Sr. Cyber Engineer
Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.
The Opportunity -
Senior Cyber Engineers play key roles in these client assignments. As recognized technical experts with hands-on skills. they implement security principles for clients, as well as advising advise clients and their service providers on proposed changes in a collaborative process.
As part of a project team, they help to identify priorities, ensure delivery is progressing with pace and agility, and validate that improvements are properly implemented. They work with SMEs across NCC Group to ensure the right expertise is delivered for each requirement.
The Challenge -
Senior Cyber Engineers in Cyber Security Improvement (CSI) work in a range of capacities:. CSI projects cover all aspects of the Build-Assess-Fix lifecycle. The team advises on greenfield security tool deployments and policy development, custom security assessments, and remediation of gaps identified during prior assessments, whether client-internal or performed by NCC Group. Typical projects include:
Advise on SIEM deployment in alignment with best practices
Customize template security policies for client environment
Conduct assessment leveraging CISA ZTMM framework
Remediate penetration test finding of inadequate logging
Responsibilities for this role include:
Working with sales and pre-sales teams to capture requirements and create project proposals
Providing technical input for work plans and estimating project timelines and budgets
Assessing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, and augmenting those where appropriate with additional security reviews
Creating technical content for project documents
Acting as technical lead for the NCC Group team delivering a CSI project, supervising the work of other engineers and verifying their output
Working closely with NCC Group colleagues, clients, and third-party technical staff to deliver prioritized improvements timely, and delivering some of that workload hands-on
Mentoring junior staff from a technical perspective
Reviewing all improvements delivered to ensure they deliver the expected risk mitigations
Updating project managers on project status, resource allocation and project risk
Championing the CSI practice with colleagues across NCC Group
Above all, we would like to speak with people who are passionate about what they do. CSI projects are highly agile and collaborative in nature, and the Senior Cyber Engineer role therefore combines deep technical expertise with proven soft skills.
Experience in several of the following, in an enterprise context:
Windows, Active Directory, Azure AD and Microsoft 365
Azure, AWS, GCP and native security services (Sentinel, Cloud Watch, etc.)
DevOps, CI/CD, software development and testing, infrastructure as code
Network engineering and security (firewalls, IDS/IPS, etc.)
Infrastructure engineering and security
Information security management
Blue team, network defense, protective monitoring engineering
Experience of working in an agile project environment
Knowledge of cyber security principles, though it is not essential to come from a cyber security background
Quality assurance and / or system testing
Writing clear and accurate technical documentation
The following additional attributes would be advantageous:
Cloud based provider qualifications or demonstrable strong in-depth experience
Knowledge of cyber security frameworks such as MITRE ATT&CK, NIST CSF, NIST 800-53, CISA ZTMM, CSA CCM, CIS CSC, etc.
Experience of working in a consultancy organization
Experience creating solution architectures and designs
The following qualifications would be advantageous:
Certified Information Systems Security Professional (CISSP)
Certified Secure Software Lifecycle Professional (CSSLP)
Certified Cloud Security Professional (CCSP)
Certificate of Cloud Security Knowledge (CCSK)
GIAC Information Security Fundamentals (GISF)
GIAC Security Essentials (GSEC)
GIAC Defensible Security Architecture (GDSA)
GIAC Information Security Professional (GISP)
Azure Security Engineer (AZ-500)
AWS Certified Security - Specialty
Focus and prioritization to support a complex and agile workload
Ability to build strong, trust-based working relationships
High standards about work output
Self-motivating, innovative and creative
Strong and effective communicator to all stakeholders
Technically focused, business and commercial savvy
Excellent reporting & presentation skills
Applies knowledge and skills through handling complex problems beyond own area of expertise
Some of the technologies listed under Skills above
Cyber security principles of good practice
Successful delivery on client projects
Positive view of CSI practice with NCC Group colleagues and clients
NCC Group has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.
We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.
Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.
We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.
About your application
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.