Security Engineer

Location Dublin
Discipline: Information & Cyber Security
Job type: Permanent
Salary: €55k to 60k per annum

​A global Financial Services company based in Dublin is looking for an experienced Security Engineer that will be responsible for ensuring that the organisation’s security requirements and designs are efficiently managed and maintained. This role will make certain that the quality of security engineering provided is aligned with the global security standards. The candidate for this role will work closely with the rest of the Security Engineering department and will be directly reporting to the Security Engineering Manager.

Responsibilities:

  • Solution Security Engineering

    • Provide expertise, direction and assistance to deliver the automation of security capabilities in CI/CD pipelines, including automation of secrets management and of SAST/DAST/SCA and other security assurance tooling.

    • Working with development and engineering to integrate security technologies, process and procedures into the automated deployment and validation of solution releases.

    • Capable of debugging issues through pipelines, spotting anomalous behaviour and diagnosing root causes.

    • Collaborate and communicate across development and engineering teams to improve and simplify the delivery and use of security tools and services and support their use.

    • Engage with projects to deliver security automation expertise and project-specific security automation deliverables where required.

  • Security Tool Administration:

    • Maintain software version and patch management for security products (including regular software patch updates).

    • Encryption Key and Certificates management for security products.

    • IDS/IPS and WAF policies/rules administration and maintenance.

    • DLP policy/rules administration and maintenance.

    • Software licensing and renewal.

  • Automate build, configuration and updates for security tools.

  • Define web filtering policies for new requirements.

  • Review or implementation of SIEM rules (incl. False/Positives and remediation). Facilitate use case handovers.

  • Security on-boarding activities (Device / Project on-boarding/system provisioning/integration for security products).

  • Research emerging security technologies and applications to benefit HKEX or LME.

  • Production incidents handling for security products (such as troubleshooting, hardware parts replacement, software bug fixes, vendor support engagement).

  • Create and maintain security technical engineering standards to meet information security policies and controls, industry standards and best practices, applicable legislative and regulatory requirements.

  • Complete Low Level Designs and other relevant artefacts required by project lifecycle.

  • Support engineering colleagues to deliver secure configurations for technology implemented.

  • Contribute to technology roadmaps and product evaluation.

  • Provide consultancy and guidance to stakeholders including Architects, Engineering, Operations and Project Managers during project lifecycle.

  • Promote security engineering practices and educate colleagues.

They also have a secondary responsibility to support or contribute to:

  • Support L2 SOC Analysts as required.

  • On call support for out of hours escalation.

  • Weekly review of all security operation related tasks with SOC L2.

  • Support SOC perform forensic investigation and malware analysis as needed.

  • Support and contribute to producing Security dashboards and reporting.

Qualifications Required:

  • Highly desirable to have a University degree in Computer Science, Information Management, or related field, or equivalent experience.

  • Highly desirable to have professional qualifications such as CEH, CCNP, CISSP, GIAC (GSEC/GCIH/GCIA).

  • Minimum 5 years relevant experience in IT security, including direct experience within a Security Engineer role.

  • Relevant security engineering experience working for financial market infrastructure or financial services providers such as payment processors. A working knowledge of the exchange industry and technologies is of benefit.

  • Experience in building and maintaining security systems.

  • Thorough understanding of the latest security principles, techniques, and protocols.

  • An excellent hands on experience of the following areas or technologies is required:

  • Scripting and automation tools, Python, Ruby, Go, Groovy or equivalent

  • Windows and UNIX/Linux operating systems

  • Agile ways of working, tools and techniques (e.g. Jira, Confluence, stories, sprints, backlogs)

  • SAST/DAST/IAST/SCA security assurance tooling

  • Encryption and authentication technologies (e.g. TLS, Kerberos)

  • Build and deployment pipeline technologies, such as Atlassian stack and Ansible or equivalent

  • Secrets management and privileged access management

  • Source code and artefact repositories

  • SIEM integration

  • Web, network and configuration protocols and technologies (e.g., TCP/IP, HTTP, HTTPS, JSON, YAML)

  • Identity and access management

  • Firewall and intrusion detection/prevention technologies

  • An understanding of the following areas would be of benefit

  • Application security principles

  • Secure coding practices, ethical hacking and threat modelling

  • Cloud deployment, operation and security (AWS or Azure)

  • Container runtime technologies and container orchestration platforms

  • Penetration and vulnerability testing tools and techniques

  • MySQL/MSSQL database platforms

  • Secure network architectures and technologies

  • Advanced Persistent Threats (APT) prevention and detection

  • EDR

Skills Required:

  • Ability to tackle and solve complex problems.

  • Strong ability to research and understand new technical areas

  • Excellent verbal and written communication skills

  • Able to write clear and concise documentation

  • Analyse data and present findings

  • Must be able to communicate information security-related concepts to technical and non-technical audiences.

  • Self-motivated and able to work under pressure.

  • Guide and mentor SOC analysts.

  • Be respectful of confidentiality.

  • Work with senior stakeholders across the IT functions and Business.

Personal Qualities:

  • Quality and delivery focused.

  • Excellent verbal and written communication skills

  • Open and approachable, with ability to work well within a team.

  • Ability to cope within a fast moving high pressure environment, balancing multiple work streams and deliverables