Brewin Dolphin’s IT Security team are responsible for a range of activities across traditional IT Security domains including Security Event Monitoring, Vulnerability Management, Endpoint Security controls, Data Loss Prevention and Network Management & Security. With a split between Security & Network Operations and Security Architecture the team is very much technically focused.
IT Security works closely with Brewin Dolphin’s Information Security, Operational Risk & Audit teams to maintain a strong security & risk posture for Brewin Dolphin and effective operation and monitoring of key IT controls relative to these areas.
Working as part of the Security Operations team, a sub-function of the IT Security team, the role involves deploying, supporting, maintaining, optimising security systems and supporting Security Analysts in change activities. The role also involves system integration, automation and orchestration. Although a technical role, there are elements of the role which are less technical including manging playbook changes, producing metrics, control reporting and co-ordinating changes/ onboarding of security monitoring and response plans.
Independence of thought and self-improvement are expected along with responsibility and ownership. It is a varied role which offers the opportunity to really contribute. This position will be based in Edinburgh.
The IT Security Operations Engineer role includes, but not limited, to the following responsibilities:
- Security system administration, supporting multiple platforms and applications
- Configure and troubleshoot security systems and infrastructure
- Maintain, optimise, improve and help lead further development
- Support security control tuning
- System integration, automation and orchestration
- Prepare and document standard operating and support procedures
- Produce MI, quality statements and control reports
- Manage changes to security automation and orchestration platforms, including playbook changes
- Manage and co-ordinate onboarding on new operational security services as well as new monitoring and response plans.
Examples of supported security systems:
- Intrusion detection and prevention
- Security information and event management
- Data loss prevention
- Web application firewalls
- End-point security software
- Network access control
- Two-factor authentication
- Credential management
- Vulnerability management and compliance
- Security workflow, automation and orchestration
- Educated to university degree level is desirable; A-levels or their equivalent is a minimum expectation
- General or vendor-specific IT security qualifications would be beneficial, but demonstrable experience and knowledge is more important
Several years of experience in a strong Security Engineer, Systems Engineer or related role. Candidates coming from a non-security Systems Engineer role are expected to have a good security understanding.
Experience should include:
- Hands-on deployment and support of systems – security systems preferred
- System administration, supporting multiple platforms and applications
- Cloud-based system support
- Hands on experience with security systems, e.g. Security Information and Event Management systems, Intrusion Detection Systems, Anti-Virus software, etc. (preferred)
- System integration, automation and orchestration (preferred)
- Reporting and metrics
- Managing change
Financial services experience is beneficial but not an absolute requirement.
Candidates should be able to demonstrate a breadth of IT platform knowledge.
Required skills are:
- Knowledge of IT security principles
- Generic IT technical knowledge
- Knowledge of Microsoft Windows operating systems
- Networking knowledge/ understanding
- Able to work well both in a team and independently
- A focused, methodical, and rigorous approach
- Strong organizational skills
- A mature, collaborative and professional attitude is essential
- Must be self-motivated and comfortable in driving initiatives forward
- Flexible – priorities and assignments will vary so candidates need to be able to re-organise and re-focus quickly
Preferred skills are:
- Experience with scripting languages (e.g. Python, PowerShell)
- Knowledge and experience of Microsoft Azure
- Experience with security system integration, automation and orchestration