Description
Security Engineer/Architect
Edinburgh - Fully Remote
£600 - £650p/d - Umbrella Only
6 months
Fantastic new contract opportunity for an experienced Security Engineer/Architect with strong design and architecture skills required to join this market leading financial services business to help them deliver a range of cutting edge banking Cyber technologies.
You will work within the Security Engineering and Design team, working independently as well as within the larger function, across some of the most forward-looking projects within the group. The role will focus on the delivery of secure financial products and services. This will require obtaining a deep understanding of various technologies in order to produce or provide input into the necessary design or solution documents. This role will involve providing cyber security leadership within projects, working with security teams and SMEs across the group to ensure standards are met or surpassed as well as with product owners, vendors and developers.
Main responsibilities:
- Provide the following capabilities as required by the project or determined by the work load alignment:
- Security Architecture
- Security Engineering and Design
- Security Consultancy
- Work with the engineering lead and project architect to deliver a security solutions.
- Analyse security risk within each design as appropriate to the scope and ensure that all interested stakeholders are informed or consulted where necessary.
- Design security controls in compliance with group-wide security standards and configuration workbooks.
- Take the lead on security architecture decisions and issues where the problem scenario is not covered by a pattern or standard. Seek guidance from Security Specialists where appropriate.
Skills Required:
- Proven experience and knowledge of a broad range of IT security principles and associated technologies.
- Significant knowledge of Cyber Security as it applies to Enterprise business and ideally exposure to risk or threat assessment techniques.
- Proven experience in threat modelling a solution and documenting the design.
- Strong stakeholder management skills.
- Technical experience and demonstrable skill in one or more of the following areas:
- Cryptographic knowledge including encryption, key exchange, certificate handling and protocols (x509, PKCS12 etc)
- Security Control Frameworks eg ISO27001 and practical experience in their implementation
- Security Architecture principles, generic best practices
- Network security devices
- Endpoint defence solutions
- Exposure to malware infection vectors and defence methods
- Endpoint and Server hardening principles, best practices
- Web application Firewalls, network load balancers, Proxy systems
- Network, Endpoint and Application logging concepts, best practice and monitoring systems including SIEM
- Authentication, Authorisation and Accounting concepts, best practice and IAM management systems. OTP and MFA systems.
- Active Directory Security including federated solutions using ADFS, SAML etc
- Exposure to cloud security models including public, private and hybrid concepts
- Application security including web applications, SaaS services etc
- Data handling principles, protective marking/tagging and data security knowledge
For any further queries regarding the role, please contact Danny Palmer (see below)