Description
Security Architect
Experis are currently recruiting for a Security Architect for a Central Government client on a 2 year project.
Responsibilities
- Design security-controls in cloud-based web-applications and cloud-infrastructure to support business objectives
- Work with stakeholders in an agile environment to refine security-control implementations
- Educate and upskill colleagues in best practices
- Assist in defining and executing security best practices in engineering and software design
- Contributes to security architecture policy, standards and design
- Advises stakeholders and suppliers on compliance with IT security policy and controls
- Contributes to IT service level definitions
- Contributes to Cyber Assurance maturity assessments, or other audit/compliance activities
- Supports development of business cases for investment to improve IT security controls
- Ensure compliance with Codes of Connection/Memorandums of Understanding
Essential Skills & Experience
- Experience of working with agile engineering teams and designing security controls for cloud-based web applications - ideally with Java and AWS
- Experience of working with demanding security standards - ideally to standards that comply with NPRIMT controls
- Experience of creating security-controls, with working-knowledge, to advise on cloud implementations (Azure, AWS, GCP)
- Some understanding of application architectures, patterns and the ability to interpret technical designs
- Strong knowledge of government and industry data/cyber security legislation, policy, patterns, standards (including but not limited to ISO27001, CSA STAR and NIS Directive) and guidance.
- Experience of reviewing system architectures to: identify single points of vulnerability and common architectural flaws
- Experience of identifying security issues relating to configuration of components in an architecture*
- *validate and explain how common attack methods are mitigated by the design
- *and identify areas where detailed technical analysis will be required to understand important nuances that could have significant security implications.
- Strong knowledge of Government and industry risk management techniques
- Demonstrable experience in interpreting and applying this knowledge in an agile way, working with development teams to deliver digital Cloud services.
A BPSS clearance is required to begin work and candidate must be willing and capable of going through SC clearance.