Cyber Security Engineer
Cheshire / Hybrid Working
Salary from £42,073
Fixed Term Contract
The NNL are an innovative, world-renowned, scientific research organisation serving the national and international civil nuclear industry.
Our ambitious roadmap is to use the latest technology to help our business deliver better outcomes.
This role is within the Technology & Digital Change (T&DC) team, who are responsible for all Technology, Digital Change, Cyber Security and Information Assurance within the organisation.
The Cyber Security Engineer is responsible for operational security and assisting with the design, implementation and development security controls and systems. They will ensure that incidents are detected, prioritised, investigated, contained, remediated and that operational security controls are measured and constantly improved.
We support working flexibly, and can be flexible about location between our sites in the North West of England; some travel will be necessary to support business needs.
- Proven work experience as a System Security Engineer
- Work alongside IT infrastructure and CS&IA (cyber security and information assurance) teams to design, maintain and improve security systems
Engineer, implement, maintain, and monitor operational security systems
- Monitor, investigate and respond to security incidents
- Work closely with the external SOC to ensure that they understand our business and help coordinate incident responses
- Develop security controls and processes to increase effectiveness, minimize false positives and provide a better experience to the business
- Assess vulnerabilities in context to determine risk and prioritise remediation
- Develop metrics to measure the effectiveness of operational security controls
- Prepare and document standard operating procedures for operational security controls
- Assist with penetration testing
- Assist with the collection, processing, preserving, analysis, and reporting of digital forensic evidence to support internal, criminal, fraud, counterintelligence, or law enforcement investigations
Essential Criteria for Cyber Security Engineer:
- A degree in Computer Science, Software Engineering, Information Systems, Cyber Security, related field or equivalent experience
- Hands-on qualifications in Cyber security, e.g. Certified Ethical Hacker etc.
- Demonstrable hands-on experience of engineering, implementing and maintaining security systems, including at least some of the following:Firewalls and firewall management
- Experience of managing cryptographic systems such as TLS certificates, encryption, etc.
- Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
- Detailed technical knowledge of database and operating system security
- Experience with network security and networking technologies and with system, security, and network monitoring tools
- Experience of the full vulnerability management lifecycle including scanning, assessment and remediation
- Ability to achieve SC Clearance
- Communication – able to communicate security risk clearly and succinctly to technical and non-technical staff both verbally and in writing
- Problem solving and analysis – Able to identify and define complex problems, analyze and solve them in a logical, methodical manner and able to maintain this whilst under time pressure whilst dealing with an incident.
Desirable Criteria for Cyber Security Manager:
- Experience of providing evidence for compliance, e.g. Cyber Essential+, ISO27001, PCI DSS etc
- Experience of applying NCSC guidance and principles to develop security controls
- Experience of working with government protective marking scheme
- Experience of writing and/or contributing to technical designs