Senior Information Security Engineer
PensionBee, United Kingdom

• Full-time; reporting to the Head of Information Security
• London (Southwark), or Full Remote within the UK
• UK Right to Work required
• 60,000 plus benefits and up to 60% annual bonus (cash and shares)

Founded in 2014, PensionBee’s simple and engaging product has made us the UK’s fastest growing and most loved pension brand. From a clear and simple transfer journey, to an app to keep track of your retirement, we put customers front and centre of what we do. Since April 2021 we are listed on the LSE which has accelerated our growth.

PensionBee is looking for an individual with a strong passion for cyber security to help the Head of Information Security deliver the BeeSecure Information Security Strategy and Programme.

Recently certified to ISO 27001, PensionBee has a solid grounding in information security, and this is an excellent opportunity to join a company that is embarking on an exciting security transformation programme. The role will report to the Head of IS and would suit a candidate who is hands-on and can mentor junior members of the team (as the team grows).

Requirements

The key attributes and experience we are looking for are as follows:

• 3 - 5 years of hands on experience of working in a similar role as an Information/Cyber Security Analyst or Engineer, plus additional experience working in IT Operations or IT Infrastructure environments
• Prior experience of working in a Security Operations Centre (SOC)
• Good understanding of securing and hardening IT Systems (on-prem / off-prem / Cloud / SaaS / IaaS / PaaS)
• Hands on experience of working with Extended Threat Intelligence (XTI) software, such as SOC Radar (or similar software)
• Hands on experience of performing vulnerability assessments using tools such as Nessus, Qualys, Appcheck, CrashTest Security - for Cloud environments, Web Applications and Windows/macOS clients
• Good understanding of network concepts and protocols such as DNS, DHCP, SMTP, FTP etc
• Good understanding of Email Security and best practices
• Experience of working with Software Engineers to adopt a Secure DevOps culture which acts as an enabler to security and does not block progress or delivery
• Understanding of Information Security Risk Management and how to translate technical risks into non-technical business risks for distribution to the wider business and senior management
• Experience of working in an Agile development environment
• Experience of working with a Third Party Security Operations Centre (SOC) and a good understanding of SIEM/SOAR solutions such as Microsoft Sentinel/AlienVault/Log Rhythm etc
• Experience of working with Web Application Firewalls, such as Cloudflare
• Experience with and/or relevant certifications in information security management systems such as ISO 27001, NIST, Cyber Essentials, Certified Ethical Hacker (CEH)
• [Desirable] Experience working with software such as Google Workspace, AWS, Salesforce
• Clear written and spoken English
• Experience in a regulated environment is not essential

Key Responsibilities

• Be a key point of contact in the business for Information Security issues
• Ensuring ongoing compliance with ISO 27001 and other relevant certifications e.g. Cyber Essentials Plus, including monitoring and reporting
• Ensure our information security controls continue to suit the identified risks in the business, and work with internal teams to improve controls as risks or operations change
• Working with all areas of the business to ensure security best practices are embedded and promote a Shift-Left and Secure-By-Design approach to security
• Assist the business with activities such as Data Protection Impact Assessments, Subject Access Requests and Data Retention to ensure ongoing compliance with GDPR and applicable regulations
• Coordinating company-wide training on information security, to continue embedding a security-conscious culture
• Managing business continuity and disaster recovery plans and testing, including system backup and restore
• Working with Third Party suppliers to ensure security events are identified, assessed, investigated and closed according to risk appetite
• Working with the internal IT Service Desk and wider Technology function to ensure security related tickets are triaged and managed to closure
• Performing vulnerability assessments of the environment and liaising with internal/external teams to ensure these are managed in accordance with risk appetite
• Develop and become a key contributor to the internal Cyber Awareness website
• Develop Information Security Awareness Training material for distribution to all areas of the business and external customers
• Perform Email Phishing tests and simulatio

Job Rewards and Benefits