Cyber Security Engineer

The Firm

HFW is a sector focused global law firm. We have over 500 lawyers working across the Americas, Europe, the Middle East, Asia and Australia. We take a progressive approach to our roles in commercial business - thinking creatively and pragmatically to support our clients.

Whether we are solving complex issues within the construction, aviation or shipping industries, or providing advice across insurance, commodities and energy we are specialist lawyers here to add value to our clients. We think about the commercial solution first, and then underpin our advice with a solid foundation of legal expertise.

The Department

HFW IT is a high performing team that provides technology excellence enabled by a deep understanding of the Firm's people and processes. The department is headquartered in London with points of presence located across each geographical region. The IT Cyber Security team operates from the London working closely with the IT Operations and IT Service Delivery functions.

The Role

The Cyber Security Engineer will have the opportunity to build and grow a career with a supportive team in an environment where everyone is empowered to do their best and be their best. The Cyber Security Engineer will be responsible for managing the development, support and adherence to cyber security policies and standards within the Firm. You will also be required to provide subject matter expert advice to Incident Response and the wider business in the delivery of Cyber security solutions to meet best practice and regulatory requirements.

The focus of the IT department is the end users, and it is the aim of the team to ensure that their underlying infrastructure operates in a well-maintained, controlled and consistent way. The engineer will work with other IT colleagues to ensure that current and new systems and services are delivered in a secured manner and strike a sensible balance between, being secure yet practical for the end users.

Duties and responsibilities

The incumbent will be expected to perform up to Level 4 of the Information Security (SCTY) within the Skills Framework for the Information Age (SFIA). This includes:

• Providing advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Obtaining and acting on vulnerability information and conducting security risk assessments, business impact analysis and accreditation on complex information systems.
• Investigation of major breaches of security, and recommendation of appropriate control improvements.
• Contribution to the development of information security policy, standards and guidelines.

Detailed responsibilities include:

• Review, assess, and mitigate penetration tests and vulnerability assessments on information systems and infrastructure
• Develop, document and maintain security procedures
• Design, installation and support of security tools such as IPS/IDS, web & email - DMARC, identity management, cloud security, firewalls and detection and response platforms.
• Patching & Server Hardening
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
• Security incident response
• Act as a technical resource to departmental colleagues and business partners on IT security considerations
• Provide out-of-hours cover for security breaches if required

• Any other ad hoc duties as and when required

The Person

• Personality: Self-driven, results-oriented with a positive outlook and a clear focus on high quality. Reliable, tolerant, and determined. Well-presented and businesslike. Able to get on with others and be a team-player.
• Business Skills: Must be an excellent communicator with real understanding and empathy for the business. Should seek to position the customer and the customer's interests first and foremost in every decision.
• Technical skills: In-depth IT skills are vital to the role. An ability to understand and explain IT solutions and issues to a non-technical audience is critical. A strong awareness of best practice techniques and solutions within the areas of networking such as, firewalls, cloud based technologies and end user devices.

Key skills and experience required

• Experience in an IT networking and security role managing a complex and global IT environment. Candidate should have a strong background of security engineering.
• Has an expert understanding and can apply security concepts to a technical level, at the highest levels of risk complexity.
• Is able to manage stakeholders' expectations across high-risk and complexity or under constrained timescales.
• The individual will be trusted by senior risk owners as an expert in security.
• Professional manner with the ability to work under pressure and prioritise effectively.
• Flexible with regard to working hours - normal office hours are between 9:00am and 5.00pm, but security incidents may require work outside this time.

Technical Skills

• Strong hands on knowledge of firewalls administration and design
• Proven ability to work under pressure in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.
• Strong network security knowledge and hands on experience in remote access, VPN, DMZ architecture, network monitoring, intrusion detection, endpoint security, wireless security, vulnerability scanning, anti-malware and DLP
• Advanced knowledge of WAN/LAN & IPV4/IPV6 security as it pertains to networking protocols and connectivity to/from outside resources
• Deep understanding or network protocols and secure use of them. Understanding of cloud based service delivery of traditional security controls (e.g. proxy, firewall). Understanding of PKI and encryption.
• Experience or involvement in cloud infrastructure security designs, MS Azure preferred.
• Broad knowledge of Information Security, IT and industry best practices
• An understanding of security architecture or exposure in that area.
• Firm understanding of best practice infrastructure and network architectures. An awareness of data residency issues and effects on secure solutions (e.g. GDPR).
• Bachelor's Degree in Information Technology, or similar, with emphasis on Cyber Security, CISSP or other relevant certification preferred.
• Mobile technology including smartphone and tablet selection, mobile device management suite and standardisation of iOS and Android devices.
• Ability to work well under minimal supervision

Additional Information

There may be a requirement to be called out for technical/security escalations, as required.

International travel may be required.

Kindly note, this job description is not contractual. It will be reviewed periodically and may be amended or altered to meet the needs of the firm.

Due to the volume of applications, only those candidates shortlisted for interview will be contacted.

HFW endeavours to recruit and fill vacancies directly. However, when we do need to engage with agencies, HFW operates a preferred supplier list. No applications will be accepted from agencies not instructed on this role.

HFW aims to ensure equality of opportunity and we are actively working towards improving the diversity of our staff. All applications will be considered only on merit and the applicant's suitability to meet the requirements of the role.

HFW collects and processes personal data relating to job applicants to manage its recruitment process. The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. For information on how the firm will process your data, please see our Privacy Notice on our website, in the section "What we collect and how we use it".