The Opportunity -

Senior Cyber Engineers play key roles in these client assignments. As recognized technical experts with hands-on skills. they implement security principles for clients, as well as advising advise clients and their service providers on proposed changes in a collaborative process.

As part of a project team, they help to identify priorities, ensure delivery is progressing with pace and agility, and validate that improvements are properly implemented. They work with SMEs across NCC Group to ensure the right expertise is delivered for each requirement.

The Challenge -

Senior Cyber Engineers in Cyber Security Improvement (CSI) work in a range of capacities:. CSI projects cover all aspects of the Build-Assess-Fix lifecycle. The team advises on greenfield security tool deployments and policy development, custom security assessments, and remediation of gaps identified during prior assessments, whether client-internal or performed by NCC Group. Typical projects include:

• Advise on SIEM deployment in alignment with best practices

• Customize template security policies for client environment

• Conduct assessment leveraging CISA ZTMM framework

• Remediate penetration test finding of inadequate logging

Responsibilities for this role include:

• Working with sales and pre-sales teams to capture requirements and create project proposals

• Providing technical input for work plans and estimating project timelines and budgets

• Assessing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, and augmenting those where appropriate with additional security reviews

• Creating technical content for project documents

• Acting as technical lead for the NCC Group team delivering a CSI project, supervising the work of other engineers and verifying their output

• Working closely with NCC Group colleagues, clients, and third-party technical staff to deliver prioritized improvements timely, and delivering some of that workload hands-on

• Mentoring junior staff from a technical perspective

• Reviewing all improvements delivered to ensure they deliver the expected risk mitigations

• Updating project managers on project status, resource allocation and project risk

• Championing the CSI practice with colleagues across NCC Group

Requirements -

Skills:

Above all, we would like to speak with people who are passionate about what they do. CSI projects are highly agile and collaborative in nature, and the Senior Cyber Engineer role therefore combines deep technical expertise with proven soft skills.

• Experience in several of the following, in an enterprise context:

• Windows, Active Directory, Azure AD and Microsoft 365

• Azure, AWS, GCP and native security services (Sentinel, Cloud Watch, etc.)

• DevOps, CI/CD, software development and testing, infrastructure as code

• Network engineering and security (firewalls, IDS/IPS, etc.)

• Infrastructure engineering and security

• Information security management

• Blue team, network defense, protective monitoring engineering

• Experience of working in an agile project environment

• Knowledge of cyber security principles, though it is not essential to come from a cyber security background

• Quality assurance and / or system testing

• Writing clear and accurate technical documentation

The following additional attributes would be advantageous:

• Cloud based provider qualifications or demonstrable strong in-depth experience

• Knowledge of cyber security frameworks such as MITRE ATT&CK, NIST CSF, NIST 800-53, CISA ZTMM, CSA CCM, CIS CSC, etc.

• Experience of working in a consultancy organization

• Experience creating solution architectures and designs

The following qualifications would be advantageous:

• Certified Information Systems Security Professional (CISSP)

• Certified Secure Software Lifecycle Professional (CSSLP)

• Certified Cloud Security Professional (CCSP)

• Certificate of Cloud Security Knowledge (CCSK)

• GIAC Information Security Fundamentals (GISF)

• GIAC Security Essentials (GSEC)

• GIAC Defensible Security Architecture (GDSA)

• GIAC Information Security Professional (GISP)

• Azure Security Engineer (AZ-500)

• AWS Certified Security - Specialty

Behaviors

• Focus and prioritization to support a complex and agile workload

• Ability to build strong, trust-based working relationships

• High standards about work output

• Results oriented

• Self-motivating, innovative and creative

• Strong and effective communicator to all stakeholders

• Technically focused, business and commercial savvy

• Excellent reporting & presentation skills

• Applies knowledge and skills through handling complex problems beyond own area of expertise

Knowledge

• Some of the technologies listed under Skills above

• Cyber security principles of good practice

Outputs

• Successful delivery on client projects

• Positive view of CSI practice with NCC Group colleagues and clients

NCC Group has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.

We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.

Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.

We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.