General information

Job Title
Cyber Security Engineer
Ref #
20361
Date
Friday, July 15, 2022
Country
United Kingdom
Location
Woking
Business area
IT
Department
IT
Position level
H - Qualified
Working time
Full Time
Contract type
Permanent
Working pattern
9am - 6pm Monday to Friday

Description & Requirements

Background

No restraints. No limitations. We don’t simply push boundaries. We completely rethink them. McLaren Automotive exists to create breath-taking performance road cars.

With innovation at the core of all we do, every challenge starts with the same question. How can we do it better? This restless spirit runs right through McLaren Automotive. And the search for perfection is evident in everything we do.

Purpose of Role

Maintain, manage and exploit McLaren’s existing technical security capabilities (e.g. anti-malware solutions) to mitigate Cyber Security risks to McLaren’s systems and information.

Identify potential security control gaps and to assist in the selection and acquisition of new capabilities to close such gaps.

Deploy and configure new security capabilities as required.

Minimise McLaren’s exposure to technical security vulnerabilities by coordinating security patching, conducting vulnerability scans and scoping penetration tests across the ICT estate.

Provide relevant and timely security management information to assist the IT Leadership Team and key business stakeholders in understanding McLaren’s security risk exposure.

Ensure that McLaren is prepared to respond to security incidents; and to respond to any security incidents that occur.

Principal Accountabilities
  • Configures, manages and monitors McLaren’s endpoint/host-based security capabilities.
  • Assists in the triage and investigation of potential security incidents; including incidents detected internally or reported by outsourced network security monitoring services.
  • Assists in the development, testing and implementation of appropriate Cyber Security incident response plans.
  • Maximises the value obtained from outsourced security monitoring services; e.g. by developing event logging standards and by codifying the conditions, processes and timeframes for suspected incidents to be reported to McLaren by such services.
  • Identifies relevant security metrics to quantify McLaren’s technical security risk exposure.
  • Reports on the apparent effectiveness of McLaren’s existing technical security controls; and makes recommendations for their improvement.
  • Identifies, quantifies and communicates emergent security risks, trends and themes.
  • Assists the Cyber Security Manager in identifying appropriate security risk mitigation plans; and in refining and delivering McLaren’s Cyber Security strategy.
  • Assists in the development, review and improvement of McLaren’s security policies.
  • Develops and implements appropriate technical standards for the secure configuration of the key technologies used within McLaren; e.g. defining build/product hardening standards.
  • Ensure that operational procedures adopted within the Core Platforms team are appropriately secure; e.g. in relation to firewall rule management.
Knowledge, Skills and Experience

Reports on security patching activity across McLaren’s Windows and Linux estates.

Manages, and presents the results of, vulnerability scanning activities.

  • Assists in the scoping and commissioning of penetration tests by third parties.
  • Coordinates the resolution of penetration test and vulnerability scan findings.
  • Defines and delivers security reviews and compliance checks to ensure that systems and processes comply with relevant security policies, standards and good practice.
  • Maintains awareness of emerging security threats and solutions across broader industry, in order to bring external good practice into McLaren.
Personal Attributes
  • Essential;
  • Experience in configuring, managing and reporting upon the effectiveness of endpoint security products; e.g. host-based anti-malware, application whitelisting, removable device control, disk encryption.
  • Experience with applying security good practice to current technologies; particularly Cloud-based platforms and applications.
  • Experience in identifying security control gaps and solutions to close such gaps.
  • Experience in standardisation (e.g. of device builds and configuration) and centralised device management at scale across a medium-sized enterprise.
  • Experience in security patching good practice to Windows (essential), Linux (desirable) and Solaris (desirable) environments.
  • Experience in producing security management information for a variety of audiences.
  • Understanding of the operation and management of core Microsoft technologies, such as DNS, DHCP, Active Directory, Group Policy and Azure Security Centre.
  • Understands security from the people, process and technology perspectives.
  • Understanding of ITIL and typical IT operations across first, second and third line.
  • Desirable;
  • Experience in triaging and investigating security incidents.
  • Experience in selecting, acquiring and deploying security products.
  • Experience in managing third parties which supply security products or services.
  • Knowledge of the Cyber Security threat landscape; including emergent issues and trends.
  • Knowledge of multiple security products and their relative merits and limitations.
  • Knowledge of security event management standards, protocols and techniques.
  • One or more relevant security certifications, such as CISSP/SSCP, CISA/CISM, CISMP, Security+ and/or vendor-specific security certifications.