IT Security Engineer

Reports to Managing CISO

Permanent Contract – 9.5 days per fortnight

Salary - circa £55K - £65K FTE per annum dependant on experience.

Remote working (occasional on-site visits may be required)

Background

HEFESTIS is a not-for-profit shared service organisation, constituted as a private company and jointly owned by member institutions across the University and College sector. It provides information and change related shared services to institutions and where applicable to sector owned bodies and support services. Our core vision is "to be the shared service partner of choice for sustainably delivering information services to the Higher and Further Education sector and the wider Public Sector". 

HEFESTIS is going through a period of growth across all areas, as the relevance and importance of its services grows. The HEFESTIS CISO Service, where this post sits, has a positive and established reputation in helping institutions better understand, improve, and evidence their cyber security posture and resilience. We also represent our member and sector requirements as part of various national bodies, including being a core partner of the Scottish Governments Cyber Co-ordination Centre (SC3), having a seat on the NCSC University Trust Group as well as attending relevant national University and College groups. 

It is an exciting and impactful time to join HEFESTIS. As well as continuing to develop of Higher and Further Education services, we are currently delivering service to seven Public Sector organisations, where there is a potential to develop a tailored service that is relevant across the UK. In addition, HEFESTIS is exploring relationships with technology and service suppliers to offer validated, cost-effective services across a wide range of security relevant areas, 

In addition to playing a key role in the delivery of operational services, the successful post holder would have the opportunity to influence direction and work across all these developments.

The role

We currently have a requirement for one IT Security Engineer (ISE) to deliver service for our member organisations in the UK. You will be expected to work remotely with occasional on-site visits if required and as agreed with clients. 

This role will provide the opportunity to guide institutions and undertake agreed operational activity so that information and cyber security is well-managed, supporting compliance and best practice to protect institution from cyber threats. This role offers independence and responsibility, with the benefits of being part of a knowledgeable, experienced, collaborative, and well-respected team. 

The role will also include the following aspects: 

• Participation in operational meetings and advising on the impact of relevant matters on institutions.
• Tailor service delivery by considering each institution’s environment/circumstances.
• Contextualise operational guidance in different functional areas within institutions, ensuring advice is consistent with that provided to other shared service members.  
• Support and develop cyber protection tools and templates and share them across CISO service and/or use tools and templates developed by other CISOs in the Team to maximise efficiency across the service.
• Undertake cyber security incident/breach investigations and report matters to senior management. 

The Person

The post holder must be able to work as part of the CISO service, engaging with and supporting the CISO team to develop the service. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels across member institutions as well as other stakeholders. 

As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas: 

• A relevant qualification at degree level in IT or cyber security and / or relevant strong background and experience in utilising relevant cyber protection / audit skills. 
• Technical Expertise: Demonstrable hands-on experience in implementing and managing security controls across IT systems, networks, and applications, with a focus on risk mitigation.
• Certifications: Relevant certifications such as CompTIA Security+, CISSP, CISM, or CEH, with a willingness to pursue additional certifications to grow into management.
• Knowledge of Education and Public Sectors and their specific challenges to help ensure delivery of pragmatic, proportionate and workable guidance, and support.
• Remediation Experience: Hands-on involvement in resolving IT security issues, knowledge of proactive security requirements such as vulnerability and patch management. Active Directory and O/S hardening, planning implementation or configuring SIEM, PAM, IAM and CTEM controls.
• Knowledge of cyber posture standards and frameworks such a s NIST CSF, ISO27001 and their applicability to member needs and requirements. 

Personal

• Communication Skills: Strong ability to explain complex technical issues to non-technical stakeholders, bridging the gap between technical teams and business leaders.
• Collaborative Mindset: Team player who thrives in a small, agile environment and enjoys collaborating with colleagues and HE/FE and Public Sector-focused projects.
• Ambition for Growth: Clear motivation to advance from a technical engineering role into a leadership position, contributing to the development of a security practice.
• Analytical background with attention to detail.
• Solid problem solving skills
• Possess balanced judgement to allow for appropriate prioritising and execution of competing member demands.
• Cultural Fit: Enthusiasm for working in a small but growing organisation with a focus on Public Sector and HE/FE clients, contributing to an environment where everyone’s input shapes the future of the practice and the community. 
• Openness, transparency, and the ability to engender trust.
• Self-assured and capable.
• Skills in negotiating and influencing, with the ability to identify common ground and solutions.
• Demonstrable commitment to Equality and Diversity in all aspects of the company’s operation.

Terms

• Competitive Salary: £55K - £65K per annum.
• Full-time hours are 35.625 hours per week – 9.5-day fortnight working pattern as standard.
• Annual leave: 26 days annual leave plus 14 fixed/floating days per annum
• Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts  .
• Must be UK based.

How to Apply

Applications should be made by forwarding your CV and covering letter outlining why you would like to work for HEFESTIS via the 'Apply' button above. Closing date for applications is 5pm on Wednesday 5^th  February. Interviews will be held virtually via Microsoft Teams.