Cyber Security Specialist – Outside IR35 – 12 month contract
Harvey Nash are recruiting for a Cyber Security Specialist for a public sector client. This role will be mainly hybrid working with the office based in Edinburgh.
This role will be outside IR35. Role will require candidates hold the Right to Work in the UK, Standard Disclosure Scotland certificate and BPSS clearance.
This role will involve working with the Cyber Security team, providing advice and guidance to digital transformation projects, covering Cyber Security and risk throughout service life cycle. Key duties include:
- Be aware of the current cyber threat landscape and industry best practices and standards.
- Support initial scoping and risk assessment of a change project.
- Interpret security best practice and accreditation requirements to determine security requirements
- Adapt existing Cyber Security standards and controls to fit specific change projects
- Carry out threat modelling and risk assessments
- Review high and low level designs drafted by solution architects.
- Maintain a security design assessment for new services
- Carry out basic hands on security assessments (e.g. SSL Labs config or CSP evaluator, not including full pen testing)
- Plan and co-ordinate independent pen testing
- Provide recommendations for stage gating and go live decisions
- Own completion and accuracy of all security related product delivery evidence
- Provide recommendations for SecOps processes and automation for new systems
Technical Scope
- Security products (email filtering, AV, firewalls, WAFs, MS Defender)
- Security Testing (SAST, DAST)
- Virtualisation platforms and operating systems, including Hyper-V and Windows Server.
- Enterprise Systems (email, PKI, AD, GP, SCCM, Azure, M365)
- Application platforms (MS Dynamics, Power Platform)
- Cloud platforms (Azure)
Essential Skills
- Security and Risk assessment
- In depth understanding of and experience with enterprise scale digital service provision
- Demonstrable recent record making security contribution during the development of a new digital service
- Ability to work well in an agile project team with internal colleagues and suppliers
- Ability to self-start, accept ownership and see through security aspects of project start to finish
- Ability to share knowledge and experience with colleagues and effectively hand over to SecOps
Desirable Skills
- Experience with MS Dynamics, Power Platform and Azure
- Experience managing independent testing (scope, pre-test config, triage findings)
- Experience with MCSE Certified or equivalent experience
- ITIL certification
To apply for this role, please send your CV using the link.