Cyber Security Engineer

Dye & Durham Limited is a leading provider of cloud–based software and technology solutions designed to improve efficiency and increase productivity for legal and business professionals. Dye & Durham provides critical information services and workflows, which clients use to manage their process, information, and regulatory requirements. The Company has operations in Canada, the United Kingdom, Ireland, and Australia, and has a strong blue-chip customer base that includes law firms, financial service institutions, and government organizations. Are you looking for an exciting new challenge? Want a career where you can make a real impact? At Dye & Durham, we are always on the lookout for talented and driven individuals to join our diverse team; helping us to deliver our innovative solutions across the globe and allowing our clients to access the critical information they need, when they need it. Make a difference with Dye & Durham. Job Purpose: The Cyber Security Engineer will work closely with key stakeholders to ensure that cyber security projects meet objectives across D&D. The Cyber Security Engineer will promote awareness of current risks and advise of security best practice within the wider security and delivery teams, including using their skills to detect insecure features and malicious activities within D&D networks and infrastructure. The Cyber Security Engineerwill be: working as part of the InfoSec Team responsible for defining & delivering cyber security & modern IT strategy. responsible for supporting the secure design & configuration of all computing environments to protect against cyber threats & leading detection & Response to vulnerabilities, threats & incidents. Each cyber security engineer will cross skill and specialize in specific cyber security domains. Specific Responsibilities: Design, configure & manage security monitoring & alerting systems to detect & respond to unauthorized access & potential threats e.g. SIEM, EDR, SOAR Implement continuous improvement to preventive & detective capabilities or data sources to improve cyber defense technology stack. Implement, configure & manage vulnerability monitoring & patch managementas well as organize penetration testing and ensure any finding are assigned to relevant team for remediation. Perform regular security assessments & audits to support & recommend solutions & design improvements to harden security baseline configuration. Monitor alerts and respond to security incidents, leading investigations through containment & recovery, forensic analysis & report writing. Maintain knowledge of current security trends & monitor public security advisories & alerts for information related to threats & vulnerabilities. Contribute to ongoing support of adherence and / or certifications to information security regulations & standards e.g. ISO 27001, SOC2, NIST CSF, UK GDPR and CIS. Partnering with all business functions to ensure agile security designs & controls are implemented & managed as part of cyber security strategy. Determine security violations and inefficiencies by conducting periodic audits and review of controls. Provide support, guidance, and responses to annual external audits. Support the maintenance of all security tools and technology; whilst assisting with optimizing and automating any manual processes. Proactively support and guide the DevOps teams to ensure security is embedded in CI/CD pipeline with consideration of frameworks such as OWASP Top 10. Document and drive adoption of cyber security operations and playbooks for detection and response. Provide information security awareness training to and support to all Dye and Durham employees. Perform strategic, tactical, and operational research on latest cyber threats and trends. Knowledge, Skills & Experience : Proven Security Design Experience with Specific Expertise within Cloud Security (e.g. Azure, AWS or GCP) and/or Office 365. Strong Understanding of Leading Cloud Secure Networking, Infrastructure, Email & Endpoint Security Solutions Strong Understanding of Security Operations Methodologies e.g. EDR, SOAR & Managing Incidents Throughout Lifecycle Proven experience of managing security incidents throughout its lifecycle & associated forensics & technical analysis Experience of Managing & Reporting Vulnerabilities Understanding of Software Coding & Agile Development Methodologies e.g. DevSecOps and GitHub. Wide Experience of Cyber Defense Technology & Industry Awareness Proficiency in Process Automation & Report Generation to Supervise & Evidence Service Operation Performance. Able to communicate clearly and concisely to the wider security and business teams. Familiar with current attacks, malware, reverse engineering, and other techniques. Demonstrated ability of analytical expertise, close attention to details, critical thinking, logic, and solution oriented. Thorough understanding of security frameworks such as NIST CSF, NIST SP 800-53, ISO 27001, SOC2 and data privacy regulation. Relevant IT & Security Certifications (e.g. CISSP). #J-18808-Ljbffr