Information Security Engineer

Information Security Engineer Nationwide Software Company Worthing, West Sussex

(Office based) 50K to 55K plus excellent benefits

Stratospherec is recruiting for an Information Security Engineer to be based in the West Sussex office of our client who is a leading software company. In this role you will use your Information Security Engineer/Analyst expertise both supporting and enhancing this nationwide companys cybersecurity posture through the securing of enterprise applications, data and infrastructure and by identifying, assessing, and mitigating security risks. This is a hands-on, predominantly office-based role requiring experience in application and data security, vulnerability assessments, security administration, threat monitoring and response.

You will work alongside a multidisciplinary team of infrastructure, support staff and developers, cross-functionally supporting colleagues from across the business and the wider IT team to ensure security requirements are met and outstanding service delivered.

KEY ACTIVITIES

Key activities in relation to application security will include performing security reviews of application architecture, source code, and third-party integrations.

Collaborating with development teams to implement secure coding practices and conduct secure SDLC assessments.

Using tooling to Identify application vulnerabilities and support remediation efforts.

Security Administration

Managing and configuring security tools and systems (e.g., firewalls, SIEM, IDS/IPS, endpoint protection, etc.).

Monitoring security policies, standards, and best practices.

Reviewing and monitoring user access and identity management controls across systems.

Key activities in relation to Penetration Testing & Vulnerability Assessments will include conducting internal and external penetration tests to evaluate system security.

Performing regular vulnerability scans using tools like Nessus, Qualys, or OpenVAS.

Analysing scan results, prioritizing risks, and coordinating with stakeholders for remediation.

Key activities in relation to threat monitoring and response will include monitoring networks, systems, and applications for potential threats and unusual activity.

Responding to security incidents, investigating breaches, and leading root cause analyses.

Maintaining incident response procedures and participating in tabletop exercises.

Key activities in relation to Security Posture Enhancement will include recommending technical and procedural improvements to strengthen security defences.

Staying current with emerging security threats, vulnerabilities, and compliance requirements.

Conducting security awareness training and collaborating across departments to promote a security-first culture.

Liaising with stakeholders to understand requirements, provide updates, and ensure project alignment with business objectives.

Implementing monitoring and alerting systems to ensure the health and performance of all systems.

Ensuring all systems and processes comply with security best practices and industry standards.

Troubleshooting and resolving issues related to security breaches.

Providing Monthly Information Security reporting.

Maintaining comprehensive documentation of systems, processes, and procedures.

KEY SKILLS

You must have demonstrable experience of Information and Cyber Security practices like NIST, Cyber Essentials +, ISO27001.

Familiarity with regulatory compliance and auditing standards.

Ability to identify, assess and mitigate security risks.

Knowledge of penetration testing and vulnerability scanning tools like Nessus and Qualys.

Proficiency in applying security tooling including firewalls, VPNs, Network Traffic Analysis.

Knowledge of network protocols TCP/IP, DNS, SSH

Familiarity with network segmentation

Experience with endpoint protection software EDR, Anti-Virus, DLP and securing mobile, tablet, laptop, desktop devices.

Familiar with Zero Trust security models

Proficient in using SIEM tools

Experience with log analysis and incident detection.

Familiarity with securing cloud-native applications, containers and microservices.

Incident detection, containment and mitigation through post-incident investigations and root cause analysis.

Data encryption and Data Loss Prevention.

Identity Access Management deployment Azure AD, MFA, SSO, RBAC

Security auditing and monitoring.

Experience in deploying security solutions across business projects.

Excellent analytical and problem-solving abilities.

Strong communication skills and stakeholder management skills.

EDUCATION & EXPERIENCE

Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).

35+ years of experience in cybersecurity or information security engineering/analysis.

Strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks.

Experience with security tools.

Familiarity with scripting languages (Python, Bash, PowerShell) is a plus.

Relevant certifications (e.g., CEH, OSCP, CISSP, Security+, GSEC) preferred.

If you have 35+ years of experience in cybersecurity or information security engineering/analysis with relevant certifications, along with strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks alongside experience with security tools, and you are looking to join a team at a friendly, supportive company that prides itself on encouraging further professional development then please get in touch as soon as possible to arrange a conversation regarding this exciting new Information Security/Analyst role?