Initially 6 Months. Up to 23 Months.
Remote for the foreseeable. When offices open, specialist may have to attend Glasgow office as required. A large proportion of the week will be remote.
What will you work on:
- Design security-controls in cloud-based web-applications and cloud-infrastructure to support business objective
- Work with stakeholders in an agile environment to refine security-control implementation
- Educate and upskill colleagues in best practice
- Assist in defining and executing security best practices in engineering and software design
- Contributes to security architecture policy, standards and design
- Advises stakeholders and suppliers on compliance with IT security policy and controls
- Contributes to IT service level definitions
- Contributes to Cyber Assurance maturity assessments, or other audit/compliance activities
- Supports development of business cases for investment to improve IT security controls
- Ensure compliance with Codes of Connection/Memorandums of Understanding
- Experience of working with agile engineering teams and designing security controls for cloud-based web applications - ideally with Java and AWS
- Experience of working with demanding security standards - ideally to standards that comply with Home Office NPRIMT controls
- Experience of creating security-controls, with working-knowledge, to advise on cloud implementations (Azure, AWS, GCP etc…)
- Some understanding of application architectures, patterns and the ability to interpret technical designs
- Strong knowledge of government and industry data/cyber security legislation, policy, patterns, standards (including but not limited to ISO27001, CSA STAR and NIS Directive) and guidance.
- Experience of reviewing system architectures to: identify single points of vulnerability and common architectural flaws
- Experience of identifying security issues relating to configuration of components in an architecture*
- *validate and explain how common attack methods are mitigated by the design
- *and identify areas where detailed technical analysis will be required to understand important nuances that could have significant security implications.
- Strong knowledge of Government and industry risk management techniques
- Demonstrable experience in interpreting and applying this knowledge in an agile way, working with development teams to deliver digital Cloud services.