Search Engineer

• Collaborate with various teams (both internal and external stakeholders) to identify, analyze, and document potential security threats and vulnerabilities throughout the SDLC phase.
• Conduct security assessments and threat modelling exercises, design reviews and contribute to mitigate the gaps/weaknesses identified for both on-premises and cloud-based environments, systems, and applications.
• Assist with the delivery and implementation of new change capabilities identified in the strategy and roadmap into Insight and any additional control improvement identified from the risk management framework, risk assessment.
• Provide security advice and support tech and business teams so Cyber Security team can be more proactive in finding solutions to business/tech requirements.
• Evaluate the effectiveness of existing security controls and recommend improvements to enhance the overall security posture.
• Research emerging security trends and technologies and provide recommendations for adoption and integration.
• Assist in the development of security policies, standards, and guidelines, and supporting the team with BAU issues.
• Collaborate with peers and other cross-functional teams to identify and address security issues. (E.g., internal peers/Cyber Security colleagues, internal/external penetration testers and incident responders, cross functional product development/infrastructure, Architecture teams).
• Participate in security assessments, audits, and regulatory compliance initiatives and carrying out the resulting work to remediate the findings as required.
• Security awareness and training - Play a key role in promoting a culture of security awareness and continuous improvement as part of their ongoing engagements
• Liaising closely with other technology teams to meet the needs of the business, the post holder will also:
• Manage cross platform IT Security Risk Registers and resolution of identified risks.
• Input to incident management and planning
• Provide security consultancy support for contract development and liaison with third parties and external agencies and authorities.
• Manage specific technical issues within projects or operational environments.
• Supporting security incidents/investigation as required.

To be successful in this role, we re seeking the following:

• Experience with Cyber Security controls in a range of technical environments.
• Understanding of the technical security measures required for enterprise IT environments as described above with an appreciation for the fundamental defense in depth and zero trust approaches to IT security.
• Structured approach to identification, prioritization of threats and vulnerabilities, scoping and remediation work.
• Strong understanding of security threats, attack vectors, and mitigation techniques
• Knowledge of secure design patterns, cryptography, and access control models
• Deep technical knowledge of web related technologies such Web applications, Web Services and REST-based Service Architectures and of network/web related protocols.
• Experience with industry-standard threat modelling frameworks, such as STRIDE, DREAD, or PASTA.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.
• Proficiency in creating and interpreting technical documentation, including data flow diagrams and use case diagrams.
• Familiarity with security standards and regulations such as ISO 27001, NIST, MITRE, CIS and GDPR.
• Ability to make best use of available resources and identify where external or 3 rd party resources are required.
• Familiarity with technology operations and change management
• Familiarity with project development and S-SDLC.
• Keeps updated on technologies, industry practices and services.
• Deals confidently with conflict, able to maintain a strong professional relationship whilst resolving difficult problems.
• Ability to match available technical solutions to business requirements
• Ability to think on the fly and adapt solutions to meet urgent requirements should they arise.
• Self-Confident and Robust
• Able and organized to defend a view in an adversarial situation
• Willing to embark on a technical challenge with inadequate training or information
• Openness and Integrity
• Commitment to remain within moral and regulatory limits. Sensitive about privacy compromise and intellectual property rights.
• Attention to process, techniques, and security controls aligned with risk appetite.
• Has good judgment, a sense of urgency and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
• A critical thinker, with strong problem-solving skills
• Strong problem-solving and trouble-shooting skills
• Self-motivated and possessing of a high sense of urgency and personal integrity
• Demonstrated experience and success in similar security specialist/threat modelling expert roles in highly regulated industry (e.g., financial services industry)
• Degree in Computer Science, Cyber Security or a related field backed by equivalent work or education-related experience.
• Minimum of 3-4 years of experience in cyber security, threat modelling, secure software development, and application security.
• Proven experience of developing and implementing threat modelling methodologies and processes.
• Industry-recognized certifications, such as CISSP, CISM, or CSSLP, are preferred.

Preferred additional skills

• Familiar with containerization including building secure container images, monitoring and security tooling for CI/CD pipelines such as GitHub Enterprise, TeamCity, Aqua Security, SonarQube and orchestration at scale such as Kubernetes and Azure Kubernetes Service
• Familiar with IT Security standards and industry recognized guidelines such as CIS and OWASP
• Familiar with Cloud secrets management such as Cloud vaults, key management & rotation, MFA, HSM s.
• Familiar with agile methodologies and Dev SecOps processes.
• America s Most Innovative Companies, Fortune, 2024
• World s Most Admired Companies, Fortune 2024
• Human Rights Campaign Foundation, Corporate Equality Index, 100% score, 2023-2024
• Best Places to Work for Disability Inclusion, Disability: IN - 100% score, 2023-2024
• Most Just Companies , Just Capital and CNBC, 2024
• Dow Jones Sustainability Indices, Top performing company for Sustainability, 2024
• Bloomberg s Gender Equality Index (GEI), 2023