It Security Consultant

Role: IT Security Consultant

Location: Swindon

Duration: 9 Months

Day rate: £650 outside IR35

Role Description:

As an IT Security Consultant, your role will be to work within our clients agile DevOps team in a hands-on capacity to deliver security requirements from a companywide initiative based on the NIST framework.

You will be working across 3 existing squads, and your interaction will include:

• Information gathering and upskilling on our existing application landscape to enable you to complete the implementation of tasks
• Working directly with team members to cross skill the team whilst delivering the requirements.
• This is a hands-on role that requires a blend of Developer/Tester/Consultant, with a strong focus on security, AWS, and C#, and infrastructure as code e.g. Terraform.

Example activities that would be asked of the successful candidate include but are not limited to:

• Educate, conduct, and support threat modelling exercises.
• Learning about our systems; writing cyber-attack recover plans and executing the plans.
• Implementing modern authentication and identity and access standards.
• Integrating automated code scanning tools into our CI pipelines.
• Making security conscious code changes in line with our security requirements and centrally driven policies.
• Implement various logging capabilities and monitoring metrics in AWS.
• Facilitating the onboarding of our applications into a central SIEM solution.

Essential skills and experience:

• Implementation of secure infrastructure for our AWS-centric cloud application portfolio and digital/data platforms.
• Application security architecture, Identity and Access Management and IT Security control design and their implementation.
• Implementation of appropriate security tools and services for the application portfolio and their S-SDLC processes, including the consideration of best practices.
• Engaging with our IT Security related forums and workgroups as well as Infrastructure and Cyber Security teams as required.
• Help building-up our internal capabilities in cloud and application security and guide the squads through upskilling activities.
• In addition to your security expertise, you should be comfortable developing and delivering solutions with C#, AWS, and Terraform.
• Experience with Threat Modelling; able to champion this as an approach and can introduce this to team members.
• Demonstratable experience in the implementation of secure applications in the AWS cloud, including cloud-native solutions.
• Demonstratable experience on working with a S-SDLC from secure design all the way to secure release and operations.
• Practical and theoretical understanding of DevSecOps and Secure CI/CD for technology stacks including Containers, IaC, SAST/DAST/IAST, Vulnerability Management etc.
• Knowledge of Identity and Access Management, including Privileged Access Management, Modern Authentication and Single Sign-On (SSO), preferably around Azure AD.
• Relevant AWS certifications in the domains Architecture and Security, e.g. SAA-C03, SAP-C01, SCS-C01 are advantageous but not essential.
• Team spirit and intercultural competency, strong communication as well as time- and self-management skills to collaborate with various stakeholders and work in and with different (business, domain, regional) cultures.
• Excellent language skills in English.