Role: 100% / or Hybrid Nottingham Senior Security Engineer (SecOps) - Crica 65k Bonus Benefits This Fintech SecOps team is responsible for building and maintaining some of the most innovative and secure infrastructure on the planet. In order to deliver their products and services the security architecture needs to be absolutely top class and it absolutely is! You will join a team and become quickly embedded in security technologies, projects and initiatives that will drive rapid change and innovation. Working with a bunch of incredible people, you’ll be required to learn quickly as you embark on design, maintainence, monitoring, and improving information security controls in line with the company’s security risk and appetite. This is an outstanding opportunity for an ambitious and experienced Infrastructure Engineer that wants to now ‘major’ in SecOps, and move away from mainstream infrastructure engineering into a pure security engineering role. Responsibilities: Key Responsibilities and Accountabilities Implement/manage/monitor security tools ensuring that devices, services, and users remain compliant with security policy Helping to manage/maintain our ISMS ensuring we remain ISO certified Triage and investigate security events and incidents Define policy, process, and best practices for application & infrastructure security Work with squads across the business to understand how they do things and build security solutions that fit with their processes Identify and assess security risks across all IT systems and infrastructure, and be a key contributor to the Information Security risk register Review supply-chain risk assessments Aid in the audit and due diligence cycle in relation to information security controls and capability, both internally and externally Train and mentor more junior members of the Security Operations team KPIs & Deliverables List all expected outputs and deliverables for the role Implement zero-trust principles across the business Contribute to maintaining ISO 27001 certification Scalable and cost-effective solutions which improve the security Clearly documented standards and procedures for ensuring a high level of security Regular reporting on the effectiveness of security controls in place Skills Technical Skills Experience implementing security/compliance controls in Microsoft 365 and Azure Experience analysing security logs using Azure Sentinel/Log Analytics Familiarity with Security models & practices Familiarity with Cloud Platforms & frameworks (GCP, Kubernetes, Azure) Understanding of ISO27001,27002 and/or NIST Cybersecurity Framework and how to practically apply the standards across the business effectively Coding/scripting skills, especially PowerShell, KQL, .NET C# More technologies you’ll use in this role. Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) Microsoft Defender for Cloud Apps Microsoft Defender for Endpoint Microsoft Defender ATP Microsoft Defender Security Center Azure Sentinel Log Analytics Azure Security Center Just-in-time (JIT) virtual machine access Remote Desktop Services (RDS) Azure AD Identity Protection Azure AD Conditional Access Azure AD Multi-Factor Authentication Azure Purview Microsoft Intune DKIM, SPF & DMARC Office 365 ATP Safe Attachments Office 365 ATP Safe Links Office 365 ATP anti-phishing, anti-malware and anti-spam policies Microsoft 365 Sensitivity labels Microsoft 365 Data loss prevention Qualys Vulnerability Scanner Snyk Google Cloud Security Interested in finding out more. Please apply or connect with me, Simon Bucknell on Linkedin