You will evaluate our security solution technologies and toolsets and help design, implement, and maintain the security systems within the organisation and will ensure that data, network, and systems are protected from cyber threats and will comply with the relevant standards and regulations. The Cyber Security Solutions Engineer will also provide technical guidance to other security team professionals and partners.
DIMENSIONS:
UK Power Networks is expanding its presence in Microsoft Azure and enhancing its on-prem OT Mission Critical Systems. It is necessary that a secure environment is developed for the hosting and management of our critical information assets. We ask that you have a blend of skillsets across cyber security including solution design, configuration, implementation, operation, governance, change management, communications, and the understanding of protecting data in employing the use of relevant encryption standards. The main measure of success is maintaining regulatory compliance and improving the technical and organisational resilience of the ever-changing cyber threat landscape.
PRINCIPAL ACCOUNTABILITIES:
1. Ensure highest standards of safety are applied across all responsibilities.
2. Implement the cyber security plans, technology roadmaps based on sound cyber security best practices to help implement Cyber Security Strategy ensuring alignment to the company vision, values, and strategic goals.
3. Support the Cyber Security Architects, research new security technologies, toolsets, and solutions for both OT and Enterprise on-prem and cloud infrastructures.
4. Work as an important partner with third party vendors to design and implement proof of concept (PoC) cyber security solutions and evaluate against strict requirements and criteria following UK Power Networks policies and the cyber security technology roadmap.
5. Evaluate existing cyber security solutions within the enterprise to ensure that they are fit for purpose and that the solutions have been designed and implemented to gain maximum benefit and capability.
6. Support the Cyber Security Teams at a technical level to install cyber security product technologies and systems, such as firewalls, end point protection, encryption, VPN, SIEM, PAM, VM etc.
7. Support the Cyber Security Teams to drive effective root cause analysis of cyber security related incidents to ensure prompt action is taken to prevent incident reoccurrence and strengthen relevant cyber security controls.
8. Provide technical guidance and assurance to the wider information systems teams concerning the implementation of cyber security controls within the specified design principles.
9. Translate our requirements into technical solutions, and communicate with product teams on your solution design.
10. Establish and maintain relationships with important partners on matters of cyber security that maintain business support for cyber security and network architecture measures and improvements.
Qualifications:
1. Work experience: Experience in cyber security, preferably in a security engineering or a security architecture role. Hands-on experience designing, implementing, and maintaining security solutions for multiple platforms, and using various security technologies and performing security testing and analysis.
2. Cyber Security Knowledge: An understanding of the principles and standards of cyber security, such as encryption, authentication, authorization, network security, application security, cloud security, and threat intelligence.
3. Security Solutions Design: Ability to design and implement security solutions that meet the requirements and goals. Analyse the security requirements, identify the security gaps, and propose the best security architectures to address them. Evaluate the costs, benefits, and trade-offs of different security solutions and make recommendations based on the UK Power Networks Policies, Standards and Security Patterns.
4. Security Tools and Technologies: Proficient in using multiple security technologies, such as firewalls, end point protection, intrusion detection and prevention systems, vulnerability scanners, encryption software, VPNs, and SIEMs. Be able to configure, test, deploy, and troubleshoot these tools and technologies and integrate them with other systems. Monitor and analyse the security logs and alerts generated by these tools and technologies and take appropriate actions.
5. Cyber Security Frameworks : Working knowledge of Cyber Essentials, ISO27001:2022, CSA Cloud Controls Matrix, NCSC CAF and GDPR, is important to ensure that data is being managed in a compliant manner.
6. Programming and scripting: Proficient programming and scripting skills to automate security tasks, develop custom security scripts and tools, and perform security testing and analysis. Familiar with some of the common programming and scripting languages used in cyber security, such as Python, PowerShell, Bash, Java, C#, and SQL.
7. Problem-solving: Able to resolve security issues, troubleshoot security incidents, and mitigate security risks. Apply logical reasoning, and creativity and innovation, to find the best security solutions and strategies. Anticipate and prevent potential security threats and vulnerabilities, and respond to them effectively.
8. Certifications : Relevant certifications in cyber security, such as CISSP, CISM, CEH, SSCP, or CCSP. Further technical certifications in Microsoft Azure, Networking, Firewall, SIEM, PAM or VM Products are beneficial.
9. Technical Capabilities : Technical competence in one or more of the following areas: Industrial Protocols (DNP3, ICCP, IEC-61850), IPSec VPN's, Networking, Network Security, RADIUS, MFA, Microsoft/Linux Operating Systems, Virtualization Platforms such as (VMware, Hyper-V, OpenShift), Cloud Security in Azure, PKI and Certificates.
Unfortunate the company are unable to provide sponsorship for this position