Embark on your new role as a Cyber Security Engineer with DHU Healthcare!
Location: Derby
What DHU can offer you:
Working Patterns: We recognise that 9-5 doesn't work for everyone, so we have a range of working patterns available to suit your work/life balance. Our friendly team will work with you to find the best fixed pattern for us both.
Competitive salary: £43,742 (Band 7)
Generous annual leave entitlement: Standard 25 days + 8 bank holidays, increasing with service up to 33 days + 8 bank holidays. Pro Rata/ Per Annum
Main duties of the job:
In this role, you will work as part of the Cyber Security Team to ensure that technology, infrastructure, systems, and supporting processes collectively provide appropriate and cost-effective protection against cyber threats and identified security risks. The Cyber Security Engineer will support the Cyber Security Team Leader with ongoing security assessments, incident response, and the implementation of security protocols. You will also play a key role in collaborating with regional and national bodies to ensure compliance with security standards and best practices.
Job responsibilities:
* Lead in the remediation of non-compliance with the DSPT, Cyber Alerts or other accreditations, ensuring appropriate responses to NHSE, Cyber Auditors and any other 3rd parties.
* Provide specialist cyber security advice for multiple security tools, O365, SharePoint, Online platforms, National systems, IT equipment and Medical Device procurement, operational management and life cycling.
* Undertake regular and frequent vulnerability scans, analysing and reviewing any threats and vulnerabilities identified by monitoring systems, and present the options for remediation.
* Work within broad occupational policies, reviewing, inputting and developing new local cyber policies and procedures as a result of legislation changes, best practice and emerging trends.
* Undertake daily security monitoring.
* Research and evaluate emerging Cyber Security threats and ways to manage them, providing reports and/or presentations where appropriate to senior stakeholders.
* Set up automatic threat hunting.
* Undertake root cause analysis and implement preventative measures, suggesting measures for the future to avoid recurrence.
* Liaise with counter fraud services, police and any other external organisations as required when investigating cyber security incidents and always maintain confidentiality.
* Monitor Anti-Virus measures to ensure they remain up to date to protect the Business's network and computers and escalate any issues to the SIRO, should the Business be put at risk of virus threats.
* Assist with ensuring that all new system procurements meet the security requirements of the Business and make recommendations to address any identified gaps or weaknesses.
* Maintain a good technical understanding of complex systems and security issues pertaining to them, including but not limited to, Active Directory, firewalls, remote access systems, hardware, operating systems, applications software, and networking protocols.
* Support with the installation, upgrading, operation, control, maintenance and effective use of all digital security systems.
* Investigate and diagnose complex security problems, working with users, other staff and suppliers as appropriate to maintain the integrity of the Business's digital security.
* Ensure the Business's digital assets are protected from threat and that the business operations they are intended to provide are maintained in line with required service levels.
* Manage the Digital threat assessment and security control reviews, Digital business risk assessments, and reviews that follow significant breaches of security controls.
* Participate in the departmental escalation on-call roster to cover out of hours. Digital operations may require some degree of out-of-hours working, which must be conducted to minimise disruption to services. Digital staff will be expected to be flexible in their work hours to support these activities and will be rewarded in accordance with standard Business policies for time off in lieu and/or overtime.
Person Specification:
Qualifications:
* Educated to degree level, equivalent IT professional qualification, or demonstrable equivalent level of experience.
* Specialist cyber related qualification e.g. Security+, CySa+, PenTest+.
* Knowledge of digital best practice, information security and information governance.
* Experience performing security reviews and risk assessments.
* Experience of managing cyber incidents, response and actions.
* Previous experience of project and change management skills and/or techniques.
* Certified Ethical Hacker.
* ITIL Foundation.
* Broad working knowledge of current practices and issues in the cyber field.
* Knowledge of common technologies such as Windows OS, email infrastructure, datacentres, and network administration.
* Ability to convey often highly complex technical/digital/cyber issues to a non-technical audience.
* Able to act as a change agent.
* Commitment to maintaining up to date knowledge of the appropriate regulations to enable adherence and to implement new regulations as required.
* Right to work in the UK.
Apply For Job
#J-18808-Ljbffr