Engineer II (Security Engineer) in London

Condé Nast is a global media company producing the highest quality content with a footprint of more than 1 billion consumers in 32 territories through print, digital, video and social platforms. The company's portfolio includes many of the world's most respected and influential media properties including Vogue, Vanity Fair, Glamour, Self, GQ, The New Yorker, Condé Nast Traveler/Traveller, Allure, AD, Bon Appétit and Wired, among others.

Location: London, GB

The Role:

Condé Nast is looking for a Security Engineer to join our global Cyber Security team. The role sits within the Security Engineering team, reporting to the Senior Security Architecture Manager. The Cyber Security Team underpins Conde Nast's security posture, delivering information security and cyber risk management, security operations and the global SOC, security architecture, application security, and security engineering.

This role supports the team with the day to day administration, maintenance and tuning of our security tools as part of regular BAU activities. The successful candidate must have worked with a diverse range of security tools in the past within medium to large organisations. The Security Engineering team is tasked with the deployment and lifecycle management of security technologies across our global infrastructure. A primary focus of this role is ensuring the health, performance, and optimization of our defensive stack.

The ideal candidate brings a proven track record in managing SIEM, XDR/EDR, and Vulnerability Management ecosystems as well as other detection and response tooling, required by Security Operations. Beyond routine maintenance and tuning, you will lead control-validation exercises and testing protocols to verify alert efficacy and ensure our defensive solutions are performing against real-world threat indicators.

What will you be doing?

• Develop, enhance, and maintain Conde Nast's security tooling in close collaboration with the Security Architecture team.
• Administer, maintain and continuously improve core security platforms, including SIEM (InsightIDR/Splunk), Endpoint Detection and Response, and Vulnerability Management solutions.
• Develop and refine SOC use cases to deliver high-quality, actionable alerts and improve threat detection and response.
• Define, create and tune detection rules, automating response actions within tooling.
• Troubleshoot technical issues when they arise, working with vendor support teams.
• Implement new technical security controls and tooling across regions to address identified security gaps, working closely with technology stakeholders.
• Support the design and implementation of new security solutions, contributing to low-level design and ensuring alignment with approved security solution architectures.
• Work with regional teams to ensure compliance with centrally defined security policies, partnering with architecture to remediate gaps where required.
• Carry out security testing of tooling to ensure our tools are providing effective detection and response capabilities.
• Support the SOC team, when requested, with incident response investigations.
• Support the engineering team with the management of PAM tooling when required.

Who you are:

• 5+ years' experience in cyber security, ideally working within a senior role.
• Strong background in security engineering and enterprise security tooling.
• Expertise in at least three areas: Security Engineering, Network Security, Identity Access Management, Privileged Access Management, Security Testing.
• Experience with SIEM and log management platforms (e.g. InsightIDR, Splunk).
• Experience administering Vulnerability Management platforms (e.g. Rapid7).
• Experience with Detection & Response technologies (NDR, EDR, XDR).
• Strong knowledge of Windows, Linux, networking, Active Directory, and AWS.
• Understanding of NIST and PCI-DSS frameworks.
• Experience implementing, configuring, and tuning security tools.
• Proficiency with Python / PowerShell for task automation and Terraform for codifying and auditing cloud security controls.
• Excellent written and verbal communication skills.

Desirable:

• Experience with CyberArk Privilege Cloud and enterprise IAM platforms (Okta, Ping).
• Experience with Secure Cloud Analytics / Cloud NDR.
• Security certifications (CISSP, Security+, AWS Security, AWS Solutions Architect).
• Networking certifications (CCNA, CCNP, Network+).

What benefits do we offer?

• 25 days holiday (plus bank holidays) and extra days of annual leave if you move house or want to volunteer.
• Access to a competitive pension scheme, Bupa Private Healthcare, Season ticket loans and eye tests.
• A range of tools to support your wellbeing, including core hours, 10 remote days (from home or a country with a Condé Nast office location), access to our Employee Assistance Programme, corporate gym membership and cycle to work scheme.
• A dog friendly office, plus discounts and magazine subscriptions.
• Encouragement of personal and professional growth through the Condé Nast Learning Hub.
• Employee Groups provide a platform for employees to identify shared objectives, exchange ideas, and work on community priorities.

If you are interested in this opportunity, please apply below, and we will review your application as soon as possible. You can update your resume or upload a cover letter at any time by accessing your candidate profile. Condé Nast is an equal opportunity employer.