Security Technologist/ArchitectManchester/Hybrid (On site once a month)6 month contract (Outside IR35)
A Security Technologist is required for our client who are based in Manchester. The successful candidate will be responsible for delivering hands-on technical security expertise, advice and best practice. The role will involve covering methodologies, service and system design, technical mentoring, product enhancement, security posture and controls, and supporting the extraction of best value from systems and supply chain partners. The security technologist will work alongside the operational and project teams, to ensure that systems and data are robust enough to defend against vulnerabilities and attack.
Main responsibilities• Support the business to design, implement and support security for systems or services.• Assist in the design and updating of the overall security strategy• Create and maintain technical documentation• Lead the security aspects of the continuous improvement programme, including the setting of standards.• Assist with the security testing programme.
Essential criteria• Possess strong technical security knowledge, based on significant hands-on experience in an IT environment, where a wide range of BAU and project activities take place.• Proven experience of designing, implementing, and maintaining security solutions for hybrid environments, consisting of on premises and cloud; PaaS, SaaS, IaaS services.• Experienced in performing security reviews to evaluate and provide recommended measures and approaches to continually improve the business security.• Possess a good understanding and detailed knowledge of security toolsets with the techniques needed to support security infrastructure solutions in hybrid environments.• Ability to design and implement innovative approaches for detecting and responding to cyber security incidents (e.g. scripting, analytics, automation).• Hands on experience in understanding, configuring and tuning security toolsets including detection and response technologies such as EDR, XDR, SOAR.• Technical experience in a regulated industry and adhering to various standards and best practices e.g. NIST, ISO 27001, PCI-DSS, CIS.• Awareness of the latest technological developmentsDesirable criteria• Relevant industry qualifications and certifications:• CISSP, CGIH, GDSA, GMLE, GSOC etc.• Understanding and applying Zero Trust principles.• Good technical security knowledge based on practical experience, across at least 4 years, including:• Cisco and Microsoft networking technologies• Microsoft Windows, 365 and Azure technologies• Vmware virtualisation technologies• Vulnerability assessment technologiesA working knowledge of the following product sets is ideal:• Rapid7• Solarwinds• Sophos• MS security suites• Have a good awareness and be able to work within information security and confidentiality legislation.• Experience in working alongside software development teams following Agile methodologies (e.g. DevSecOps).