Cyber Security Engineer
Location: Bristol (Hybrid, One Day a Week)
Are you ready to take the lead in shaping a company’s security and compliance function? A dynamic and ambitious Cyber Security Engineer is needed to join a thriving tech team at an innovative organisation.
About the Role
The Cyber Security Engineer will play a pivotal role in developing and managing security and compliance efforts. Initially, this is a standalone position, with strong support from the VP of Engineering. This role involves maturing security practices across various domains, supporting compliance programs, and influencing a DevSecOps culture.
The organisation prides itself on maintaining an inclusive and collaborative work environment, encouraging skill development and fostering a sense of well-being among its staff.
Key Responsibilities
* ISO 27001 Management: Lead the ISO 27001 program, including evolving policies, gathering control evidence, and managing annual audits with guidance from the VP of Engineering.
* IT Support: Handle IT support tasks such as triaging tickets, managing IT assets, and improving IT systems like Microsoft Entra ID, Microsoft Defender, JAMF Pro, and AWS Security Hub.
* Shift-Left Advocacy: Promote operational changes to embed security practices early in development processes and ensure controls are effective yet seamless.
* Security Awareness: Drive security awareness across all levels, fostering a 'Secure by Design' culture.
* Threat Monitoring: Monitor security logs and alerts, ensuring timely action on vulnerabilities using tools like AWS Security Hub and GuardDuty.
* Risk Management: Enhance the organisation’s security posture by managing risks and improving security controls.
* Customer Support: Assist with customer due diligence by gathering evidence and responding to security-related inquiries.
* Strategic Development: Collaborate with the VP of Engineering to align security strategies with business needs and product goals.
Skills and Experience
This role offers room for professional growth, with support for certifications and hands-on experience. Ideal candidates will possess a blend of the following skills and experiences:
* Knowledge of Governance, Risk, and Compliance, with experience managing security programs like ISO 27001 (or a strong interest in developing this skill).
* A passion for security best practices and the ability to deliver high-impact solutions with minimal friction.
* Data-driven decision-making skills to implement robust security strategies.
* Strong collaboration and communication abilities to drive organisation-wide security awareness.
* Proficiency with IT systems such as Microsoft Entra ID, Microsoft Defender, JAMF Pro, and AWS Security Hub.
* Familiarity with data protection regulations like GDPR and their real-world applications.
* Experience in applying security controls across cloud environments, IT infrastructure, and development processes.
* A background in shaping or contributing to security strategies.
* Relevant certifications (e.g., Security+, CISSP, GICSP, CISM) are advantageous but not essential.
Why Join?
This is more than just a role—it's a chance to grow, collaborate, and influence the security landscape within a forward-thinking organisation. If you’re ready to take on a challenge and make a meaningful impact, apply today!