Our client is a community of 150+ passionate people across four unique companies united by one overall mission... to make the world safer, one business at a time. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop for our people.
They work with a diverse range of clients including large Governmental departments as well as a wide range of businesses within the private sector and we are growing! IRC is looking for an SC cleared Security Architect to consult on and implement security architectures that help support our clients.
In this role you’ll work within the consulting team, supporting new and existing clients across various sectors to define and implement security architectures and solutions that match their requirements. You’ll work in close partnership with clients to ensure the delivery of expert services by complementing their inhouse Information and Cyber Security resources combining expertise in information security, solution architecture and business advice.
As a Security Architect, you will be responsible for the identification of risks relating to Security Architecture, maintaining an awareness of published vulnerabilities and best practices across various platforms, especially cloud infrastructures. Working across the business and multiple technology platforms, you will play a key role in ensuring our clients make the best use of their existing technology and make proportionate, risk-informed decisions, ensuring protection of client assets and transformation of their security architecture.
This role forms part of the wider Consultancy team and will work cross functionally with the Delivery Manager and others to support and assure project delivery through all phases of the agile workflow. As a team we’re always looking to raise the bar, learn new things and incorporate new technologies and you will too! You’ll share your knowledge with the team and the wider group community, contributing to Group blogs and undertaking research related to technology enhancements.
- Provide technical leadership within a software engineering environment, covering all components of the development process, and supporting infrastructure.
- Support the production and adoption of the client’s IT security framework, including:
- Security Architecture policies, principles, and standards for application across the organisation.
- Alignment to industry standards and regulation e.g., ISO/IEC 27001/27002/27005.
- Security specific patterns, models, and blueprints.
- Define as-is and to-be security architectures.
- The security architecture roadmap.
- Security technology radars and KPIs.
- Security architecture specific tools and methodologies.
- Supporting the technical risk management approach, by evaluating technical solution requirements, and applying security policy, standards, threats, and vulnerability information, for the identification of potential risks to the client.
- Supporting new online and digital transactional services, ensuring adherence to industry standards, and the identification and assessment of risks and their effective management and mitigation, to ensure the security of information assets and systems, and confidence in service delivery.
- Promote the adoption of architectural principles to reduce information risk.
- Identify security risks that arise from potential solution architectures, advising and assuring alternate solutions or counter measures to mitigate identified information risks.
- Provide assurance of client’s security architectures and solutions.
- Contribute to the Technical Design Authority and Security Risk & Assurance Forum, ensuring secure design architecture and levels of risk feed into the decision-making process.
To be epic at the role you will:
- You’re a Security Architect with experience of providing technical leadership within a software engineering environment.
- You’ve designed security solutions using sound architecture principles across a large and complex environment with demanding functional and non-functional requirements
- You have a broad range of knowledge across web, mobile and cloud security
- You have a good understanding of identity and access management systems and API security
- You’re collaborative and pragmatic with excellent communication skills
- You have a good understanding of the application of security within the CICD environment.
- Possess strong hands-on experience in reviewing project delivery plans relating to security systems; evaluation of network and security technologies; developing requirements for network and cloud security designs as well as hardware & software.
- You have practical experience working with NIST, OWASP top 10, CIS top 20, NCSC Security policy Standards, ISO/IEC 27001.
- Possess awareness and understanding of HMG and NCSC Security policies, standards, and guidance.
- Passionate in cyber security.
- Able to deliver training to end users.
- Motivated, self-directed, and able to work in large and virtual teams.
- Have knowledge and awareness of the following:
- Agile Project Methodology
- Awareness of appropriate software development languages e.g., Terraform, Ansible, Python, Java, Node.js
- DevSecOps tooling e.g., Nessus, Burpsuite, Jenkins, NuVector
- ISO 27002/27005