Wejo is a leader in the connected car market and is shaping the future of mobility. The connected car space is one of the fastest growing sectors in the internet of things industry. Car manufacturers are looking to extend traditional infotainment systems, insurers are seeking a better understanding of risk, users are demanding more feedback and firms are generating increasing amounts of data and require support in understanding its applications and value. We specialise in creating new services and products to help clients make the most of their data and realise its value

We bring together the brightest minds and industry experts with award-winning platform technology and advanced privacy and security to revolutionise the way we live, work and travel using connected car data, insights and analytics.

At Wejo our values drive our culture, shape our interactions and help us to achieve our goals. These values are turned into meaningful behaviours and embody our employees. We are bold, collaborative and responsible.

Role Summary

The role of the Information Security Engineer is to take responsibility for the development and maintenance of information security deliverables in line with requirements, policies and standards. The successful candidate will be responsible for the implementation, ongoing configuration, maintenance and monitoring the security of various technical subsystems.

Furthermore, the Information Security Engineer will work with the Information Security Team to ensure the relevant ISMS activities are conducted.

You will monitor internal and external security threats, analysing vulnerabilities and managing the risks that arise from these. You will support investigations into security incidents and suspected breach of policy, assisting with the provision of reports and supporting evidence for internal disciplinary processes and/or legal and regulatory action where required.

The successful candidate will be expected to support the design and implement business and technical solutions to ensure they are compliant with policies and technical standards. Furthermore, help to assure that services are implemented in accordance with agreed policies standards

A prerequisite for everyone working in Wejo is a high level of personal resilience and the ability to manage changing priorities and complexity well.

Key Responsibilities – what I do mostly

• Implementing changes or fixes to address security vulnerabilities identified.
• Assessment, planning and co-ordination with other teams regarding patch management activities for internal and third party hosted systems
• Assessing and recommending server hardening activities.
• Monitoring external sources to make recommendations on latest security threats and vulnerabilities.
• Monitor networks for security breach, vulnerabilities and attack.
• Responsibility for the operational support of security technologies, products and services and regulatory compliance such as GDPR.
• Provide a focal point for technical information security expertise, including the completion of TSS / NFR documents.
• Contribute to the design and application of IT Security controls and processes to help maintain the integrity and reliability of systems and data.
• Work with the information security manager to roll out new or updated policies and procedures
• Coordinate local audits
• Facilitate the delivery of local ISO 27001 controls as agreed with the Information Security Manager
• Responsible for local awareness training and comms
• Work with functions across the organisation to ensure the effective operation of the ISMS
• Create monthly reports for top level management
• Work with the information security manager on breaches and incidents to gather the necessary information and make recommendations to the data protection officer on whether the breach is a reportable breach
• Ensuring a professional image of the company and themselves is presented at all times.

Other Responsibilities – what I will be doing sometimes

• Using my expertise and knowledge to help in areas of the business that need support to get the job done, whatever that might be.

Essential Skills / Knowledge & Experience – what I need to do the job

• Good network and systems knowledge; particularly focusing on OS security (Windows, macOS, Linux) and various hardware endpoint technologies.
• Experience in Vulnerability Management software such as Qualys / Tenable.
• Have experience of security monitoring tools such as Darktrace.
• Have proven experience in a previous Information Security role.
• Experience investigating security incidents including the management of forensics.
• Good understanding of AWS security services and architectures including third party product and service offerings.
• Demonstrates a wide range of security understanding in technology across differing platforms.
• Experience in prescribing security Non-Functional Requirements (NFR’s) for projects.

Desirable – What can help me succeed

• Experience in delivering security projects against compliance requirements.
• Knowledge of security baseline standards e.g. CIS Benchmarks
• Be a certified Information Systems Security Professional (CISSP), or similar recognised security accreditation.
• Knowledge of Frameworks such as NIST, OWASP, MITRE

Equal Opportunity Employer: Wejo is an equal opportunity employer, committed to our diversity and inclusiveness. We consider all qualified applicants regardless of race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age. We strongly encourage women, people of color, members of the LGBTQIA community, people with disabilities and veterans to apply. We are actively working to be an anti-racist organization. We're committing to creating an inclusive and equitable workplace for all of our employees. You can read more about our commitment to DEI here.