Security Engineer

Security Engineer

Location: Acton, London

Salary: Negotiable - depending upon experience + benefits

Reporting to the Head of Digital Defence Engineering, Security Engineers support enterprise-wide security by ensuring DCG's technical defences are fit for purpose. The Security Engineering team is responsible for all aspects of the "protect, detect, respond" lifecycle.

Security Engineers work with IT architecture, design and operational teams to ensure that the network defences are secure whilst also supporting application development and engineering teams. The role will require an in-depth understanding of technical aspects of security and will support the security of DCG's infrastructure that includes; mainframes, mini-computers, personal computers, mobile devices, LANS, WANs, servers, data storage and the physical and logical components that integrate these systems together as an enterprise backbone.

Responsibilities:

• Supporting the Head of DDC Engineering with developing and implementing the DDC strategy.
• Recommends security controls and procedures in business processes, acquisition, development, and change management lifecycle of information systems, and monitors for compliance.
• Monitors information systems for security incidents and vulnerabilities; develops monitoring and visibility capabilities; reports on incidents, vulnerabilities, and trends.
• Administers authentication and access controls, including provisioning, changes, and removing of user and system accounts, security/access roles, and access permissions to information assets.
• Develops and administers, or provides advice, evaluation, and oversight for, information security training and awareness programs.
• Responds to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches; interacts and coordinates with third-party incident responders, including law enforcement.
• Analyses trends, news and changes in threat and compliance environment with respect to organisational risk; advises organisation management and develops and executes plans for compliance and mitigation of risk; performs risk and compliance self-assessments, and engages and coordinates third-party risk and compliance assessments.

Skills & Experience:

SME in two or more of the following areas:-

• Infrastructure Security (Anti-virus software, Intrusion detection, Intrusion prevention, WAF, Packet layer and next generation firewalls, Load balancing, Content filtering).
• Windows security for O365, SharePoint, AD, End point security (Servers and personal devices), Intune, Azure security, ATP, OneDrive for Business, Data management.
• Cloud security for SaaS, PaaS, IaaS.
• File integrity monitoring and DLP.

In addition to;

• Detailed knowledge of security standards and guidance such as NIST Cyber Security Framework, ISF Standard of Good Practice etc.
• Extensive experience with common security analytics, threat intelligence, security case management and other information security platforms.
• Prior experience in the retail industry and an excellent understanding of security threats faced by the retail industry.
• An understanding of relevant regulations and legislation that affect the operations of Dixons Carphone within UK&I is desirable, such as PCI-DSS.
• Working knowledge across all areas of security risk management.