Description
Role Accountabilities
- Documented security control set which is relevant to CSSC and XOS Adapter environments
- Documented set of principles and policies for CSSC and XOS Adapter to align to security controls
- Documented set of architecture patterns and security approaches to the principles and policies identified
- Documented set of secure coding standards relevant to the environments
- Documented set of SIEM/SOC operating model changes for the CSSC and XOS Adapter environments
- CSSC and XOS Security Design artefacts including technology choices, technical controls, appropriate risk management strategies, mitigations, decisions and design rationale for same as elements of the High Level Architecture (HLA), High Level Design (HLD) and Low Level Design (LLD) artefacts
- Documented Security Framework for access to Azure resources (internal and external parties)
- IAM strategy paper for Azure based APIs, apps and portals
- Security White Paper for external consumption to document the Security Architecture for our products
- Peer Review documentation and assurance approval from a security perspective (eg HLA, HLD, LLD, FS etc.)
- Maintenance of all security documentation as design evolves
- Complete security assessments and questionnaires for our customers
- Represent our CSSC and Adapter services from a security perspective on customer calls with customer security agents
Demonstrable competency in:
- Security architecture, demonstrating solutions delivery, principles and emerging technologies - Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with the programme design and development teams.
- Consulting in the development and design of security best practices and implementation of solid pragmatic security principles across the programme, to meet business goals along with customer and regulatory requirements.
- Security implications and threat landscape of cloud computing: They include data breaches, broken authentication, hacking, account hijacking, malicious insiders, third parties, APTs, data loss and DoS attacks.
- Identity and access management (IAM) - the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
- The ability to be the enterprise security subject matter expert who can explain technical topics to those without a technical background
- Relevant National Institute of Standards and Technology (NIST) standards. A system that is not in compliance with the standards set by NIST, along with ISO27001, COBIT and ITIL, will lack both compliance, adequate security architecture and support.
- OWASP top 10 and the Security Knowledge Framework
- ISO27001 - specifications for a framework of policies and procedures that include all legal, physical and technical controls involved in an organisation's risk management
- Control Objectives for Information and Related Technologies (COBIT) governance framework
- Information Technology Infrastructure Library (ITIL) processes for the management and maintenance of the IT assets.
- Certification in either CISSP, CISM, CISA, ISSAP or ISSEP desirable
Technical knowledge of:
Must have knowledge in some or all of the following technologies
- Microsoft Azure PAAS and IAAS services (including Traffic Manager, Application Gateway, Application Service Plans, Application Service Environments, Azure Service Bus, Azure SQL Managed Instances, Azure Data Warehousing, Azure Serverless Functions, Azure Durable Functions)
- Cloud networking (vNets, Network Security Groups, Policy enforcement, API management, Application reverse proxies, Web Application Firewalls)
- Azure Security Center, Azure Monitor and Application Insights
- RESTful API/web services
- SOAP/XML web services
- .NET Core and .NET Framework application development environments
- Microsoft SQL Server (Managed Instances)
- Oracle 11g, Active DataGuard
- Microsoft Azure Availability Zones and region failover groups
- Azure VPN Gateways
- Azure Windows Virtual Desktop
- Azure Bastion
- Azure Virtual Machines
- Windows 10
- Linux (SUSE, Oracle, RHEL)