NICE Information Security Engineer 

United Kingdom, England, London 

977682383

The purpose of this role is to help security stakeholders within the business address increasing security and compliance requirements from our customers. These may be in the form of data security questionnaires from existing customers or prospects, or new requirements from certifications we are seeking to acquire.

The role will also take responsibility for ensuring that security measures are applied as per our policies, and that compliance related processes are followed correctly. This could be, for example, configuring integrations with new security tooling, ensuring that security log scanning automation is correctly configured, or preparing and sending regular vulnerability scanning reports.

A good technical understanding of software and infrastructure development will be very beneficial, as the role will likely be engaging on a regular basis with engineers. It will be expected that the role would develop a very good knowledge of the platform infrastructure, SDLC, and security policy framework over time. Hands-on skills configuring various security tools will be important.

• Seek to understand the ContactEngine data, infrastructure, and software architecture, especially related to our SDLC and security touch points.
• Investigate and make recommendations related to our security posture, as it pertains to data, SDLC and infrastructure.
• Work with stakeholders to respond in a timely manner to any questions or questionnaires from clients or prospects.
• Ensure the tech security landscape is fully understood and make stakeholders and decision makers aware of any significant changes or developments.
• Hands-on working with integration of security tooling and systems when required.
• Perform ad-hoc investigations into security issues as needed.
• Develop and track the security metrics and KPIs for the ContactEngine platform, and regularly report on these to managers.
• Provide advice and support regarding security concerns to any interested parties within the organisation.
• Use our security tooling to prepare and send vulnerability reports on a regular basis
• Work with finance and stakeholders when appropriate on the procurement of any security related software tools
• Work with stakeholders to identify security process or policy gaps that need to be addressed.

• Hands-on experience with AWS security tools.
• 5+ years in a hands-on security or software engineering related role.
• A technical background rather than a pure compliance background would be preferable.
• Knowledge of common security and compliance certifications and frameworks, such as ISO 27001, SOC 2 type 2, PCI DSS, FedRAMP, HIPAA etc.
• Experience in responding to data security questionnaires.
• Experience investigating or dealing with software or infrastructure security issues.
• Good understanding of software development and infrastructure common practices, especially related to SDLC.
• Strong hands-on ability with various security software and tooling.
• Proven ability to communicate to senior stakeholders in written and oral form.
• Understanding of relational databases and typical security approaches to managing these.
• Understanding of ETL, data warehouse and reporting systems, and related security.
• Pragmatic rather than dogmatic approach.
• Knowledge of AWS services and security tools would be an advantage in this role.

Reporting into:DevOps Manager

Individual Contributor