Security Engineer in Manchester

Location: Hybrid (Mix of home and office work - e.g., 2-3 days in office)

Reporting To: Chief Information Security Officer (CISO)

Employment Type: Full-time, Permanent

Interfaces with: PCA employees at all levels, Clients, Suppliers & Stakeholders

Overview

We are seeking a highly skilled and proactive Security Engineer to join our Information Security team. This role is fundamental to maintaining the security posture of our critical financial platforms and infrastructure. The successful candidate will be a hands-on technical expert responsible for securing our assets across the full spectrum of Application, Systems, and Network domains. Given the nature of our work, a strong adherence to UK financial regulations (FCA) and data protection laws (GDPR) is paramount. This position offers a hybrid working model, providing flexibility while ensuring effective collaboration with the CISO and broader teams.

Key Responsibilities

• Application Security Engineering (AppSec)

• Secure Development Lifecycle (SDLC): Integrate security tools and processes into the CI/CD pipelines (DevSecOps), ensuring security is "shifted left."
• Vulnerability Management: Manage and execute Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) on proprietary applications.
• Remediation & Guidance: Act as the primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10).
• Threat Modeling: Conduct formal threat modeling exercises for new features and application architectures to proactively identify and mitigate design flaws.

• Secure Baselines: Define, implement, and audit secure configuration standards for all corporate systems, including servers (Windows/Linux), cloud resources (AWS, Azure), and critical databases, ensuring compliance with CIS Benchmarks or equivalent standards.
• Endpoint Security: Deploy, manage, and optimize Endpoint Detection and Response (EDR) solutions and host-based firewalls to enhance visibility and defensive capabilities.
• Identity & Access Management (IAM): Engineer and govern the secure configuration of IAM services, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Privileged Access Management (PAM) tools.
• Patch & Vulnerability Management: Oversee the technical operation of the enterprise vulnerability scanning program, working with IT Operations to prioritize and track remediation of system and software vulnerabilities.

• Firewall Management: Design, implement, and maintain complex rule sets and policies on Next-Generation Firewall (NGFW) platforms, managing network segmentation, site-to-site VPNs, and secure remote access.
• Intrusion Detection/Prevention (NIPS): Configure and tune Network Intrusion Prevention Systems (NIPS) and Intrusion Detection Systems (IDS) to actively block and alert on malicious network traffic and policy breaches.
• Security Tool Implementation: Lead the research, deployment, and operationalisation of new network and cloud security tooling, ensuring full integration with our Security Information and Event Management (SIEM) system.
• Architecture Review: Conduct security reviews of network diagrams and proposed infrastructure changes to ensure secure deployment prior to production release.

Required Skills and Experience

• Professional Experience: Proven experience (typically 4+ years) in a security engineering role, with demonstrable expertise across Application, Systems, and Network security domains and associated technology controls.
• Industry Knowledge: Previous experience working within the UK financial services, banking, or highly regulated industry.
• Compliance: Excellent working knowledge of UK and EU regulatory requirements, and Exposure to ‘Cyber Essentials plus’.
• Technical Stack: Expertise in managing and troubleshooting enterprise-grade firewalls (e.g., Palo Alto, Fortinet, Cisco ASA). Strong familiarity with cloud security frameworks and tools (e.g., AWS Security Hub, Azure Security Center). Hands-on experience with scripting for automation (Python, PowerShell, Bash).
• Reporting: Ability to communicate complex technical security risks and compliance gaps effectively to the CISO.

Desirable Qualifications

• Relevant industry certifications (e.g., CISSP, CISM, SSCP).
• Cloud-specific security certification (e.g., AWS Certified Security – Specialty, Microsoft Azure Security Engineer Associate).
• Certifications related to specific technologies, such as PCNSE, CCNP Security, or GIAC.
• Experience with Infrastructure as Code (IaC) security scanning tools (e.g., Checkov, Terrascan).

Work Arrangement and Benefits

This role operates under a flexible hybrid model, requiring attendance at our Manchester or Liverpool, UK office for essential collaboration meetings (e.g., 2-3 days per week) with the remainder of the time working remotely.