Security Engineer

We're on the lookout for a Security Engineer to join Nucleus' Information Security team, to help ensure that we are secure by design.

About the role

The Security Engineer supports the delivery of Nucleus’s technology and business change agendas by designing and implementing appropriate controls that manage the associated security risks. This will include designing and implementing technical controls, helping to embed these controls into our operations, and validating the controls are working effectively. The Security Engineer must be able to manage relationships with teams across Nucleus to collaborate on improvements; and any outsource partners involved in delivery.

The Information Security team aims to make sure that Nucleus is a trusted partner to the firms and people we work with. Being able to demonstrate that our systems are secure, through a structured control environment, is a core component of building that trust. This role is critical to delivering that outcome: being a go-to contact for implementing security controls; being ‘hands on’ with their implementation; and validating that controls are working as intended through technical assessments to identify opportunities for continuous improvement, operating within our existing frameworks and standards.

You’ll work with SMEs across Nucleus, you’ll ensure that new processes and controls are handed over to the Security Operations team, and that the Information Security Analysis team have suitable evidence to demonstrate that our risks are effectively managed.

Responsibilities

• Apply security best practice in our change and development programmes, to ensure delivery is within our risk appetites.
• Design and implementation of security controls, following industry best practices and Nucleus standards, to manage the risks Nucleus is exposed to.
• Engage and influence cross-functional stakeholders to produce remediation plans for identified vulnerabilities in line with Nucleus’ risk appetites.
• Maintain systems and integrations that enable these controls.
• Coordinate on security controls within other members of the Nucleus Group, to ensure Nucleus has an end to end understanding of our exposures and capabilities.
• Support Audit and Due Diligence activities to help demonstrate Nucleus’s capabilities.
• Work with Security Operations and Analysis to adopt and maintain standards that ensure Nucleus continues to manage our security risks effectively.
• Take responsibility in everything you do to deliver good outcomes for our customers.
• Positively demonstrate the Nucleus Smart, Heart and Courage values and behaviours.
• Ensure compliance with Code of Conduct at all times.

Our key Security tools currently include: Tenable, Rapid7 InsightIDR, Microsoft 365 with Security and Compliance features, supporting Microsoft, Azure and AWS ecosystems.

About you

Your friends might describe you as ‘the methodical one’. You love to look at how everything fits together to see the bigger picture, identifying where things can go wrong, and putting pragmatic solutions in place to catch them before they happen. You’ll enjoy working within a fast-paced environment that gives you the opportunity to multi-task within set deadlines. Professional with a positive outlook, you’ll take great pride in your ability to act on your own initiative and remain flexible in changing circumstances and priorities. You’ll also enjoy working as part of a diverse and supportive team, collaborating with your colleagues to share ideas and knowledge and suggest improvements.

At Nucleus, we’ve always placed high value in cultural contribution and growing our diversity of thought, over technical capability. But it would be great if you had some of the following:

• Good knowledge of best practice in security capabilities, frameworks and concepts.
• Able to identify effective implementation and test plans, and deliver those through either in-house capabilities or by working with external providers, and demonstrate how they help manage Nucleus’ risks.
• An excellent communicator, able to discuss security effectively with areas of the business.
• A good level of Information Security experience, preferably within financial services.
• Strong knowledge of IT, Infrastructure and Networking concepts.
• Significant experience maintaining the systems and integrations that enable security controls.
• Experience working with cloud platforms such as Microsoft Azure and AWS, including operating and maintaining security controls and responding to findings from cloud security posture or workload protection tooling.
• Able to understand other people’s views and provide appropriate challenges to ensure our Information Security risks are effectively managed.
• Ownership of tasks, attention to detail and following through to conclusion.
• Ability to prioritise and remain agile with competing work demands.
• Excellent attention to detail.

A little about us

We are the Nucleus Group Services Limited and we help make retirement more rewarding. Here at Nucleus, people come first - whether it’s our colleagues, or the advisers and customers we support, we know that working in partnership and collaboration leads to the best outcomes. Together, we’ve shaped the platform to how it is today. We work hard, and we celebrate hard too.

Our ambition is to create a platform with a difference, putting the customer centre stage meant tearing up the rule book and starting from scratch. We’ve come a long way since then, but our mission remains just as focused. That’s why our culture, values, and social responsibility are things we keep at the top of our agenda – because we know they matter and have a big impact.

Our culture is one of the many things that sets us apart from the pack. We want to have an environment where our people feel that they can make a real difference, know they’ll be rewarded for their efforts and more importantly, enjoy themselves at work.

Are we a perfect match? Check out this video and find out!

Inclusion and diversity at Nucleus

As with most things in life, who cares, wins. We really care about inclusion. For us it’s not a tick box exercise; inclusion and diversity are embedded in our culture and everything we do. It’s a commercial imperative. It isn’t about being PC. It’s about being future-relevant and durable. We owe it to ourselves and the industry to ensure we are playing our part in creating a fair, balanced and transparent financial services sector.

More diversity means broader experience, a wider set of perspectives and a better collective ability to problem-solve. And it means being more representative of customer groups, which supports areas such as product development.

At Nucleus, we offer a generous blend of benefits for the things that really matter to our people, including a non-contributory pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options.

If you’d like to find out more about us or the role, please get in touch with our recruitment team.