantly evolving their market-leading technology platform developed 100% in-house and used by some of the world largest organisations across multiple sectors and 100+ countries. With multiple offices and development hubs globally,
How the team work:
This is a world class multinational hybrid technical team that works on varied projects in a fast paced, agile/scrum environment producing high web and mobile applications for clients across multiple countries, currencies and languages using the latest technologies and with an aim to keep all team members up-to-date with new technology releases as their platform is continuously evolving with new products/features. Their clients are extremely large global enterprise business’s
Each member of the team is encouraged to contribute creatively to solve complex problems and all ideas are welcomed, considered and acknowledged.
The role / The need:
With the ever changing landscape of the Fintech space, there is a need to appoint an ambitious and experienced security expert capable of taking responsibility for the global digital security who understands the Risk Acceptance profile of a large Financial entity. The team requires a talented professional to support their organisation on all things security and maintain internal and external awareness of all aspects of cyber security associated with the business. The company is currently experiencing rapid growth with a need to double the size of their technical as they roll out new products, maintain existing platform and welcome additional new clients with complex need to their client portfolio.
The role requires experience to undertake some of the following responsibilities:
- Develop, maintain and enforce key security policies.
- Maintain and improve infrastructure and tools in place to ensure highest security standards
- Ensure Cyber Security Risk Register is always up to date, accurate, exhaustive and concise
- Build, maintain and drive implementation of world class Cyber Security Roadmap
- Work closely with compliance department to ensure we meet necessary regulatory obligations
- Assist in the completion of security questionnaires
- Manage and lead Security Audits and Assurance Visits (GDPR, Cyber Security)
- Assist presales with the security part of RFIs/RFQs/RFPs
- Work with third party penetration testing organisation to complete annual penetration tests
- Working in the role of Product Owner for a Scrum team to deliver best-in-class security for web/mobile applications
- Provide training to IT teams and wider company on security best practices
- Update SSAE16 controls from IT standpoint and work with auditors during annual review
- Assess, advise and help implement appropriate information security frameworks (ISO 27001/2, SOC 2, NIST, ISF)
- Ensure data protection best practices are GDPR compliant
- Set up and review automated Infrastructure security scans and ensure vulnerabilities are addressed in a timely manner
- Perform security due diligence on third party vendors
- Advise and assist development teams regarding security best practices. This will be aided by Static Application Security Testing (SAST) tools and penetration testing results
- Develop and maintain Security training programmes (e.g. Phishing awareness), including follow up testing, with assistance from with Learning & Development department
- Identify security gaps or weaknesses and provide recommendations on how these can be resolved
- Review and/or perform Proof of Concept of Cyber Security tools/solutions and make recommendations based on best practice, risk, price, etc.. For example SAST, DAST, SIEM, …
- Develop and roll out Application Security Training for Delivery Team (Devs + QA)
What the team looks for:
- Passion of IT and security in particular
- Degree in computer science, mathematics or a related technical field (or equivalent by experience)
- A relevant period of experience dedicated to the field of cyber security
- Strong knowledge of the current cyber security landscape
- Experience within the Financial Services sector
Some of the following would be a great add:
- Knowledge of Azure Hosting
- Knowledge of the Microsoft SDL
- Experience in software delivery using a Agile Scrum methodology is an advantage
- Experience with software development tools would be advantageous
- Knowledge of OWASP coding standards
- Experience is managing Intrusion Detection Systems (IDS) automated scanning
- Knowledge / Experience in Security Information and Event Management ( SIEM ) technologies
- Knowledge / Experience in Office 365 security and compliance features
- Knowledge / Experience of the OWASP Application Security Verification Standard (ASVS) Project
- Passive knowledge of MS.Net (ie can read & understand the code)
- Competitive Salary with additional bonus, equity and benefits.
- Opportunities to work remotely And/Or join one of the technical hubs located across Europe.
- Personal development plans, further education, certification support and employee assistance programs.
- Flex working, onsite gyms, active social clubs with multiple events, fully stocked facilities, latest hardware set up, casual dress codes.
- Opportunity to travel or relocate with the company to other locations.
- Where applicable full visa sponsorship and relocation support
- Inclusive open working environment, encouraging and taking on new ideas from the team