InfoSec Engineer: Hybrid & Dublin City Centre - Permanent to work in the Capital/Financial Markets sector
Talentspot is working exclusively to support our highly-regarded capital markets customer. Having been in business for 50 years, they are considered a Wall Street heavyweight for their scale, innovation, and investment returns. Markets they operate in include asset management, real estate, credit risk, hedge funds, fund management and private equity.
COMPANY OVERVIEW
They have experienced significant growth over the last few years and are investing in a wide-scale modernisation of their technology stack and how they manage that technology. Their globally distributed technology portfolio includes complex, native web applications, highly extensible third-party applications, Big Data/EDWH, and reporting/insights solutions - deployed in on-premise data centers and within the public cloud (AWS).
Their security team has grown from a handful of employees to around 30 over the last few years.
POSITION SUMMARY
This new role is for an experienced, hands-on 'pure-play' Security Engineer, with an engineering mindset and experience in the design, build, testing, and running of InfoSec solutions.
This role offers exciting opportunities for growth and impact as the company scales its technology footprint in Dublin grows the business and continues to innovate. As a Security Engineer, you will be responsible for designing, implementing, and maintaining security measures across the company's environment. You'll need to be proficient in troubleshooting, have a deep understanding of a wide range of systems, and be capable of leading other teams in these efforts. You will work closely with IT and other business units to ensure their security posture remains robust, aligned with industry best practices, and compliant with regulatory requirements. You will also be looking over the horizon, identifying future needs and exploring leading-edge solutions.
RESPONSIBILITIES:
Network Security:
• Analyze network traffic for potential security threats and vulnerabilities.
• Design, implement, and manage network security solutions, including firewalls, VPNs, intrusion detection/prevention systems (IDS/IPS), and network access control (NAC).
• Develop and enforce network security policies, procedures, and standards.
Email Security:
• Configure and manage secure email gateways to protect against phishing, spam, malware, and other email-based threats.
• Implement and maintain email encryption protocols.
• Undertake regular security assessments and audits of email systems.
Endpoint Security:
• Deploy and manage endpoint security solutions, including antivirus, antimalware, EDR (Endpoint Detection and Response), and DLP (Data Loss Prevention) tools.
• Ensure endpoint device compliance with security policies and oversee the latest security patches and updates.
• Respond to and mitigate endpoint security incidents.
Vulnerability Management:
• Develop and manage vulnerability management programs, including regular scanning, assessment, and remediation.
• Collaborate with IT teams to prioritise and address vulnerabilities based on risk and impact.
• Track and report on the status of vulnerability remediation efforts.
Cloud Security:
• Implement and manage security controls across various cloud platforms (e.g. AWS, GCP, Azure).
• Ensure the security of cloud-based infrastructure, applications, and services.
Skills and Experience
• It's essential that you have experience in either Capital/Financial Markets, Investment/Merchant Banking, Hedge Funds, Asset Management, Fund Management, Private Equity, Credit Risk, or with a FinTech in one of these sectors.
• 3 - 6 years of combined, hands-on commercial InfoSec Engineering expertise in at least one of these areas: email/networking/infrastructure/security, ideally in companies of different sizes with experience working in different roles and with multiple technologies and products. The view is this expertise means new security skills can be learned in the role.
• Understanding of core principles of how modern infrastructure technologies operate (such as virtualization and networking, containers, cloud computing, SaaS, PaaS etc.) and the security aspects of these technologies
• Solid understanding of the operation of LAN/WAN IP-based networks (TCP/IP, routing/switching, VLANs, NAT, DNS, DHCP)
• Understanding of principles of applied cryptography - symmetric/asymmetric encryption, hashing, SSL/TLS, SSH, PKI, IPSec, site-to-site/remote access VPN, disk encryption, HSM
• Understanding of attack vectors against modern enterprises: phishing, ransomware, malware, DoS/DDoS, drive-by, MITM, various types of injection (i.e. SQL), cross-site scripting, etc.; methods of defense from these attacks
• Knowledge of common security principles, concepts, and methods (authentication, authorisation, single sign-on, network segregation, DMZ, Zero Trust, defense-in-depth, penetration testing, sandboxing etc.)
• Ability and desire to code, script, and automate to improve your own and the team's operational efficiency
• Understanding of aspects of application delivery in principle and firewalling/load balancing in particular
• Understanding of HTTP operation and associated concepts (its methods, cookies, sessions, caching, CDNs, HTTP-based applications and protocols etc.)
• Understanding of principles of operation of NextGen/L7 firewalls and experience with one of the market-leading vendors
• Practical knowledge of Windows (including AD) and Linux
• Knowledge of SSL/TLS traffic handling and encrypt/decrypt policies
• Team player who enjoys working in a collaborative and collegial environment and is an active contributor as part of a global team
• Ability to work calmly under pressure and meet deadlines and solve problems requiring creativity, initiative and drive; self-motivated and enjoys a sense of pride in their accomplishments
• Ability to present ideas in a user-friendly, business-friendly and technical language
• Strategic self-starter with an innovative mindset and outstanding attention to detail
You must already be eligible to live and work in Ireland as sponsorship is not available with this opportunity.