Information Security Engineer

Information Security Engineer - Nationwide Software Company - Worthing, West Sussex

(Office based) - 50K to 55K plus excellent benefits

Stratospherec is recruiting for an Information Security Engineer to be based in the West Sussex office of our client who is a leading software company. In this role you will use your Information Security Engineer/Analyst expertise both supporting and enhancing this nationwide company's cybersecurity posture through the securing of enterprise applications, data and infrastructure and by identifying, assessing, and mitigating security risks. This is a hands-on, predominantly office-based role requiring experience in application and data security, vulnerability assessments, security administration, threat monitoring and response.

You will work alongside a multidisciplinary team of infrastructure, support staff and developers, cross-functionally supporting colleagues from across the business and the wider IT team to ensure security requirements are met and outstanding service delivered.

KEY ACTIVITIES

• Key activities in relation to application security will include performing security reviews of application architecture, source code, and third-party integrations.

• Collaborating with development teams to implement secure coding practices and conduct secure SDLC assessments.

• Using tooling to Identify application vulnerabilities and support remediation efforts.

Security Administration

• Managing and configuring security tools and systems (e.g., firewalls, SIEM, IDS/IPS, endpoint protection, etc.).

• Monitoring security policies, standards, and best practices.

• Reviewing and monitoring user access and identity management controls across systems.

• Key activities in relation to Penetration Testing & Vulnerability Assessments will include conducting internal and external penetration tests to evaluate system security.

• Performing regular vulnerability scans using tools like Nessus, Qualys, or OpenVAS.

• Analysing scan results, prioritizing risks, and coordinating with stakeholders for remediation.

• Key activities in relation to threat monitoring and response will include monitoring networks, systems, and applications for potential threats and unusual activity.

• Responding to security incidents, investigating breaches, and leading root cause analyses.

• Maintaining incident response procedures and participating in tabletop exercises.

• Key activities in relation to Security Posture Enhancement will include recommending technical and procedural improvements to strengthen security defences.

• Staying current with emerging security threats, vulnerabilities, and compliance requirements.

• Conducting security awareness training and collaborating across departments to promote a security-first culture.

• Liaising with stakeholders to understand requirements, provide updates, and ensure project alignment with business objectives.

• Implementing monitoring and alerting systems to ensure the health and performance of all systems.

• Ensuring all systems and processes comply with security best practices and industry standards.

• Troubleshooting and resolving issues related to security breaches.

• Providing Monthly Information Security reporting.

• Maintaining comprehensive documentation of systems, processes, and procedures.

KEY SKILLS

• You must have demonstrable experience of Information and Cyber Security practices like NIST, Cyber Essentials +, ISO27001.

• Familiarity with regulatory compliance and auditing standards.

• Ability to identify, assess and mitigate security risks.

• Knowledge of penetration testing and vulnerability scanning tools like Nessus and Qualys.

• Proficiency in applying security tooling including firewalls, VPN's, Network Traffic Analysis.

• Knowledge of network protocols TCP/IP, HTTP, DNS, SSH

• Familiarity with network segmentation

• Experience with endpoint protection software EDR, Anti-Virus, DLP and securing mobile, tablet, laptop, desktop devices.

• Familiar with Zero Trust security models

• Proficient in using SIEM tools

• Experience with log analysis and incident detection.

• Familiarity with securing cloud-native applications, containers and microservices.

• Incident detection, containment and mitigation through post-incident investigations and root cause analysis.

• Data encryption and Data Loss Prevention.

• Identity Access Management deployment Azure AD, MFA, SSO, RBAC

• Security auditing and monitoring.

• Experience in deploying security solutions across business projects.

• Excellent analytical and problem-solving abilities.

• Strong communication skills and stakeholder management skills.

EDUCATION & EXPERIENCE

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

• 3-5+ years of experience in cybersecurity or information security engineering/analysis.

• Strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks.

• Experience with security tools.

• Familiarity with scripting languages (Python, Bash, PowerShell) is a plus.

• Relevant certifications (e.g., CEH, OSCP, CISSP, Security+, GSEC) preferred.

If you have 3-5+ years of experience in cybersecurity or information security engineering/analysis with relevant certifications, along with strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks alongside experience with security tools, and you are looking to join a team at a friendly, supportive company that prides itself on encouraging further professional development then please get in touch as soon as possible to arrange a conversation regarding this exciting new Information Security/Analyst role?