Lead Cyber Security Engineer

Overview

The Lead Cyber Security Engineer will be instrumental in helping to build a new SecOps function, reporting to the Infrastructure Platforms Manager. This role will be responsible for helping to implement and maintain robust security across our infrastructure and incident response. Lead Cyber Security Engineer will be responsible for developing, implementing, and maintaining security solutions that protect systems from ever-evolving cyber threats moving towards a zero-trust operating model. The role will serve as the technical lead, drive key security initiatives, play a pivotal role in mentoring junior team members and increasing our overall security posture. The role will assist the Firm with our efforts to work towards ISO 27001 certification and implementing CIS controls.

Roles and Responsibilities

Overall management and maintenance of the CrowdStrike platform, including configuring EDR policies, tuning SIEM rules, and optimizing the system for performanceWork with the network engineers to implement posture management i.e. ICE/NAC segmentation/lateral movement control and firewallsProactive collaboration with InfoSec to align CrowdStrike and other key security platforms with our security strategy and policiesLeading or participating in incident response efforts, conducting root cause analysis, and developing runbooks for incident handlingMonitoring for security threats, analyzing alerts, and responding to incidents using CrowdStrike and other security tools. Conduct vulnerability scans and support remediation and risk mitigation effortsOversee WAF, DDoS, VPN, and perimeter firewallsManage Email and Web Security GatewaysWork with Endpoints team to administer MFA, SSO, PAM, MDM/MAM, and Conditional AccessMaintain security certificates, encryption keys, and IDS/IPS systemsLead ad-hoc security projectsCollaborate with third-party penetration testers to identify, prioritize, and remediate security vulnerabilitiesCreating detailed reports on detected threats, incidents, and response actions, as well as documenting configurations, processes, and runbooks.Keeping well-informed of the latest cybersecurity trends, emerging threats, and updatesComply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards and Regulations, and Principles.

Skills and Experience

Experience in the following technologies:CrowdStrike EDRMimecastTessian or equivalent email DLPDeep understanding of Security Frameworks and Compliance PCI-DSS, ISO 27001, NIST, CISNetworking

Person Specification

Qualifications including:Crest Practitioner Security Analyst – CPSACertified Information Systems Security Professional – CISSPPalo Alto Network Certified Security Operations ProfessionalWorking togetherIntegrity and respectInclusivePersonal impact and growthDriving high standardsClient - centricResponsible Business

Hybrid working

Hybrid working

- We adopt a hybrid and flexible working approach, dependent on the requirements of the role and subject to manager approval.

For a detailed specification please download the job description in the documents section of this page.

Clicking ''apply'' will direct you to the application tracking system, hosted for us by ..... full job details .....