The Infrastructure Security Engineer is a member of the Paddy Power Betfair security team, reporting to the Infrastructure Security Manager.
This role is responsible for providing practical expert security advice as early as possible in the lifecycle of a project or initiative. A key requirement for the role is to be able to build trust with teams and operate as an enabler for the business while at the same time driving security best practices.
This role is also responsible for defining security operational procedures and infrastructure security standards that span all Paddy Power Betfair technology domains. The role needs to lead by example in the definition, creation, implementation and driving the implementation of security controls in order to continually improve Paddy Power Betfair’s security posture.
The successful candidate should expect occasional travel to Dublin or London and our near shore location in Cluj.
- Provide practical, expert infrastructure security consultancy and engineering services.
- Work with teams to provide solutions, not problems. Use a risk-based, consultative approach to help accountable individuals identify and assess security risks and recommend whether or not the risks are acceptable.
- Develop and maintain knowledge of the security aspects of applicable new services and technologies, e.g. AWS, virtualisation and automation, to support the implementation of secure services for Betfair.
- Own and deliver pieces of work to design new security services, or enhancements to existing services.
- Plan, lead, and contribute to the implementation of security solutions, based on agreed designs.
- Create and drive adoption of infrastructure security standards and policies.
- Work proactively with other teams (e.g. Architecture, IT Operations) to drive improvements to Betfair’s security posture.
- Collaborate with other teams to ensure compliance with relevant external requirements such as gaming regulations.
- Perform security risk assessments and reviews.
- Build and maintain strong working relationships. Some examples of key working relationships are: Development, Finance, IT Operations, as well as all other teams within the Security department and vendors/suppliers/3rd parties.
Assist with investigations, incident response and compliance issues.
- Strong experience in providing actionable security input and assistance at all stages (Architect/Design, Build, Operate) of major technology projects
- Knowledge of security requirements for systems, networks and applications
- Strong knowledge of Network Security principles and practices (hands-on experience with one or more technologies such as load balancers, firewalls, routers, switches, intrusion detection systems, network behaviour analysis)
- Strong experience of operating system security (Linux/Unix and Windows)
- Good understanding of security risk identification and assessment
- Ability to quickly understand and adapt to a complex, rapidly changing, global organisation, e.g. changing organisational structure and stakeholders
- Dependability and consistency in successfully participating in multiple projects and activities which may be varied in scope and complexity
- Strong communication skills (written, oral, presentations) while maintaining an ability to talk in layman’s terms about security
- Ability to provide technical security leadership and act as an agent for constant improvement for the company’s security posture (especially producing security KPI’s and fact-based measurement of risk)
- Excellent relationship and stakeholder management skills
- Experience with virtualised environments and different cloud service models (IaaS, PaaS, SaaS) and deployment models (public, hybrid, private).
- Familiarity with security best practices for Amazon Web Services (AWS) or similar market leader public cloud provider
- Ability to work with a low level of supervision, and can be relied upon to deliver good quality results by agreed deadlines
- Good understanding of core security monitoring and response services – process, technology, and governance – including attack detection, vulnerability management, security incident management, and threat intelligence
- Working in an IT Security role or with relevant technologies for 3-5 years
Commercial acumen: Knows how the business works and how the organisation makes money and stays competitive. Encourages diverse thinking to promote and nurture innovation. Articulates credible pictures and visions of possibilities that will create sustainable value.
Ability to drive change: Talks about the future possibilities in a positive way
Creates milestones and symbols to rally support behind the vision
Articulates the vision in a way everyone can relate to. Creates organisation wide energy and optimism for the future
Business engagement and relationship management: Works cooperatively and partners with other across the organisation to get work done. Uses knowledge of business drivers to guide actions