Security Architect

Surrey  ‐ Onsite
This project has been archived and is not accepting more applications.
Browse open projects on our job board.

Description

Security Architect
Remote/Staines
Utilities
6 months
Happy to discuss rate

Solid generalist Security Architect required to support the Security Architecture function in creating greenfield designs and assessing existing designs.

Purpose Statement:

The Security Architect defines, enhances, and implements information security architecture, while ensuring consistent administration of information security policies, standards, procedures and controls to effectively improve security posture. Work alongside Senior Security Solutions Architect, to provide input into High-Level Designs and Low-Level Designs Review and provide input in to design documentation produced by other functions across the business.

Role accountabilities:

  • Assist the Security Architecture and Engineering Manager in the assessment and definition of the business' information security architecture, including:
  • Collaborating with management, security teams, and other stakeholders to determine information security needs and requirements for applications, cloud services, and networks (WAN, LAN, Wireless), virtual private networks (VPNs), Firewalls, Routers, cloud security, and related security and network devices
  • Evaluation and recommendation of Information Technology (IT) products and technologies Evaluating the interface between hardware, software, and operational and performance requirements of overall system
  • Reviewing the business' information security architecture and platforms to identify integration issues and opportunities to enhance information security practices.
  • Assist the Head of Security Architecture in the development of information security architecture, including:
  • Leading the development of reference architectures across applications, infrastructure, and network environments

Competencies, Experience and Qualifications:

  • Experience and Qualifications Degree required, preferred area(s) of study include: Information technology, Computer science, Information systems, or a related technical field Preferred, but not required certifications may include: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Global Information Assurance Certification (GIAC), or TOGAF/SABSA
  • Experience in developing security architecture and standards
  • Experience working in architecting and designing information security solutions
  • Knowledge and experience in advising DevOps teams and design security into CI/CD pipelines Knowledge and experience across the breadth of technology domains, understanding the inter-relationships between major components
  • Experience in performing security reviews, identify gaps in security architecture, and helping to develop a security risk management plan
  • Experience in the implementation of information security program tools and solutions
  • Experience in assessing network and application design documents in collaboration with infrastructure security efforts
  • Experience in information risk and security-related best practices, policies, standards, and regulations including areas such as International Organisation for Standardisation (ISO) 27001, Information Security Form (ISF), Payment Card Industry (PCI) Data Security Standard, business security frameworks and data privacy
  • Experience with emerging risk and threat landscape in the power utilities, retail energy, or oil and gas industries.

Technical competencies:

  • Expert Information Security technical skills (information security solutions in detail, application architecture, public key infrastructure (PKI), file encryption, programming, support, workstations, network, SAP, cloud solutions, etc.)
  • Expert knowledge of operating systems (eg, Android, iOS, Linux, Windows, MVS, VMWare), hardware and software platforms, and protocols as they relate to information technology
  • Expert knowledge of secure reference architectures, such as infrastructure, network, and application design
  • Ability to analyse business needs and requirements to plan system architecture
  • Knowledge of secure software development methodologies, tools, and practices
  • Hands on experience with the implementation of security solutions
  • Knowledge of network security architecture concepts, including topology, protocols, components, and principles (eg, application of defense-in-depth)
  • Knowledge of critical IT procurement requirements
  • Familiarity with The Open Group Architecture Framework (TOGAF) (prefer TOGAF certified), Sherwood Applied Business Security Architecture (SABSA), Open Security Architecture, IBM Cloud Computing Reference Architecture, National Institute of Standards and Technology (NIST) Cloud Computing Reference Architecture, or other architecture frameworks
  • Knowledge of applicable internal and/or external regulatory policies, standards, procedures and controls (eg, International Organisation for Standardisation (ISO) 27000, National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT), Cyber Essentials, Centre for Protection of National Infrastructure (CPNI), OWASP Top 10, SANS Top 20 Critical Controls, Information Security Forum (ISF)
  • Knowledge of security technologies including: Firewall, IDS/IPS/HIDS, antimalware, SIEM, Vulnerability Scanning, Threat Intelligence sources & services Understanding of applicable regulations and contractual requirements relating to information security

Start date
ASAP
Duration
6 months
From
Pontoon
Published at
23.10.2020
Project ID:
1987181
Contract type
Freelance
To apply to this project you must log in.
Register