Description
ROLE:
Reporting to the Cyber Security & Resilience Manager, this position provides cyber security architectural capabilities to a large AWS OpenShift Container replatforming and upgrade programme on behalf of the Cyber Security Team. The expectation of this security specialist is that they will be collaborative in nature working in with developers to deliver security advisory into the various teams.The candidate will be responsible for assessing and mitigating any identified risks in the platform by using a range of techniques from threat modelling and vector analysis. The role will also be key to further developing our software security maturity, both in the programme and across the group, from governance through to operational excellence.
ABOUT YOU
This role is perfect for someone passionate about the technical aspects of cyber security, protecting customer data and ensuring cyber resiliency. The ideal candidate will have a background in hands-on secure software platform development or application security testing, or demonstrable experience of working with cloud engineering teams on security-related topics.
You will also be a strong communicator, able to influence teams and programme stakeholders at various levels. The candidate will also have a strong desire to shift secure development practices and tooling left, giving teams access to early feedback on their work.
Knowledge of modern development practices and tools, and agile methodology, is vital. The candidate will be familiar with Kubernetes and AWS is also very important.
Experience of the OWASP top ten, OWASP application security verification standard and threat modelling are critical, as well as a good knowledge of utilising security tooling.
This role is most suited to someone who is a self-starter, thrives for quality and makes others better.
CRITERIA
- 2+ years of experience in a hands-on Cyber Security focused role, primarily in the platform security domain.
- Degree in Information Security, Computer Science or equivalent, or industry certifications, such as CISSP, SANS or Crest/CHECK is advantageous.
- Experience in containerisation technology and strengthening, assessing security weaknesses and posture.
- In-depth Kubernetes experience an essential, Red Hat OpenShift Container Platform an advantage.
ROLES + RESPONSIBILITIES
Secure Design
- Provide well thought out security input on solution design, ensuring key security principles and best practice are reflected in design at both the software and platform level.
- Leverage existing industry patterns (eg NCSC) to support input and influence stakeholders.
- Support the Technical Integration Lead and engineers incorporating security input and provide subject matter guidance in technical governance forums.
Security Requirements
- Provide timely input on all upgrade stories and tasks, utilising already established security requirements for the programme.
- Continue to develop security requirements as required, ensuring they remain relevant and accessible to teams.
- Help teams interpret security requirements where required, including leveraging existing materials.
- Conducting threat modelling to understand threats and draw out further requirements and controls.
Security Testing
- Conduct both targeted, story based, and broad security testing of components and services throughout the development life cycle.
- Scope and co-ordinate external penetration testing and offer guidance on/manage remediation actions in liaison with technical principles and programme leadership.
- Based on testing, produce documentation to offer assurances to the programme and wider business on risk.
Security Advice and Guidance
- Offer timely advice and guidance to a range of stakeholders on security matters, both verbally and written.
- Represent Cyber Security at applicable forums and working groups.