Hybrid Infrastructure Security Engineer — Cloud & DevSecOps

Infrastructure Security Engineer

Location - London or Winchester with hybrid working as per departmental requirements (currently a MINIMUM of 40% (2 days per week).

LCP is an award-winning actuarial and analytics consultancy providing market-leading capabilities and advice across pensions and financial services, energy, and health. We use powerful analytics fused with human expertise to shape a more positive future.

We have a great opportunity to join our Infrastructure team as a Security Engineer. This role is perfectly poised at the intersection of traditional Infrastructure Security operations and the future's promise of AI and automation. As a Security Engineer you will be 75% Hands-On and 25% Policy/Process management. As LCP embarks on this transformative journey, the Infrastructure Security Engineer will be pivotal in ensuring a blend of technological innovation with a deeply human touch.

Beyond just problem-solving, this role offers the chosen candidates an opportunity for personal and professional growth. We're not just seeking individuals to join us; we're seeking visionaries who will evolve with us, taking ownership of their development and skills as the landscape of service support undergoes this exciting metamorphosis. The aim remains consistent: to uphold LCP's unwavering commitment to exceptional user experience across all locations.

What will you be doing?

Under the guidance of the Head of Infrastructure or Security Lead you will:

• Secure LCP's infrastructure, spanning multiple physical office (UK and Europe) and numerous Cloud subscriptions, through a balanced-risk approach
• Design and implement technical information security controls and countermeasures, ensuring alignment with the risks they are intended to mitigate
• Work with an outsourced Security Operations Centre (SOC), maintaining threat detection and response processes in conjunction with the Info Sec team to ensure its continued effectiveness
• Effectively operate established technical information security controls and countermeasures, ensuring adherence to policy and compliance requirements
• Deliver standardised security measures for cloud resource templates and configuration baselines, that enable approve teams to efficiently self-serve pre-configured resources
• Automate manual or repetitive tasks, improving the end-to-end efficiency of technical security measures
• Respond to new and emerging security threats and vulnerabilities, effectively engaging in cross-functional collaboration as needed
• Conduct security incident investigations, collaborating with technical and non-technical stakeholders as appropriate, with the aim of identifying root cause, threat vector utilised, scope of compromise and related remedial and preventative actions
• Implement and administer technical security tooling (Such as Defender for Cloud, Defender for End-Point, Nessus, etc), training others as required
• Optimise the cost of cloud-based security measures, ensuring they remain fit-for-purpose and right-sized as part of overall infrastructure efficiency
• Constantly maintain and develop awareness of
  • Emerging threats and vulnerabilities and the techniques used to mitigate them
  • Emerging information security practices, standards and trends within a modern, increasingly cloud-based and Agile/Dev Ops oriented environment
• Coordinate with internal and external stakeholders
• Partner with Info Sec to deliver on key information security risk related initiatives, ensuring compliance to patching and vulnerability policies
• Partner with Product and Platform team members in respect of secure coding practices and security measures within the infrastructure resources they utilise
• Establish and cultivate relationships, being a trusted advisor and technical point of contact within the firms engineering community

• First-hand experience and knowledge of modern information security methodologies, techniques, and tooling, spanning both physical and cloud infrastructure
• Knowledge of key security standards/frameworks including ISO 27001, NIST, and CIS
• Experience of securing infrastructure within a Dev Ops organisation - including secure coding standards, automation and enterprise monitoring and reporting tools specifically within Microsoft Azure
• Demonstrable experience of security controls and countermeasures within IP based networks, WAN technologies, virtual server technologies and Microsoft Cloud on Windows and Linux
• Demonstrable experience working with DLP and EDR technologies such as Microsoft Defender
• Demonstrable first-hand experience with modern Security Information and Event Management (SIEM) solutions and related workflow automation (SOAR)
• Ability to proactively own and coordinate resolving security issues, to ensure solutions continue to meet business needs
• Ability to break a problem down into its component parts to identify and diagnose root causes, troubleshooting and identify problems across different technology capabilities
• Strong planning and organisational…