AddressThe Client is the world's most advanced (re-)insurance market, known globally for our pioneering thought leadership and innovative approach. Working with us provides the opportunity to influence the entire insurance industry. We provide a place where talented, diverse and socially responsible people can feel proud to work.
We are building world class security into our digital services under the banner of our Future at The Client’s programme. Our Market participants expect world class security standards to be embedded into the services we provide to them – whether providing the infrastructure supporting their business processes, handling their data, or more generally operating the Client’s market.
Our aim is to make high-performance security a demonstrable and marketable differentiator for us as a trusted provider of digital services to the insurance market.
Skills
· Ability to critically analyse evidence when assessing the effectiveness of security architecture designs and implementations.
· Ability to provide accurate reports and metrics to lead to the right recommendations and decisions.
· Experience of developing policies, processes and procedures
· Ability to identify and execute on opportunities to embed security into design processes from the start.
· Ability to interpret the software development lifecycle from a security architecture perspective.
· Ability to manage competing deadlines and prioritise responsibilities to effectively meet business needs.
· Highly analytical and disciplined. Excellent working knowledge of confidentiality and data security.
· Ability to produce technical reports and documentation to a wide-ranging audience.
· Systematic, disciplined and analytical approach to problem solving.
· Understanding of threat analysis and threat analysis intelligence feeds
· Microsoft Active Directory and Azure administration and support
· Extensive experience managing vulnerabilities and patching servers and endpoints.
Knowledge
· Advanced understanding and ability to apply Knowledge of cloud computing – Azure/AWS/GCP (including but not limited to: Azure Network & Security Controls, Azure or Third-party Firewall Knowledge, VPN protocols, network configuration, load balancing, web app firewalls and Key vaults)
· Knowledge on Public and Self signed certificate management best practices, having experience to coordinate with public CA vendors for certificate lifecycle management.
· Hands-on experience with ** Infrastructure as a Code - ability to automate and script your work with PowerShell, ARM or Terraform.
· Proficient knowledge and experience with setup, configuration, and tuning of Identity Access Management solutions.
· Hands-on software engineering experience, DevSecOps and Security Management Framework and background.
· Knowledge of common security risk frameworks (e.g. OWASP, NIST, ISO).
· Knowledge of attacks on applications and the relationships to threats and vulnerabilities
· Software development knowledge – advise development teams how to implement steps to automate security tools ie Static Application Security Testing (SAST) or Software Composition Analysis (SCA) as part of the build.
Experience
· Experience with Microsoft 365 and Azure security services and. technologies as Azure AD, Azure Sentinel, Cloud App Security, Defender ATP
· Experience in implementing security architecture principles, processes, standards and governance.
· Experience with creating and running executive level reporting.
· Experience in critically assessing the effectiveness of security architecture designs and implementations and identifying opportunities for improvement.
· Experience of running “Threat Modelling” for teams and products with reference to secure engineering principles, and standards (eg OWASP\CIS\NIST)
· Experience in implementing ‘secure by design’ principles in a variety of systems and technology.
· Experience coordinating Identify and Access Management activities.
· Experience in a highly regulated business environment, ideally gained in financial services.
Professional Qualifications
Desired:
· Azure Administrator Associate - Az 104
· Azure Security Engineer Associate - Az 500
· Microsoft Security, Compliance, and Identity Fundamentals (SC-900)
· Azure Fundamentals - AZ 900
· (ISC)2 Certified Cloud Security Professional
· Practitioner Certificate in Cloud Security
· Certified Information Technology Professional Online
· Microsoft Identity and Access Administrator (SC-300)
Optional:
· CISM, CISSP, M.Inst.ISP, CGEIT, CISA, or any other recognised professional body would be advantageous.
Role objective:
Implement, manage and maintain a robust security toolset for integration into the wider Group Technology and ISMS services.
This role will be responsible for delivering the following Security Engineering processes and outcomes for our Group Technology estate.
· Support with the development of architecture principles, governance, standards and processes, ensuring that security is embedded.
· Developing the automation of security and compliance capabilities in support of DevSecOps processes (SDLC)
· Review existing infrastructure and identify opportunities to embed security by design.
· Work together with Security vendors and other IT personnel for problem resolution and incident management.
· Manage and support all installed system security and security infrastructure.
· Contribute to and manage the design of information and operational support systems security.
· Install, configure, test and support platform security, operating systems security, application software security and system security management toolsets.
· Develop custom scripts to improve system reporting and increase the security profile for new build pipeline initiative and business applications.
· Support with the creation, development and enforcement of secure design patterns / baseline security architecture descriptions.
· Ensure change initiatives requiring Security Engineering expertise meet security architecture requirements.
· Leading and Implementing required Security Tooling for Vulnerability assessments in both code and supporting cloud infrastructure
· Help to co-ordinate IAM activities to provide secure, controlled access to systems and services.
· Produce concise presentations of Security Engineering principles, KPI’s and deliverables to be delivered to multiple stakeholders within Risk, Architecture and Engineering communities.
· Implementing security features and monitoring tools, performing periodic security assessments
· Mentor more junior members of the Security Engineering team.
This role reports directly to the Group Technology, Security Engineering Manager.
