Hello. We’re WorldFirst and we’re a bit different from the rest…
WorldFirst is a market-leading, award-winning, bank-beating, rapidly growing, fun-loving international payments company.
We win lots of awards – a few recent ones include #7 on the The Sunday Times HSBC International Track 200, The Queen's Award 2016, Ruban D’honneur for the European Business Awards for Customer Focus and the UK Customer Experience Awards.
Our growth has also placed us on the FinTech 50 and the Investec Hot 100.
Basically, we are a company that is going places!
Data is at the heart of WorldFirst. Maintaining the Confidentiality, Integrity and Availability of that data is paramount to ensure WorldFirst’s continued success as well as ensuring customers can trust us to keep their data and money safe. As we grow in size, we realise we need to adapt, and as a result the Security team is growing too.
In this role, reporting to the IT Security Manager, you will be responsible for monitoring and supporting the implementation of security solutions/enforcing security best practice for the all the elements of the technology infrastructure in partnership with DevOps & System/Networking Engineering teams:
- Cloud and on-prem infrastructure (server, network, firewalls, ips, siem, email, DLP)
Endpoints (desktop/laptop, mobile, BYOD)
- Identity & Access Management (SSO, 2FA, Privileged Access, Remote Access)
- Collaborate with other members of the technical community to ensure successful implementation of security solutions.
- Monitor security events, escalate and investigate issues while documenting all the activities.
- Support of security technologies such as AV, Next-gen endpoint prevention technologies (sandboxing, white/black listing…), Data Loss Prevention, File Integrity Monitoring, Web Filtering, NAC.
- Ensure security tools are optimized, fine-tuned and integrated into operational procedures.
- Proactively assesses potential risks and opportunities of vulnerability in the network.
- Collaborating on carrying out triage of security events and elevate their priority to incident when required following research and identification of key indicators of malicious activities on the network.
- Participation in the IT Security Incident Escalation process which could include engaging with external third parties.
- Monitor changing threat landscape to identify and address areas of concern.
- At least 3 years of experience in a Security Engineer or equivalent role.
- Good understanding of Security best practices.
- Knowledge of security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies.
- Knowledge of Windows, UNIX and Linux operating systems.
- Knowledge of Security Incident Handling processes and procedures.
- Hands on experience on a range of technologies, including but not limited to Vulnerability Management, IDM/IAM (SSO/2FA), IPS, DLP, Encryption (IPSec/TLS/SSL), IDM/IAM, Email Security, AV, FIM, NG-Firewall/WAF, NAC, PKI, SIEM.
- Working towards a certification in GCIH/CEH/CISSP/SSCP or similar.
- Knowledge of Certifications/Frameworks such as PCI-DSS, NIST CSF, ISO 27001/27002.
- Exposure to PCI-DSS environments – on the cloud and/or on-prem.
- Knowledge of configuration management tools such as Ansible/Puppet.
- Knowledge of PHP/SQL/Python.
In return we’ll give you:
- A competitive salary, commensurate with experience
- An excellent benefits package including annual discretionary bonus, company pension scheme and health cover
- World Perks: season ticket loan, free breakfast, childcare vouchers, Friday drinks fridge, business casual dress code, corporate discounts, tri-annual company parties – and more!