Security Architect
Security Architect
Stable Resources has partnered with one of the most successful and fastest growing consultancies that accelerates digital transformation in public and private enterprises. My client leads the way in the next generation of IT consulting, with keen focus on Customer Value, Speed and Guaranteed delivery.
Working closely with clients they build IT solutions through agile delivery methods with speed to market. Their solutions are based on modern legacy free technology and industry standards - building scalable robust solutions that will adapt to changing business needs.
Their culture and working environment is typified with Year-on-Year growth with no redundancies or staff furloughs in 2020. The cornerstone of their success is recognising that their people do their best work when they are supported, feel valued and seen as individuals, so you will be encouraged to share your ideas and speak up for what you are passionate about.
The Role
Working alongside the Project Manager, to translate business objectives into a project scope, and subsequently defining technical requirements. Demonstrable experience in the production of technical design documentation, working within a multi-disciplined, multi-supplier environment, planning, and delivering quality results within agreed timescales.
You will deliver security assessments and perform a key role in Security assessments while supporting various critical initiatives through the identification, analysis, evaluation, lifecycle management and adoption of security architectures and technologies.
- Work closely and liaise with senior security stakeholders e.g., systems assurance, accreditors, SWG’s (Security Working Groups), TDA etc
- Develop and implement technical designs risk assessments for cloud technologies & applications
- Be familiar with security standards, governance & controls – NIST, NCSC, CIS, ISO27K family, CSA CCM, OWASP etc
- Review technical security & process documentation
- Good stakeholder management, including working with senior management
The Person
- Broad security knowledge across technology domains and the criticality of different types of systems within a wide and complex IT infrastructure
- Experience of architecting both enterprise and cloud-based systems using industry best practices
- Knowledge of SOC/CSOC incident response and experience of architecting and implementing response and recovery processes for security events. Includes playbooks authoring and simulation exercises. Level of knowledge in the domain technology area would be considered an expert.
- Threat Modelling experience to identify structural vulnerabilities or the absence of appropriate safeguards across people, process and technology and allow for mitigation to be proposed and prioritized.
- Architecture and engineering of layered control capabilities.
- Accountable for the implementation, adoption and compliance of function specific policies, procedures and controls.
- Subject Matter Expert (SME) and point of contact for Security Architecture matters within key clients.
- Owns, maintains, and has responsibility for making updates to the documentation as well as the implementation of the policy and procedure.
- Remit of architectural engagement includes but not limited to INFRA, IT Engineering, Engineering, Product Development and Software Development.
- Develops policies and procedures within their subject area and are aligned with industry standards and best practice e.g., ISO27001, ISO21434, TISAX, IATF16949, CSA, NIST, NCSC, ASPICE for Cyber Security.
Cloud Security
- Experience of architecting cloud-based systems using industry best practices
- Understand cloud applications & API functionality
- Understand cloud services in particular Azure
- Develop on premise to security cloud migration strategy
- Implementing frameworks for SaaS, IaaS and PaaS deployment s aligned to industry best practise e.g., Cloud Security Alliance (CSA), NIST, NCSC
- Carry out gap analysis / risk assessment of existing on premise and cloud deployments
- Develop and as assist in the implementation of DevSecOps processes
Benefits
- Annual salary review
- Remote working
- 4 x Life Assurance
- 25 days annual leave plus Bank Holidays
- Supportive environment with plenty of opportunities to develop your skills:
- Continuous training
- Mentoring
- A culture that encourages innovation
- Cycle 2 Work Scheme
- Employee discount portal on food and drink, supermarkets, travel, department stores etc.
- Interest free season ticket loan
- Professional reimbursement of Professional Subscriptions
- Enhanced Maternity and Paternity pay
- Multiple social event offerings
We appreciate your CV may not be up to date. No problem, just send me what you have, and we can discuss further. Please feel free to call me on 02921 051040 or look me up on LinkedIn and message there.
The successful candidate will hold/be eligible for SC clearance and must be able to work in the UK unrestricted.