Head of Security Engineering

The Department:

The Information Security Team is responsible for protecting the company’s infrastructure, intellectual property and digital assets. The team has a large scope of responsibilities and tackles projects in different security verticals (Cloud Security, Application Security, Corporate Security, Detection and Response, etc.)

In this role, you will have the opportunity to work on various projects based on your skillset, experience, career goals and the team’s priorities.

The Role

This is a hands on Security Engineering role, leading a small team, defining and delivering against the strategy for a range of areas including:

• Endpoint security / EDR
• Vulnerability Management
• Cloud security
• Email Security
• Security testing

With a view to also taking on responsibility for maturing other areas (Secure by Design, Application Security / secure DevOps etc). 

The ambition for this role is to own the engineering part of our defence-in-depth InfoSec strategy, taking an automation-first approach. This will involve the maturing of existing controls and the selection and integration of best of breed products alongside emerging suppliers. 

As a core member of the CISO’s security leadership team this role will work closely with peers including Security Operations (in defining requirements and during live incidents) and Identity and Access Management. 

The role will also interact with partners in our Technology organisation and beyond - who we rely on to deploy our tools, and who rely on us to provide security advice and approvals. 

This role will suit candidates with a strong cyber security background in the financial or tech sector.

Source: BHAM: 1: Data as at 18 Jul 2023

MAIN DUTIES/RESPONSIBILITIES OF THE ROLE: 

Essential Responsibilities:

• Lead the SecEng Team
• Be pragmatic and commercially driven positioning the security function as an enabler for the business.
• Work to design, develop and execute on the BH InfoSec strategy.
• Design and execute an adversarial security program to proactively identify vulnerabilities and risks.
• Own the relationship with key stakeholders across the firm to inform the Security requirements, roadmap and priorities.
• Assist the Head of SecOps on security incidents, investigations and remediation.
• Lead Red Teaming and/or penetration testing.
• Advocate of the principle of “shift left” and approach to DevSecOps

PERSON SPECIFICATION

WORK EXPERIENCE/BACKGROUND:

Essential

• 5+ years of professional hands-on experience with a programming or scripting language, e.g. Java, Golang, Python, Bash, Node.js, etc.
• Professional experience within financial services
• Experience working in a dynamic, fast paced environment
• Strong experience in securing Cloud environments, AWS, Azure, GCP
• Strong experience in securing microservice architecture e.g. Kubernetes, Docker
• Deep understanding of Operating System security, Windows & Linux
• Strong knowledge around cryptographically securing data, assets and infrastructure

Desirable

• Familiarity with secure execution environments, air gapped system architecture, infra-as-code, tamper proof hardware.
• Experience with application security toolsets such as SAST, DAST, SCA and secret scanning
• Experience in securing CI/CD pipelines and Infrastructure-as-Code
• Experience in managing internal or external vulnerability assessments such as pentests, red team etc.