Information Security Engineer

Information Security Engineer – Nationwide Software Company – Worthing, West Sussex Stratospherec is recruiting for an Information Security Engineer to be based in the West Sussex office of our client who is a leading software company. In this role you will use your Information Security Engineer/Analyst expertise both supporting and enhancing this nationwide company’s cybersecurity posture through the securing of enterprise applications, data and infrastructure and by identifying, assessing, and mitigating security risks. This is a hands‑on, predominantly office‑based role requiring experience in application and data security, vulnerability assessments, security administration, threat monitoring and response. KEY ACTIVITIES Perform security reviews of application architecture, source code, and third‑party integrations. Collaborate with development teams to implement secure coding practices and conduct secure SDLC assessments. Use tooling to identify application vulnerabilities and support remediation efforts. Manage and configure security tools and systems (e.g., firewalls, SIEM, IDS/IPS, endpoint protection, etc.). Monitor security policies, standards, and best practices. Review and monitor user access and identity management controls across systems. Conduct internal and external penetration tests to evaluate system security. Perform regular vulnerability scans using tools like Nessus, Qualys, or OpenVAS. Analyze scan results, prioritize risks, and coordinate with stakeholders for remediation. Monitor networks, systems, and applications for potential threats and unusual activity. Respond to security incidents, investigate breaches, and lead root cause analyses. Maintain incident response procedures and participate in tabletop exercises. Recommend technical and procedural improvements to strengthen security defences. Stay current with emerging security threats, vulnerabilities, and compliance requirements. Conduct security awareness training and collaborate across departments to promote a security‑first culture. Liaise with stakeholders to understand requirements, provide updates, and ensure project alignment with business objectives. Implement monitoring and alerting systems to ensure the health and performance of all systems. Ensure all systems and processes comply with security best practices and industry standards. Troubleshoot and resolve issues related to security breaches. Provide monthly information security reporting. Maintain comprehensive documentation of systems, processes, and procedures. KEY SKILLS Demonstrable experience of Information and Cyber Security practices like NIST, Cyber Essentials +, ISO27001. Familiarity with regulatory compliance and auditing standards. Ability to identify, assess and mitigate security risks. Knowledge of penetration testing and vulnerability scanning tools like Nessus and Qualys. Proficiency in applying security tooling including firewalls, VPN’s, Network Traffic Analysis. Knowledge of network protocols TCP/IP, HTTP, DNS, SSH. Familiarity with network segmentation. Experience with endpoint protection software EDR, Anti‑Virus, DLP and securing mobile, tablet, laptop, desktop devices. Familiar with Zero Trust security models. Proficient in using SIEM tools. Experience with log analysis and incident detection. Familiarity with securing cloud‑native applications, containers and microservices. Incident detection, containment and mitigation through post‑incident investigations and root cause analysis. Data encryption and Data Loss Prevention. Identity Access Management deployment Azure AD, MFA, SSO, RBAC. Security auditing and monitoring. Experience in deploying security solutions across business projects. Excellent analytical and problem‑solving abilities. Strong communication skills and stakeholder management skills. EDUCATION & EXPERIENCE Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience). 3–5+ years of experience in cybersecurity or information security engineering/analysis. Strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks. Experience with security tools. Familiarity with scripting languages (Python, Bash, PowerShell) is a plus. If you have 3–5+ years of experience in cybersecurity or information security engineering/analysis with relevant certifications, along with strong knowledge of MITRE ATT&CK, NIST, ISO 27001, and other frameworks alongside experience with security tools, and you are looking to join a team at a friendly, supportive company that prides itself on encouraging further professional development then please get in touch as soon as possible to arrange a conversation regarding this exciting new Information Security/Analyst role? Seniority level: Mid‑Senior level Employment type: Full‑time Job function: Information Technology Industries: IT System Operations and Maintenance and IT System Custom Software Development Referrals increase your chances of interviewing at Stratospherec Limited by 2x #J-18808-Ljbffr