Information Security Engineer

As an Information Security Engineer at Grouper, you'll play a vital role in shaping and maintaining our information security strategy, policies, controls, and procedures for both Grouper and our clients. Your primary objective will be to enhance the overall security posture of the business by implementing robust security measures and continuously seeking opportunities for improvement. You will also be engaged on client IS requirements.

This role is ideal for someone with experience in collaborating with various stakeholders to understand their business requirements and working closely with IT teams to enhance the security environment.

• Vulnerability Assessment: Conducting thorough assessments of IT systems to identify security weaknesses, evaluating these vulnerabilities, and effectively communicating findings to relevant stakeholders.
• Threat Intelligence: Analyzing diverse sources of threat intelligence, consolidating the analysis, and disseminating the insights to key stakeholders to enhance awareness and preparedness.
• Application and Data Security: Implementing measures to safeguard applications and data, ensuring confidentiality, integrity, and availability are maintained at all times.
• Identity and Access Management: Establishing and maintaining robust access control mechanisms to safeguard systems, defining access privileges, control structures, and resource allocations.
• Incident Resolution and Monitoring: Responsibly handling security incidents and monitoring the IT estate using various monitoring tools to detect and respond to potential threats promptly.
• Security Infrastructure Configuration and Troubleshooting: Configuring and troubleshooting security infrastructure devices such as firewalls, security appliances, and computer systems to ensure optimal functionality and protection.
• Technical Solutions Development: Developing innovative technical solutions and security tools to mitigate vulnerabilities effectively and automate recurring security tasks, enhancing overall security posture.
• Reporting: Generating required reports related to security, including weekly/monthly key performance indicators (KPIs), key risk indicators (KRIs), project updates, and other relevant metrics.
• Continuous Learning and Awareness: Staying abreast of the latest security news, trends, and emerging vulnerabilities, and actively seeking opportunities to enhance knowledge and skills in the field of cybersecurity.

• Deployment and Configuration of Perimeter Defence Mechanisms: Proficiency in deploying and configuring perimeter defence mechanisms to safeguard networks and prevent unauthorised access, ensuring robust protection against external threats.
• Expertise in Microsoft 365 Environments: Extensive knowledge and experience working with Microsoft 365 environments, including Office 365, Azure Active Directory, and associated services, enabling effective management and security of cloud-based platforms.
• MS Endpoint Implementation Experience: Hands-on experience in implementing Microsoft Endpoint, Microsoft's cloud-based service for mobile device management (MDM) and mobile application management (MAM), facilitating secure management of devices and applications across various platforms.
• Strong Knowledge of Checkpoint Technologies: In-depth understanding and proficiency in Checkpoint technologies, including firewall solutions and security management platforms, ensuring effective network security and threat prevention.
• Experience with Vulnerability Management: Familiarity with Vulnerability Management technologies, practices, and procedures, such as Qualys, to identify, assess, prioritise, and remediate security vulnerabilities across IT environments, enhancing overall security posture.
• Technical Proficiency in Windows and Linux Environments: Good technical knowledge and experience working with both Windows and Linux environments, enabling effective management, configuration, and security of systems running on these platforms.

• Good all-around security mindset with a can-do attitude: Ability to approach security challenges with a proactive mindset and a positive attitude, always striving for solutions.
• Knowledge of: NIST, NIS-D2,ISO 27001 ISMS, ISO 27018 PII, ISO 27017 Cloud, NIST Security, ISO 20000 SMS, ISO 9001 QMS, BS 10012 PIMS ISO AWI 27552 Privacy, ISO 29100 Privacy, NIST Federal Privacy, NIS Directive, California Consumer Privacy Act, ISO 14001 EMS, ISO 50001 EMS, ISO 18001 OHSAS, ISO 22301 Business Continuity, BS 31000 Risk Management and simillar.
• Demonstrated Ability to Work Independently: Track record of working autonomously, with the ability to take initiative and drive security initiatives forward without constant supervision.
• Be a Player, Not a Spectator: Take ownership and make things happen. We're seeking individuals who are proactive, engaged, and willing to take ownership of security projects and initiatives.
• Certifications Advantageous: Possession of one or more of the following certifications would be advantageous for the role: CEH, CCSLP, CCSK, SANS GIAC, SSCP, MCSE, MCSA, CISSP, CISA, or CCSP.
• 3+ Years Experience in Information Security: Experience in an information security-related role, with a minimum of three years of hands-on experience in the field.
• Relevant Qualifications: Hold any other relevant qualifications in Computer Science, Cyber Security, or Forensic Computing, providing a strong foundation for understanding and addressing security challenges.

We are our customers' trusted partner in the exciting world of safeguarding data, strengthening cybersecurity, and strategic consulting. We lead the way in ensuring data integrity, securing information, and navigating regulatory compliance with confidence.

With a blend of technical expertise and clever thinking, we redefine GRC and IT strategies, empowering organisations to shine. From wielding cyber-superpowers to mastering security frameworks like ISO 27001:2013 and NIST, we\'re certified wizards ready to chart a course to success, strengthen defenses, and turn challenges into opportunities to excel.

So whether our customers are battling cyber dragons or navigating the tumultuous seas of change, Gruper is their trusted ally on the journey to greatness.

If you're passionate about information security and thrive in a dynamic environment where you can make a meaningful impact, this role could be the perfect fit for you. Join us at Grouper and be a key player in safeguarding ours and our clients' information assets and ensuring the security of organisations.