Description
Senior Security Consultant
Job role description:
The candidate will become accountable for specific-scoped assignments and must be able to:
- Identify and prepare amendments to the policy framework by:
- writing functional security requirements in collaboration with our CSIRT team which provide a sufficient protection for clients resources based on Attack Vector
- verify making sure those function security requirements can be met using available technology
- assist the Enterprise Security Architecture team in mapping security requirements to IT Architecture Building Block used by IT to create High-Level Design
- assist the Enterprise Security Architecture team in defining Security Requirements for Security Solution Building Block
- assist IT in identifying and providing remediation to possible compliance issues
- develop High Level Security Requirements to translate to leadership team (Director-level) detail security requirements for them to understand the security impact on their business
- work with both our CSIRT & Enterprise Security Architecture teams to maintain Attack Vector on Architecture Building Block updated
Experience:
- Applied and integrated a broad variety of security technologies, producing layered, defence-in-depth security architectures
- Applied Information Security industry standards/best practice frameworks (eg SANS 20) in large organisations
- Maintained a holistic perspective on the security capabilities needed to support or deliver the enterprise's strategic goals and objectives
- Fully aware of available security capabilities and challenges related to: IoT, Big Data, Cloud (SaaS, IaaS, PaaS), API Management, Identity & Access Management, Application Security, Safe development environment, ICS, BYOD & mobility
- Familiar with regulatory and legal requirements related to information Security and Data protection
- You understand intuitively which elements should be present in a High-Level Design and which elements should be part of a Detailed Design
- You have already worked in both very dynamic and very formal environments and can combine strengths of both
Soft skills:
You are a doer, are result-oriented and you don't lose focus
- You are passionate about cyber security and you are to keep pace with emerging technologies and trends, standards and products
- You can write in simple terms and short sentences formal information such as control procedure or security requirements
- You have experience in stakeholder management across all levels of an organisation, equally comfortable presenting a PowerPoint on risk to the board as speaking to engineers in the field on a specific risk
- You are intuitive and quickly see if something doesn't look right
- You can be imaginative to solve complex problems
- You are self-aware as you will collaborate with everybody to stay up-to-date, to maintain trust and make use of everybody's skill set
- You are honest and loyal - you can report sensitive matters in confidence and you can also tell when you don't know
- You understand that good is better than perfect
Specific technology & governance skills:
- You understand the following ISMS standards & frameworks: ISO 27001, ISO 62443, SANS CSC20 & OWASP
- You have a basic understanding of networking technologies: routing & switching standards, Access control (WPA, 802.1x, advanced Firewalling techniques, IDS, endpoint Firewalls...), traffic analysis techniques (Sniffing, Netflow...), VPN (IPSec, MPLS) standards
- You are familiar with IT and security infrastructure standards: Directory technologies, federation & AAA (OAuth2, Radius...), logging standard (syslog, Windows Event Log...), APIs & related gateway web technologies (REST, API gateway...), unstructured data encryption (RMS), O/S (mobile & server) & related management systems (MDM, MAM...)
Languages:
Fluency in English language in addition to your mother language - both verbal and written, with the ability to communicate clearly
Please send your CV today for immediate consideration.