Description
Currently a client of mine is looking to speak with Cloud Security Architects for a remote based contract outside IR35.
Key Responsibilities:
- Overall ownership of the protecting the platform from external security threats. Focused on high and low level application and platform security design
- Translating regulatory and compliance into specific technical policies, patterns and requirements that can be applied by engineers to all development activities and stories. To interpret regulatory and compliance obligations to understand changes required to our platform
- Consultant to engineers and architects when designing new components to support development teams to incorporate security best practises in code
- Coordinate with internal InfoSec/SecOps teams with responsibility for understanding existing and emerging threat vectors, attacks and the techniques and technologies to mitigate them.
- Liaise with external security partners with overall ownership of the process for identifying and correcting security flaws in third party products and libraries used on the platform
- Supporting Client Technology Solutions and Sales
- Assist the Product team in making sure security features and requirements are included in development roadmaps
- Promoting security-related skills and mindset in Platform Engineering and establishing security-related career paths and best practices.
- Acting as a consultant on Internet security issues to any team or department that needs
- Creation and maintenance of best practice, policy and how-tos for the Platform Engineering team
- Leading Real Time response teams during attacks or breaches
- Leading investigations after attacks or breaches
- Reviewing the security status of existing technologies and architectures
Requirements
Essential:
- Designing policies and solutions for web-facing AWS hosted platforms
- Understanding of low-level Internet and networking technologies as they relate to security (eg SSL/TLS, HTTP, WAFs, TCP/IP Firewalls etc)
- Leading the work of external security agencies when they are assessing or testing the platform
- Translating regulatory and/or compliance requirements to implementable policies and requirements for development teams
- Leadership of teams delivering security tools, processes and solutions for internal customers
- Bachelor/Undergraduate degree in Computer Science, Applied Mathematics, Engineering, or any other technology related field
Beneficial:
- Mentoring and training of engineers to create a culture of security awareness
- Experience of responding to a major attack or breach
- Formal qualifications/certifications in security-related disciplines
- A software development, systems-engineering or DevOps background
- Applying security requirements to software procurement processes
Please also if you know someone from your network who may be worth reaching out too do let me know!