Senior Information Security Engineer
Location : London, UK (Hybrid)
Salary : Up to £200k + Bonus
Role Overview
We are looking for a dynamic Senior Information Security Engineer to join a prominent macro trading firm based in London. This position is vital for safeguarding the organization’s infrastructure and sensitive information across both on-premises and AWS cloud environments. As a senior member of the security team, you will be responsible for shaping security strategies, managing vulnerabilities, leading incident response, and enhancing threat detection efforts, while collaborating with IT and DevOps teams to bolster the overall security framework.
The ideal candidate will possess a comprehensive, hands-on background in infrastructure security within a hybrid cloud context, with significant experience in Linux systems. We seek someone with a proactive attitude and flexible mindset, equipped with broad expertise in various security domains, including infrastructure, security operations, and compliance. A minimum of 7 years of experience is required, preferably in smaller financial or trading institutions.
Key Responsibilities
- Security Framework Development : Create, implement, and enhance security frameworks for both AWS cloud and on-premise systems to safeguard infrastructure, applications, and sensitive data.
- Vulnerability Oversight : Direct the vulnerability management process, encompassing scanning, analysis, and the development of remediation strategies.
- Incident Management : Lead the response to security incidents and conduct forensic investigations, coordinating actions to minimize disruption.
- Risk Analysis : Perform risk assessments on the organization's IT infrastructure to ensure compliance with industry standards and identify areas for improvement.
- Security Event Monitoring : Manage the monitoring of security events to detect and escalate potential threats, providing reports on security metrics and incidents to leadership.
- Integration with DevOps : Work closely with DevOps teams to incorporate security measures within CI/CD processes, ensuring secure software development practices.
- Training and Mentorship : Provide guidance and training on security best practices to internal teams and mentor junior engineers.
- Technology Assessment : Evaluate and implement advanced security technologies to improve the organization’s capabilities in threat detection, prevention, and response.
- Policy Implementation : Ensure that security policies and standards are consistently enforced and work with compliance teams to meet regulatory requirements.
Qualifications and Skills
- Education & Experience : A Bachelor’s degree in Computer Science, Information Security, or a related field, along with a minimum of 7 years in security engineering roles.
- Comprehensive Security Knowledge : Strong understanding of security frameworks (e.g., NIST, ISO 27001), cloud and on-premise security, and threat detection mechanisms.
- Cloud & Infrastructure Expertise : Proficient in managing hybrid cloud environments, particularly AWS, with a solid grounding in Linux-based infrastructure.
- DevSecOps Familiarity : Understanding of DevSecOps principles and secure development methodologies.
- Security Tools Proficiency : Experience with security technologies such as firewalls, IDS/IPS, SIEM, and EDR, as well as scripting and automation/SOAR tools.
- Relevant Certifications : Preferred certifications include CISSP, CISM, or CEH.
- Financial Services Experience : Previous work experience in trading environments or financial services is advantageous, particularly in smaller firms where diverse roles are common.
