Attack Surface Engineer

Full Time
2 months ago

Role OVO-View

Team: Attack Surface Management (Cyber Defence)

Salary banding: £52,000 - £82,000

Experience: Expert

Working pattern: Full-Time

Reporting to: Senior Security Engineering Manager 

Sponsorship: Unfortunately we are unable to offer sponsorship for this role.

This role in 3 words: Reduce Technology Risk

Top 3 qualities for this role: Proactive, Collaborative, Thorough

In the words of the team, you should leave your current role for this one because….

“Our Attack Surface Management squad has the primary responsibility of managing OVO’s attack surface, continuously monitoring for opportunities attackers might exploit to compromise OVO’s systems and data. Our colleagues depend on us to discover gaps in OVO’s information security management system, identify operational improvements to fix security exposure efficiently, and prevent them occurring again.  In this team and the fast-paced environment we work in, we constantly challenge the status quo and look for solutions to improve workflows, introduce speed and automation and ultimately better secure the people and technologies delivering Plan Zero.”  

Where you’ll work: 

At OVO, we understand that a one size fits all approach doesn't work for everyone. That's why we created the OVO Way of Flexibility.

All our roles are hub based (Bristol, Glasgow or London), providing a dedicated space for collaboration, connection and teamwork. You'll also have the flexibility to work from home.

Everyone belongs at OVO

At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

Teamworking for the planet

Everything we do here spins around Plan Zero. So, naturally, the team you’ll be joining plays a gigantic role in making that happen. Here’s how:

We’re hiring creators, challengers and coaches. Every role we’re hiring puts people at the heart of our security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with secure technologies and operations!

This role in a nutshell:

Our colleagues depend on us to deliver a rich, safe digital experience that is also a hard target for cyber threats. OVO has scaled rapidly in recent years - our processes and platforms need to meet and exceed those scaled demands. You’ll lead projects to implement controls and automate remediation activities in response to persistent security problems. You’ll be given challenging tasks, and you will take ownership and responsibility for driving them forwards.

Your key outcomes will be to:

  • Enhance the security posture of OVO systems across the technology estate by security control implementation, monitoring and management.
  • Utilise security tooling and processes to reduce organisational risks and improve compliance to security best practice and widely recognised standards.
  • Work collaboratively with other teams to proactively assist in identification, documentation, and response to security issues and gaps.

Systems. Familiarity working with the following technologies and platforms would be advantageous (but is not required):

  • Mobile Device Management (e.g. Intune and Mosyle)
  • Workflow/process automation
  • Cloud & SaaS platform management (specifically for security posture monitoring)
  • Identity and Access Management and Privileged Access Management platforms (including Google Workspace and Entra ID)
  • Familiarity with Endpoint Detection and Response and SIEM
  • Vulnerability and Patching Management
  • Bug Bounty Platforms
  • Issue and Project Tracking (Jira)
  • Cyber Asset and Attack Surface Management Platforms

You’ll be a successful Attack Surface Engineer at OVO if you…

  • Are a challenger: settings and monitoring performance against security standards requires an analytical mindset, strong systems thinking and ultimately good judgement. Our culture calls on us to make wise decisions despite ambiguity. And when you inevitably make mistakes, you learn from them and share them with others so that we can all learn.
  • Are a creator: you have experience of risk and threat assessment, problem-solving security gaps/weaknesses. You will be able to think outside the box to come up with alternative solutions to the norm when fixing problems. You will have a strong understanding of securing technical systems and experience using security tools.
  • Are a communicator and coach: you are committed to ongoing personal and team development, for example evangelising a secure and safe digital experience with clear and direct written and verbal communication. You will be able to take technical concepts and reframe them so that different audiences can understand them.

Let’s talk about what’s in it for you

We’ll pay you between £52,000 and £82,000, depending on your specific skills and experience.

We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission.

You’ll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. 

We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO…and there’s flex pay.  It’s an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits.Here’s a taster of what’s on offer: 

For starters, you’ll get 34 days of holiday (including bank holidays).For your healthWith benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and moreFor your wellbeingWith gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and moreFor your lifestyleWith extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donationsFor your home Get up to £400 off any OVO Energy plan, plus personal carbon offsetting and great discounts on smart thermostats and EV chargersFor your commuteNab a great deal on ultra-low emission car leasing, plus our cycle to work scheme and public transport season ticket loansWant to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know.

For your Belonging

To find better ways to support our people, we need to listen to each other’s experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you.

Oh, and one last thing...

We’d be thrilled if you tick off all our boxes, yet we also believe it’s just as important we tick off all of yours. And if you think you have most of what we’re looking for but not every single thing, go ahead and hit apply. We’d still love to hear from you!

If you have any additional requirements, there’s a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible..