Cyber Security Engineer- FCA- Permanent - London, Leeds & Edinburgh (hybrid working)
About the Opportunity:
As part of the technology organisation at the Financial Conduct Authority (FCA), we run digital products throughout the organisation. We are passionate about delivering value in a fun collaborative manner and being an influencer at the heart of the global RegTech and FinTech revolutions driving the digital economy. As part of our Agile journey, we have formed Product Groups that combine our Delivery and Service functions. As a newly formed Security Product Group, the Cyber Security sits within the Technology Resilience and takes end-to-end accountability for the technology roadmap and architecture, development and operational support of enterprise Security Products across the internal FCA Technology division. As Security Engineer, you will be part of Technology - Cyber Security - Engineering and maintains the platforms, applications and security systems that deliver enterprise security services to the organisation.
What does the role involve/What are the key responsibilities?
- Build, deploy and maintain a range of robust, available, repeatable, fit-for-purpose and scaled enterprise security tools and services.
- Maintain, develop and improve the tools, processes and procedures to meet changing business needs, strategic objectives and team requirements.
- Develop, monitor, evaluate and maintain systems and procedures to protect the confidentiality, integrity and availability of information systems within the organisation.
Key aspects of the work will include:
- Provide technical assistance and security SME knowledge to the wider team as part of Security & Service Management activities including incident and problem management, risk management and mitigation.
- Support Cyber Security colleagues, Programmes & Projects with the design and implementation of new enterprise Security Products, services, policies, and procedures. Ensure any new enterprise Security Products and services can be fully supported and appropriate service readiness activity completed.
- Provide wider Security SME support and coaching to other Product Groups and wider Information Security community.
- Supporting operations out of hours as part of an on-call rota
What will you get from this opportunity?
- We work in small cross functional, self-organising and autonomous teams, passionate about delivering value and having fun.
- We like to work smart, not long hours.
- We enjoy having a sense of purpose in our job, knowing that we're serving those in need.
- We don't do micro-managing; we hire people because we believe they are brilliant in getting the job done.
- We love diversity.
- We admire and look out for servant leaders who have exceptional critical soft skills.
- We believe in innovation, not prescription
We're a signatory to the Government's Disability Confident scheme. This means that we will offer an interview to disabled candidates entering under the scheme, should they meet the minimum criteria for a role. A minimum criterion needs to be measurable from reviewing a candidate's CV. Exceptions may apply if due to the volume of applications we are not able to interview all eligible candidates who qualify under the scheme.
- Good experience of working in a security engineering role supporting enterprise security services, products and architecture.
- Strong interest in Cyber Security with relevant recognised security certification
- Have, or be willing and able to obtain HMG SC Clearance.
- Strong Service management skills and experience. Ability to manage incidents, problem investigations, undertaking patching & release management activities in addition to managing product risks & mitigation activities.
- Previous experience in security engineering or DevSecOps.
- Thorough working knowledge of Operating Systems, Cloud technology and automation pipelines
- Experience of Azure Cloud Stack
- Understanding of GitOps, Agile and DevOps practice
- Ability to write code and work with Infrastructure as Code tools (Ansible, Terraform, Puppet etc)
- Technical security knowledge and exposure to relevant technical architecture, environments, platforms, software industry and business practices.
- Good knowledge and demonstrable experience of Information Security principles, tools, processes and procedures
- Experience of working collaboratively with internal teams and external IT Partners.
- Experience of coaching others to improve security and engineering knowledge
- Experience working in the financial services industry
- Scripting/automation skills
- Service Design and Transition experience & knowledge
- Good understanding of Security frameworks, eg MITRE, NIST
- Good communications skills (both oral & written) and comfortable engaging at all levels including Senior Management.
- Previous experience in security engineering services such as Privileged Access Management, SIEM, Identity Governance & Administration, PKI, Vulnerability Scanning
About the FCA
At the FCA, we're creating a fair and more resilient financial system. We're establishing more transparent relationships between financial services and their customers, building trust in financial markets and protecting vulnerable consumers. The landscape of financial services regulation is constantly changing, impacting the way in which the FCA regulates. Technology enables the FCA to deliver, through the implementation and management of cutting-edge, industry leading technology and digital solutions, used by tens of thousands of firms and millions of consumers across the financial services sector in their interactions with the FCA. Technology is ambitious, with an established and forward-thinking digital strategy, focused on exploiting cloud technologies, and an operating model recognised as more pioneering than many in the private sector. Technology is actively focused on the professional development of colleagues throughout their careers with us. As a division, Technology is committed to establishing a culture of inclusion that enables diversity to underpin our ways of working.
The FCA's Values & Diversity
Our ambition is to create a diverse and inclusive workplace that reflects the society we serve, helping us to be a better regulator.
As an inclusive employer, we are open to considering flexible working arrangements.
Please contact our recruiter if you wish to apply for this role on a flexible basis.