Position: Security Engineer
Reporting to: Senior Director Security & Trust
Location: London, UK
Reed & Mackay leads the global travel and event management arena with extraordinary service and proprietary, client-led technology. Ranked first in the Sunday Times International Fast Track 2020, we are a business that is always looking forwards, while ensuring that we’re everything that our clients need today. In May 2021, we became part of Navan (formerly TripActions), and together we are setting the agenda for the future of business travel.
Due to the continuing growth of our business internationally and the importance we place on security, compliance, continual improvement and the retention of our certifications, a position has become available or a highly competent individual to support the Cyber Security programme and team.
PURPOSE OF THE ROLE:
This position is a full-time, hands-on, technical role that will work alongside existing key resources in all aspects of the R&M’s security operations programme; ensuring that our cloud environment is secure, our data is safeguarded, and industry standards and best practices are implemented as part of an integrated approach to security across the organisation. This is an outstanding opportunity for a talented individual to actively get involved in the cyber security activities of a thriving global business while retaining focus on security and compliance in an exciting period of change and growth.
WHAT YOU’LL DO:
- Take ownership for key projects of Reed & Mackay’s Cyber Security Programme
- Ensure the effective management of risks, and security best practice.
- Vulnerability Management – scanning, analysis, remediation tracking and metrics.
- Cloud Security – cloud security posture management, security of R&M’s Azure environment.
- Identity & Access Management – ensure secure configuration and best practices are implemented.
- Detection & Response – work alongside the managed SOC and manage internal aspects of security incident and event management including integrations, log ingestion and the day-to-date relationship with the managed SOC.
- Email Security – Manage and maintain existing email security solutions such as Mimecast and Material Security, incl. secure delivery, archiving, advanced email threat management, and email authentication (DMARC, DKIM)
- Manage and maintain endpoint security using CrowdStrike Falcon.
- Management of technical security controls in line with ISO 27001, PCI-DSS, SOC2 and industry best practices (NIST, CIS, etc.).
- Take accountability to identify, track and manage relevant corrective and preventative actions.
- Contribute to internal and external audits including managing and ensuring that certification, contractual and regulatory requirements are met.
- Contribute to internal forensic investigations by providing timely reports that prove or disprove a suspected action.
- Take ownership for incident detection, response and fraud prevention, including investigation, containment, eradication, and reporting, as needed and while utilising the managed SOC.
- Keep abreast of emerging technologies, evolving concepts, security standards, industry trends, and threats and recommend and implement enhancements to security controls and processes to meet changing compliance requirements.
WHAT WE’RE LOOKING FOR:
- A working knowledge of industry standards such as NIST, ISO 27001, and PCI DSS
- Excellent attention to detail, proactive, able to work independently.
- Strong verbal and written communication and interpersonal abilities.
- Strong technical background and extensive experience with the ability to work independently as well as part of a team.
- Professional certification such as CISSP, CCSP, CASP+, AZ-500 or equivalent experience desirable.
Note: This job description is intended to convey information essential to understanding the scope of the position and is not an exhaustive list of skills, efforts, duties, and responsibilities.