Home
Jobs
Subsea7
IT Security Engineer

IT Security Engineer

On site

Westhill, United Kingdom

Full Time

04-03-2025

Share this job:

Score my CV Apply

Job Specifications

Subsea7 is seeking an IT Security Engineer to join our team on an initial 12-month contract in our Westhill, Aberdeen office.

The Security Specialist role will be responsible for supporting the delivery of a range of cyber security improvements at Subsea7. Working alongside the Subsea7 IT Security team the successful candidate will bring a strong technical background with a sound understanding of cybersecurity.

The Security Specialist will be help implement a range of projects affecting our security tooling including CrowdStrike, Delinea Secret Server and SecureWorks Taegis. This will require someone who can communicate with a range of technical and non-technical stakeholders to deliver these improvements.

As new threats emerge our Cyber Security tooling needs to adapt to meet these threats. The Security Specialist will play a key role in modernising our existing tools to ensure that it prevents cyber incidents from occurring and ensures it meets the needs of the wider organisation.

What will you be doing?

Working with the IT Security team to help improve the functionality of our security solutions.
Support the implementation of the CrowdStrike Identity module, ensuring that it integrates into our IT tooling.
Provide an ongoing review of our Endpoint Detection and Response tooling, ensuring that it meets best practice and provides best coverage for the organisation.
Support ongoing efforts to improve our Identity security policies both within Active Directory and EntraID.
Support the modernisation of our Privileged Access Management solution.
Working with the IT Security team to develop and maintain security policies and procedures across our tools and wider business processes.
Provide support during any major cyber security incidents.
To take part in post incident reviews and propose engineering resolution to improve results in any future recurrence
Identify security risks and provide recommendations for mitigation.
Support in any production issues and incidents and participate in the problem and change management forums
Stay up to date with the latest threats and vulnerabilities that concern Subsea7 and make recommendations for remediation

What do we want you to have?

Experience in a Cyber Security role.
Deep understanding of cyber security principles, frameworks and best practices as they apply to IT environments.
Proven experience with CrowdStrike, Delinea Secret Server, Keeper, SecureWorks Taegis
Proven experience within a Windows Server environment.
Scripting knowledge with PowerShell.
Understanding of the NIST cybersecurity Framework, ISO27001, GDPR
Operates with the highest level of confidentiality
Clear communicator who can present to both technical and non-technical audiences
Good understanding of IT Infrastructure & applications with knowledge of industry standards and current technology trends.

About the Company

Subsea7 makes offshore energy transition possible through the continuous evolution of lower-carbon oil and gas and by enabling the growth of renewables and emerging energy. Know more

Related Jobs

Company Name: ION
Job Title: Senior Security Architect
Job Description: About Us We’re visionary innovators who provide trading and workflow automation solutions, high-value analytics, and strategic consulting to corporations, financial institutions, central banks, and governments. More than 40% of the world’s largest companies use our solutions. We’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world. At ION, we offer careers that provide many opportunities: To invent. To design. To collaborate. To build. To transform businesses and empower people around the world to do more, faster and better than before. Imagine what you can do and experience. This is where you can do your best work. Learn more at iongroup.com. Your role Your duties and responsibilities Establish policies and procedures that promote secure development/cloud principles. Enable security automation through tools to reduce vulnerabilities and flaws due to human errors. Automate audit evidence collection throughout the SDLC to facilitate compliance reporting. Monitor security metrics to continuously improve and stay one step ahead of the red team. Maintain strong and continuous engagement with teams to ensure the ION Cloud architecture and operating model is up to the top security standards. Create a state-of-the-art secure cloud architecture and strategy, supported by a robust and flexible infrastructure with reliable and efficient operating model. Run post-mortem incidents analysis. Review the security principles compliancy of deployment, maintenance, monitoring, and management processes. Cooperate with the software architect to ensure that security aspects are considered in the software architecture. Regularly evaluate the best cloud applications, hardware, and practices available in the security domain. Provide training and guidance to the rest of the organization, helping with the development of a security culture throughout the company. Help the product owner in refining security requirements so that they fit in the customer’s strategy and becomes selling point. Other duties We might ask you to perform other tasks and duties as your role expands. Skills Your skills, experience, and qualifications Threat Modeling. Authentication/authorization standards and implementations Application of encryption at rest and in transit Certificates/secrets standards and implementations Managing security in public clouds ( AWS, Azure, GCP), with at least 3 years specific experience in either AWS or Azure. Secure microservices architectures in a cloud-native environment. Strong understanding of networking. Knowledge of different deployment models (Container, Serverless, Cloud, PaaS, IaaS …). Ability to work with diverse, remote, and distributed teams across multiple regions and time zones. Ability to do research autonomously to always be ahead of any security threat. SSDLC practices in DevOps, CI/CD environment. OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc. Penetration testing, vulnerability scanning Design security monitoring tools. Designing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions. Qualifications SANS/SEC-540: Cloud Security and DevSecOps Automation Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Authorization Professional (CAP) Certified Secure Software Lifecycle Professional (CSSLP) HealthCare Information Security and Privacy Practitioner (HCISPP) Experience Multi-year experience in Threat Modeling. A proven track record as architect and consultant, capable of working directly with teams, embedded in the delivery model. Experience with Kubernetes, Openshift, Service Mesh. Experience with clouds (AWS, Azure, GCP) Experience with getting or maintaining certified standards (i.e. ISO 27001, PCI DSS, MIL-SPEC) Contract Type Full-time, permanent contract. Important notes (Italy) According to the Italian Law (L.68/99) Please note that candidates from the disability list will be given priority. Due to the high volume of applications, only those candidates that meet the required criteria for selection will be contacted. If you’re from a non-EU country, you must have a valid EU visa or work permit.

London, United Kingdom

On site

Full Time

05-03-2025

Company Name: Everest Group
Job Title: Senior Security Engineer
Job Description: Job Overview We are seeking a dynamic and experienced Senior Security Engineer to join our team in India. In this pivotal role, you will be responsible for leading the development and implementation of robust security systems to protect our organization's data and network infrastructure. You will work closely with cross-functional teams to identify vulnerabilities, develop mitigation strategies, and ensure compliance with the latest security standards and regulations. As a Senior Security Engineer, your primary responsibilities will include conducting sophisticated security assessments, overseeing the deployment of security solutions, and responding effectively to any security incidents. You will also play a key role in shaping our security policies and procedures, providing expert guidance to both technical and non-technical stakeholders, and staying abreast of emerging security threats and technologies. Key Responsibilities Design and implement security architectures and strategies within the Azure cloud environment, ensuring secure and efficient cloud operations Conduct security assessments and penetration testing using Burpsuite and Nessus to identify vulnerabilities and implement effective remediation strategies Manage and fine-tune ZScaler configurations and policies for robust network and data security Utilize Sophos XDR for advanced threat detection, investigation, and response, ensuring comprehensive monitoring and protection against complex cyber threats Lead efforts to achieve and maintain SOC2 compliance, developing and enforcing policies and procedures in line with SOC2 standards Monitor network traffic and analyze protocols using tools like Wireshark to identify and mitigate security threats in TCP/IP networks Respond promptly and effectively to security incidents and ensure resolution with minimal impact Collaborate with various teams to integrate security best practices into development and operational processes Stay informed about emerging security trends, threats, and mitigation techniques, and educate others on cybersecurity best practices Develop and maintain detailed documentation of security configurations, policies, and procedures Evaluate and implement new security technologies and solutions as needed Provide expert guidance and leadership for security-related decision-making and project planning Required Skills / Aptitude Advanced knowledge of cybersecurity principles, practices, and risk management Strong proficiency in cloud security, particularly in Azure environments Expertise in network security, including protocol analysis and intrusion detection Familiarity with security tools such as Burpsuite, Nessus, ZScaler, Sophos XDR, and Wireshark Deep understanding of SOC2 compliance frameworks and requirements Excellent analytical and problem-solving skills, with a strong attention to detail Proven ability to identify, assess, and mitigate security vulnerabilities and threats Effective communication skills, capable of explaining complex security concepts to diverse audiences Strong documentation and reporting skills, with an emphasis on clarity and accuracy A proactive mindset towards staying abreast of the latest cybersecurity trends and technologies Ability to work collaboratively in a team environment and lead security initiatives Leadership qualities, including the ability to mentor junior staff and influence decision-making Capacity for critical thinking and making well-informed decisions under pressure Education and Experience Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is preferred Minimum of 5-7 years of experience in cybersecurity, with a focus on areas such as network security, cloud security, and compliance Prior experience in a professional services B2B firm, understanding the specific security needs and challenges in such settings Relevant cybersecurity certifications (e.g., CEH, OSCP, CISSP, CISM etc.) are highly desirable About Everest Group Everest Group is a leading research firm helping business leaders make confident decisions. We guide clients through today’s market challenges and strengthen their strategies by applying contextualized problem-solving to their unique situations. This drives maximized operational and financial performance and transformative experiences. Our deep expertise and tenacious research focused on technology, business processes, and engineering through the lenses of talent, sustainability, and sourcing delivers precise and action-oriented guidance. Find further details and in-depth content at www.everestgrp.com. Everest Group is with you on the journey. We are committed to empowering team members to develop their potential, share their authentic selves, and inclusively engage. This means we continually celebrate the diverse journeys different individuals cultivate. We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company stronger. If you share our values and enthusiasm for solving challenges, you will find a home at Everest Group.

Company Name: Photon
Job Title: GCP Security Lead
Job Description: We are looking for an experienced GCP Security Lead to join our growing team. This role requires a hands-on individual with deep knowledge in securing Google Cloud Platform (GCP) environments, as well as expertise in threat modeling, hardening GCP services, and cloud security posture management. The ideal candidate will have a passion for designing secure cloud environments, a solid understanding of cloud-native application security, and experience in implementing security controls across cloud infrastructures. Key Responsibilities: Lead the security architecture, design, and implementation of secure GCP environments. Drive design decisions by applying Threat Modeling techniques (e.g., STRIDE, MITRE ATT&CK) to identify and mitigate risks to cloud infrastructure and applications. Conduct security assessments and audits of GCP services to ensure compliance with internal policies and industry standards. Harden GCP services and ensure they are configured according to security best practices. Leverage CNAPP (Cloud-Native Application Protection Platform) and CSPM (Cloud Security Posture Management) tools to monitor and enforce security policies across the GCP environment. Collaborate with DevOps, Infrastructure, and Development teams to implement security controls and best practices in the cloud. Create formal documentation of cloud security controls, including Threat Model Reports, Policy Summary Pages, and Security Incident Response Plans. Provide guidance and mentorship on secure cloud architecture and threat modeling for cross-functional teams. Continuously research and implement the latest cloud security trends and technologies, ensuring GCP is secure and resilient against emerging threats. Required Qualifications: Proven experience with Google Cloud Platform (GCP) security, including practical experience with hardening GCP services. Strong working knowledge and hands-on experience with CNAPP/CSPM tools. Deep understanding of Threat Modeling frameworks such as STRIDE and MITRE ATT&CK, and experience in applying them to real-world environments. Experience documenting cloud security controls, including Threat Model Reports and Policy Summary Pages. Strong understanding of cloud security architecture, vulnerability management, identity and access management (IAM), encryption, and secure software development lifecycle (SDLC) practices. Experience with security automation and security monitoring in cloud environments. Knowledge of cloud compliance frameworks such as NIST, CIS, SOC 2, and GDPR. Strong problem-solving and analytical skills, with the ability to communicate complex technical concepts to both technical and non-technical stakeholders. Preferred Qualifications: Certifications in cloud security (e.g., Google Cloud Certified - Professional Cloud Security Engineer, AWS Certified Security Specialty, or equivalent). Familiarity with cloud automation tools (Terraform, CloudFormation, etc.) and infrastructure as code (IaC) security practices. Experience working in Agile/Scrum environments. Knowledge of network security principles and architecture in cloud environments. Soft Skills: Excellent written and verbal communication skills. Strong leadership and collaboration skills. Ability to prioritize tasks and manage multiple security projects in parallel. A proactive and solution-oriented mindset.

London, United Kingdom

On site

Full Time

05-03-2025

Company Name: London Borough of Hounslow
Job Title: Cyber Security Analyst
Job Description: About Us At Hounslow We’d love you to join us at the London Borough of Hounslow! Our people are deeply committed to providing excellent services to our residents, doing all we can to make lives as good as they can be. We are an outstanding council, serving an outstanding borough. With brilliant, visionary leadership, a dynamic Cabinet and a can-do culture, we’ve built strong partnerships which have transformed how we serve one of London’s most diverse boroughs. Hounslow is the world in one place and full of potential. We are stepping up for our residents like never before. About Our Commitment To Diversity And Inclusion We live by five core values: Lead with Heart, Do New, Pass on the Power, Harness the Mix and Be a Rock. All our work has equality, diversity and inclusion at its very heart, best articulated in “Harness the Mix”. It's about breaking down barriers between our parts and people and unlocking the problem-solving power of our amazing mix of minds. We serve a diverse community, we have a diverse workforce and we are committed to being an inclusive employer. We work hard to create representation across our workforce and leadership community, we have thriving employee network groups and our learning and development programmes help us lead, model and breathe ways of working that eliminate inequality, inequity, injustice and bias. As part of this and under our commitments as a Disability Confident Employer, we make reasonable adjustments to accommodate our candidates. There’s space for you to tell us what you need within our application form. Our Benefits About The Role We’re seeking someone passionate about cybersecurity and eager to make a difference in protecting public services and citizen data. If you enjoy problem-solving, working collaboratively, and staying ahead of cyber threats, this role could be for you! You Should Be: Curious and analytical, keen to identify and respond to security threats. A clear communicator, able to explain security concepts to colleagues across different teams. Tech-savvy and adaptable, comfortable using IT security tools and eager to learn new technologies. Detail-oriented, ensuring security policies and procedures are followed to protect council systems and data. A team player, able to collaborate with IT, compliance, and operational teams to strengthen security. Committed to public service, understanding the importance of cybersecurity in safeguarding local authority services. About The Team You’ll Be Working In You’ll join our Cybersecurity Team, a key part of the council’s Digital & IT Services. Our Team is responsible for protecting the council’s IT systems, networks, and data against cyber threats, ensuring the security, availability, and resilience of public services. Our work directly impacts residents, businesses, and local services, safeguarding essential systems such as social care, housing, education, and public safety from cyber attacks. Maintaining a secure digital environment, we help ensure residents can access council services safely and securely. The Team includes Cybersecurity Analysts, Security Engineers, and Change and Problem Managers, who work together to prevent, detect, and respond to cyber threats. In this role, you’ll report to the Cybersecurity Manager and collaborate closely with the Digital and IT, including the Information Governance teams, to strengthen our security posture. About You If the points below resonate with you, we’d love you to put in an application: Curious and analytical, keen to identify and respond to security threats. A clear communicator, able to explain security concepts to colleagues across different teams. Tech-savvy and adaptable, comfortable using IT security tools and eager to learn new technologies. Detail-oriented, ensuring security policies and procedures are followed to protect council systems and data. A team player, able to collaborate with IT, compliance, and operational teams to strengthen security. Committed to public service, understanding the importance of cybersecurity in safeguarding local authority services. If this sounds like you, we’d love to hear from you. Qualifications: Degree: BSc in IT, Cybersecurity, Computer science or related courses. Certification – CISM, CISSP, CEH or any relevant security certifications. Technical Skills - SIEM, SOC, Threat Intelligence, Network Security, Cloud security, Security Policy and Compliance. Work Experience: 3+ years in cybersecurity, IT. Essential For The Role: Basic DBS Read more about the work you’ll be doing in the Role Profile. Don’t meet every single requirement? We know that sometimes people can be put off applying for a job if they think they can’t tick every box. At Hounslow, we realise the ‘perfect candidate’ doesn’t exist. So, if you can do most of what we’re looking for, go ahead and apply. You may be just the right candidate for the job or be perfect for one of our other roles! When Interviews Will Be Held And Who To Contact The key information you need about the role should be in the role profile, but if you have any further questions about the role, please contact: Email: Telephone: 020 9583 3838 Interviews for this job will be held 19th and 21st March 2025 onwards. Email: Telephone: 020 9583 3838 Interviews for this job will be held 19th and 21st March 2025 onwards.

Hounslow, United Kingdom

On site

Full Time

04-03-2025