Security Engagement Partner

Description

Security Engagement Partner Required in Welwyn Garden City

Duration - 6 months

Day Rate- Competitive

Location Welwyn Garden City Twice a week

Technical Security Engagement Partner

Our Technical Security Training team supports software engineers and product managers in mastering the art of becoming a world-class Technology professional who takes pride in working securely to protect their solutions, our business, and our customers. Through the development of bespoke, relevant and engaging training materials and initiatives our team empower Technology colleagues to own and care about their own security, understanding the simplest and most effective ways to work securely in their role.

We're combining expert pools of thoughts to conquer the challenge of weaving security values into our existing Technology culture by utilising our expertise in content design, instructional learning and behavioural sciences and combining it with the knowledge of our phenomenal security teams who not only see the value in empowering our colleagues to know about, care about and act securely about building secure solutions, but also want to have a hand in shaping how we build this knowledge and capability.

This role is about supporting the transformation of behaviours in our software engineers and product managers, delivering cutting edge and engaging learning materials on deeply technical concepts tailored to colleague roles and responsibilities. As our technology teams design innovative solutions, different security challenges arise and this role is to understand those challenges, identify gaps in knowledge or resources and work closely with content developers and learning experts to design and deliver E-learning, videos, webinars, workshops, blogs and a variety of other resources to help teams navigate these changes securely.

This role would be suitable for a hands-on software engineer with security experience, or a security engineer with strong experience working with DevOps engineering teams.

On a day-to-day basis you will:

• Work within the Technical Training team, lending your technical knowledge and expertise to shape and guide the development of learning materials and a learning curriculum. By helping the training team understand and design foundational training that complements the software development life cycle you are supporting teams to build security into daily processes.
• Partner with our Technical Training Content Developer. What you know we need, they build. You will provide design briefs, review content accordingly and engage key stakeholders for feedback to ensure the materials meet learning objectives and behaviour metrics can be obtained.
• Work with our Cyber champion led to develop a more advanced learning curriculum that doesn't just focus on key knowledge and behaviours to support security behaviours, but empowers champions to become a security point of contact within the team, supporting their peers in resolving security issues, identifying the right security teams to contact and champion security from within their teams.
• Research and gather insight into our existing Security policies, standards and resources, extracting insights on where we've assumed a prior level of knowledge from our colleagues that requires more from the training team to support colleagues to carry out these policies in a simple and effective manner.
• Identify gaps in resources or guidance to technical teams that require materials to support new graduates and veterans in understanding the security expectations for their role.
• Engage with our wider security teams in application security, security architecture and vulnerability management, to understand the expectations we have on our software engineers and product managers, the challenges our security teams face in remediation activities and the specific topics that need inclusion in our technical learning curriculum.
• Champion positive security change within the teams you engage with, building relationships with software engineering and product management stakeholders as you understand their challenges and perspectives, feeding back to the training team on where we could improve learning materials or communication and engagement of our expectations.
• Speak the language of our learners. In a technical training team, you will be the technical expert, able to take technically intricate and sophisticated concepts and break them into simple terms for the training team to build better and more relevant resources.

Technical Expectations of the role:

• A thorough understanding of modern application development practices so that new security capabilities can be introduced while minimising developer friction

• Solid security experience software supply chain security, including open-source dependencies and containers.

• Hands-on experience with remediating security issues in Azure subscriptions with an emphasis on containerised workloads in k8s.

• Hands-on experience in vaulting secrets from code. Azure Key vault or HashiCorp Vault preferred.

• Some coding experience in something - Java, JavaScript, C#, bash, python or PowerShell. You don't need to "be a developer" but you do need to understand the implications of security on engineering velocity.

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

Pontoon is an employment consultancy and operates as an equal opportunity's employer.

Please email me