Description
Summary of the work
Our customer are currently undergoing a digital transformation. This is a rare opportunity to help transform the way we provides a critical public service.
- Latest start date Monday 6 September 2021
- Expected contract length Contract will be let in 6 month increments, up to 24 months.
- Location Scotland
Who the specialist will work with
The existing team is comprised of contract and Civil Service resources. The specialist will be expected to be Embedded into the Digital team as well as working with the other members of the business.
What the specialist will work on
- Design security-controls in cloud-based web-applications and cloud-infrastructure to support business objectives
- Work with stakeholders in an agile environment to refine security-control implementations
- Educate and upskill colleagues in best practices
- Assist in defining and executing security best practices in engineering and software design
- Contributes to security architecture policy, standards and design
- Advises stakeholders and suppliers on compliance with IT security policy and controls
- Contributes to IT service level definitions
- Contributes to Cyber Assurance maturity assessments, or other audit/compliance activities
- Supports development of business cases for investment to improve IT security controls
- Ensure compliance with Codes of Connection/Memorandums of Understanding
Address where the work will take place
Remote-working and visits to Glasgow Office.
Security clearance
Must have BPSS clearance to begin work and willing to go through SC Clearance.
Essential skills and experience
- Experience of working with agile engineering teams and designing security controls for cloud-based web applications - ideally with Java and AWS
- Experience of working with demanding security standards - ideally to standards that comply with Home Office NPRIMT controls
- Experience of creating security-controls, with working-knowledge, to advise on cloud implementations (Azure, AWS, GCP etc)
- Some understanding of application architectures, patterns and the ability to interpret technical designs
- Strong knowledge of government and industry data/cyber security legislation, policy, patterns, standards (including but not limited to ISO27001, CSA STAR and NIS Directive) and guidance.
- Experience of reviewing system architectures to: identify single points of vulnerability and common architectural flaws
- Experience of identifying security issues relating to configuration of components in an architecture*
- *validate and explain how common attack methods are mitigated by the design
- *and identify areas where detailed technical analysis will be required to understand important nuances that could have significant security implications.
- Strong knowledge of Government and industry risk management techniques
- Demonstrable experience in interpreting and applying this knowledge in an agile way, working with development teams to deliver digital Cloud services.