London, 10th March
REPORTING TO: HEAD OF INFORMATION SECURITY
Reed & Mackay leads the global travel and event management arena with extraordinary service and proprietary, client-led technology. Ranked first in the Sunday Times International Fast Track 2020, we are a business that is always looking forwards, while ensuring that we’re everything that our clients need today. In May 2021, we became part of the TripActions Group, and together we are setting the agenda for the future of business travel.
Due to the continuing growth of our business internationally and the importance we and our clients place on information security, a position has become available for a highly competent Cloud Security Engineer to join the Information Security Team.
WHAT YOU’LL DO:
In line with ISO 27001, Cyber Essentials, GDPR, SOC2, NIST and PCI DSS requirements:
- Design and implement secure cloud architectures based on Zero Trust principles incl. components, systems, networking, accounts and integrations.
- Analyse current cloud configuration & infrastructure, identify potential risks, recommend improvements, and help design solutions to mitigate them
- Analyse and manage cloud firewall configuration to raise security posture of cloud components
- Collaborate with all security and technical teams to improve the security of Reed & Mackay’s cloud environment
- Own and Manage Cloud Security Posture Management (CSPM) software in an MS Azure environment, automate remediation
- Work with SOC and SIEM solutions, onboard all critical logs, configure alerts etc.
- Document technical information, processes, and procedures to ensure compliance and maintain the quality and integrity of the Information Security Management System
- Contribute to security audits and carry out tasks in support of our ISO certified management systems (ISO 27001, 22301, 9001 and 14001) and other security certifications and standards (SOC2, PCI-DSS, NIST CSF and Cyber Essentials).
- Advise on cloud security aspects of Projects and Changes including risks and best practices
- Develop and foster empathy for employees, customers, and stakeholders. Balance security with business requirements
- Contribute to the Information Security Strategy and Roadmap to maintain and improve the security maturity and cloud security posture of the business
- Perform other related duties as required or assigned
This role has no supervisory responsibilities. However, as a senior contributor, you will be expected to train, mentor, and share knowledge with fellow teammates.
WHAT WE’RE LOOKING FOR:
- 4+ years of relevant experience
- Strong familiarity with Windows operating systems and cloud provider ecosystems. MS Azure expertise is required.
- Practical knowledge of MS Azure platform services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
- Experience with TCP/IP, DNS, IPS, routing, firewalls, load balancing
- DevOps know-how – familiarity with building and deploying software applications with cloud deployment, Security-as-Code, Shift Left
- Experience with MS Azure IaaS and PaaS and a micro services architecture
- Knowledge of system hardening and cloud security architecture best practices
- Experience with Next Gen AV and EDR, SASE, SIEM, MDR, Office 365 Security and Compliance,CSPM (CloudGuard, PA Prisma Cloud), Azure NSGs, Firewalls, IPS, Tokenisation, andCryptographic Solutions (encryption, certificate management, key management) is required.
- ServiceNow ITSM or similar would be a benefit.
- Knowledge of data security, data governance and Identity Access Management
- Excellent team player, happy to collaborate, provide cover, pick up tasks as and when required
- Ability to function effectively and professionally in a fast-paced environment
- Very strong detail orientation and ability to maintain focus
- Excellent organizational and time management skills; prioritization and deadlines
- Ability to multitask and manage multiple projects/priorities daily
- Work proactively and independently and communicate effectively with others
- Ability to make effective use of resources available to complete tasks to agreed deadlines
- Hold recognised information security certifications such as CISSP, CCSP, SSCP, CCP, AZ-500 or equivalent academic or professional security qualifications
If you believe this role is for you, please send your CV to Recruitment@reedmackay.com