Security Engineer

Deloitte
Edinburgh, United Kingdom
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English

Job location

Edinburgh, United Kingdom

Tech stack

Agile Methodologies
Amazon Web Services (AWS)
Azure
Bash
Cloud Computing Security
Computer Security
Computer Programming
Continuous Delivery
Continuous Integration
Information Leak Prevention
Intrusion Detection and Prevention
Information Systems Security Architecture Professional
Python
Network Security
Powershell
Scrum
Zero Trust Network Access
Security Information and Event Management
Systems Integration
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Cloud Platform System
HybridCloud
Firewalls (Computer Science)
Information Technology
Terraform
Devsecops
Vulnerability Analysis
Microservices

Job description

We are a team of cyber security architects and engineers working within the wider Deloitte Technology and Transformation practice, securing technology capabilities that our clients in the Financial Services industry deploy, for example, ERP solutions, HR solutions, industry-specific applications, core banking platforms, and core insurance platforms.

We also help architect and engineer standalone cyber security solutions, such as cloud security and platform capabilities, data loss prevention technologies, DevSecOps pipelines, and solutions in the Zero Trust networking space.

We are seeking skilled security engineers to join the team. The ideal candidate will have a background in designing, implementing, integrating, and operating cyber security solutions that help protect our clients. Our projects vary greatly and your responsibility as a Security Engineer will differ based on the focus of the client engagement and your skillset, but this could include:

  • Designing and building secure infrastructure in public, private and hybrid cloud environments, using infrastructure-as-code.
  • Designing and building secure CI/CD pipelines, integrating the latest security technologies and checks.
  • Designing and building a range of security tooling, across endpoint protection, vulnerability scanning, network security, cloud security posture management, and security information event management (SIEM).
  • Operating Secure by Design (SbD) procedures and producing required artefacts such as security impact assessments.
  • Inputting into security architectures and solution designs.
  • Designing security controls and suggesting improvements on configurations of critical control such as WAF, firewalls, compliance monitoring, and alerting.
  • Conducting risk assessments and scoping vulnerability assessments to identify potential security threats and vulnerabilities.
  • Helping clients create security technology roadmaps, which provide realistic efforts estimates for engineering tasks.
  • Staying up to date with emerging security threats, technologies, and industry best practices, and providing recommendations for improvement.

Requirements

Successful applicants typically have a degree or equivalent experience, with real world experience working in cyber security. They are agile thinkers capable of helping stakeholders manage a range of security challenges.

Key skills - not every candidate requires all of these but should be familiar and/or have experience with a majority of these:

  • Hands-on experience configuring one or more public cloud environments (AWS, Azure, GCP).
  • Hands-on experience with CI/CD tooling.
  • Proficiency with infrastructure-as-code, e.g. Terraform.
  • Proficiency with programming / scripting languages (e.g. Python, Bash, PowerShell).
  • Experience building and deploying micro services-based applications.
  • Experience with security technologies, for example Firewalls, Intrusion Detection/Prevention Systems, Vulnerability Scanning, WAFs, CASBs, SIEMs, and CSPMs.
  • Experience inputting into and/or creating security architectures and designs.
  • Understanding of security principles and the ability to assess alignment of controls to these principles.
  • Ability to analyse and capture risk statements including references to likelihood, impact and mitigations.
  • Ability to frame technology and process level risk in business and operational terms.
  • Understanding of security controls and industry frameworks.
  • Understanding of regulatory and compliance requirements.
  • Understanding of Agile, SCRUM and Continuous Delivery., * Bachelor's or master's degree (or equivalent) in information technology, Cybersecurity, computer science or a related field, or equivalent work experience.
  • Certifications or other knowledge of cloud environments and their security controls available (AWS, Azure or Google).
  • Certifications from industry-leading security vendors and/or cloud providers would be desirable.

About the company

Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.

Apply for this position