Senior Cyber Security Consultant/ Secure Design

Job Description

The Role:  

In this role you’ll work within the consulting team, supporting new and existing clients across various sectors to define and implement security architectures and solutions that match their requirements. You’ll work in close partnership with all clients to ensure the delivery of expert services by complementing their inhouse Information and Cyber Security resources combining expertise in information security, solution architecture and business advice.

 

As a Security Consultant, you will be responsible for the identification of risks relating to Security Architecture, maintaining an awareness of published vulnerabilities and best practices across various platforms, especially cloud infrastructures. Working across the business and multiple technology platforms, you will play a key role in ensuring our clients make the best use of their existing technology and make proportionate, risk-informed decisions, ensuring protection of client assets and transformation of their security architecture.  

 

This role forms part of the wider Consultancy team and will work cross functionally with the Delivery Manager and others to support and assure project delivery through all phases of the agile workflow. As a team we’re always looking to raise the bar, learn new things and incorporate new technologies and you will too! You’ll share your knowledge with the team and the wider group community, contributing to Group blogs and undertaking research related to technology enhancements.

 

Responsibilities:  

 

  • Support the production and adoption of the client’s IT security framework, including:
  • Security Architecture policies, principles, and standards for application across the organisation.
  • Alignment to industry standards and regulation e.g., ISO/IEC 27001/27002/27005.
  • Security specific patterns, models, and blueprints.
  • Define as-is and to-be security architectures.
  • The security architecture roadmap.
  • Security technology radars and KPIs.
  • Security architecture specific tools and methodologies.
  • Supporting the new risk management approach, by evaluating technical solution requirements, and applying security policy, standards, threats, and vulnerability information, for the identification of potential risks to the client.
  • Supporting new online and digital transactional services, ensuring adherence to industry standards, and the identification and assessment of risks and their effective management and mitigation, to ensure the security of information assets and systems, and confidence in service delivery.
  • Promote the adoption of architectural principles to reduce information risk.
  • Identify security risks that arise from potential solution architectures, advising and assuring alternate solutions or counter measures to mitigate identified information risks.
  • Provide assurance of client’s security architectures and solutions.
  • Contribute to the Technical Design Authority and Security Risk & Assurance Forum, ensuring secure design architecture and levels of risk feed into the decision-making process.

  

 

To be epic at the role you will:  

 

  • Customer focused and a strong verbal and written communicator.
  • Possess strong hands-on experience in reviewing project delivery plans relating to security systems; evaluation of network and security technologies; developing requirements for network and cloud security designs as well as hardware & software.
  • Have experience building and implementing secure by design principals within the software development lifecycle (SDLC).
  • Possess awareness and understanding of HMG and NCSC Security policies, standards, and guidance.
  • Passionate in cyber security.
  • Able to deliver training to end users.
  • Motivated, self-directed, and able to work in large and virtual teams.
  • Have knowledge and awareness of the following:
  • CISSP
  • TOGAF
  • Agile Project Methodology
  • Awareness of appropriate software development languages e.g., Terraform, Ansible, Python, Java, Node.js
  • DevSecOps tooling e.g., Nessus, Burpsuite, Jenkins, NuVector  

 

Our Clients Purpose:  

The Group is a community of 150+ passionate people united by one overall mission... to make the world safer, one business at a time. They are the "one-stop shop" for all things cyber and they are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop for our people.   

 

They work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible. Whether it's AI-driven ML-based threat intelligence or rapid start hybrid Cloud; our goal is to implement solutions that make us stand out in.