Senior Cyber Security Engineer

#hybrid

Evaluate Ltd is a major international company providing outstanding market intelligence services for the Pharmaceutical, Medical Device , Financial and Consulting sectors, through the Evaluate Pharma®, Evaluate Medtech®, Evaluate Omnium and Evaluate Vantage® online brands. Our international clients in Pharma and Biotech, Medtech, Banking and Consultancy regard Evaluate Pharma® as the industry’s gold standard for timely and accurate analysis of reported drug sales, consensus sales forecasts, R&D pipeline, markets and comprehensive company financials.

SCOPE OF THE ROLE

As a Senior Cyber Security Engineer, you will be central to Evaluate’s cyber security strategy. You will be responsible for helping define and implement an extensive and ongoing program of work encompassing:

• Technology - deploying and monitoring our cyber security technical controls
• People – advising, training and guiding to empower people to help manage cyber security risk
• Processes – reviewing and advising on our cyber security processes, identifying and implementing improvements.

This is predominantly a hands-on technical role which is also a key stakeholder in defining our cyber roadmap, ensuring our cyber security program continues to meet business requirements.

HOW YOU’LL SUCCEED

Reporting to the Head of IT, you’ll be working with all members of the IT and Technology teams on cyber security matters encompassing People, Processes and Technology:

• Deploy, configure and manage Evaluate’s comprehensive suite of cyber security tools, ranging from Managed Detection and Response (MDR) to Endpoint Protection
• Define and implement automated cyber security monitoring, including degree of compliance, across a varied cloud-based estate encompassing both legacy IT and modern DevOps practices
• Define and report on cyber security KPIs
• Contribute to developing Evaluate’s cyber security strategy
• Propose continuous improvements to keep pace with developing cyber security risks
• Help define and write our policies
• Assist with the creation, maintenance and delivery of cyber security awareness training for Evaluate staff
• Work with external service providers to complete regular security assessments and penetration tests
• Be a Subject Matter Expert on cyber security

• Work with our Engineering teams to ensure that cyber risks are well understood & suitably prioritised in project backlogs
• Support our Engineering teams on major product launches or environment changes to ensure that cyber risks are assessed and dealt with
• Participate in a security incident response on-call rota
• Contribute to our team-based risk assessment process; identifying, recording, assessing, and mitigating risks
• Advise on the implementation of a cyber security framework
• Participate in the Cyber Security Committee, reporting on key cyber security metrics and our current risk profile.

Requirements

WHAT IT TAKES

• Relevant cyber security experience
• Degree in computer science, information systems, or a related technical discipline or equivalent professional experience directly related to cyber security or network defence
• Sysadmin-level competence in most of the following technologies: Azure, Active Directory, M365, AWS, networking, Windows, Linux, PKI & certificate authorities; containerisation (docker & Kubernetes); Terraform, Intune, CloudFront
• Strong working knowledge of common security tools, such as a SIEM, MDR, vulnerability assessment, WAF, IDS/IPS
• Proven knowledge and experience of industry standards and best practice e.g. Cyber Essentials, NIST, ISO 27001
• Experience in security education and policy management
• Experience in incident response and incident management
• Working knowledge of UK GDPR
• A demonstrated ability to analyse and prioritise security risks
• Close attention to detail
• At least one advanced cyber security certification e.g. Certified Information Systems Security Professional (CISSP); Systems Security Certified Practitioner (SSCP); GIAC Information Security Professional (GISP); Certified Ethical Hacker (CEH).

Benefits

WHAT WE OFFER YOU

• 25 days holiday (increasing to 30 over 9 years) + 8 bank holidays
• Value you day - one additional wellbeing day on top of your holiday allowance
• Pension plan - company contribution of 6.7% rising to 10% after 12 months service
• Life Assurance 4 x salary
• Employee Assistance Programme (EAP)
• Private Medical Insurance*
• Corporate Gym Membership/Discount*
• Flexible working and flexitime policies
• Season Ticket Loan*
• Cycle to Work Scheme
• Maternity, Paternity & Adoption leave- including enhanced leave for 2+ years' service
• Shared parental leave

(*following successful completion of probation period.)

Evaluate is an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. Our ethos is to respect and value people’s differences, to help everyone achieve more at work as well as in their personal lives so that they feel proud of the part they play in our success. We believe that all decisions about people at work should be based on the individual’s abilities, skills, performance and behaviour and our business requirements. Evaluate operates a zero tolerance policy to any form of discrimination, abuse or harassment.