Security Architect / Consultant DevSecOps

Security Architect / Consultant (DevSecOps)
Banking
Hybrid: Hybrid: 2 days per week in Leeds, Manchester, Edinburgh, Bristol wherever is closest
6 months+
£680 per day

In short: We are seeking a Security Architect with customer-facing consultancy experience to support a DevSecOps engineering team for a high profile bank.

Essential:
Generalist security design skills
DevOps / DevSecOps
Hybrid Cloud

In full:

We are looking for a Security Consultant to ensure Security by Design is embedded across our change portfolio. You will be authoring Security Design documents and providing crucial consultancy on security threats, risks, and the implementation of Security controls.

Cyber Security sits at the heart of our business providing the Group with a secure operating environment, safe from malicious attacks. It is a dynamic and constantly evolving world where your experience and efforts can deliver tangible results to the safety of a huge company and over 20m customers.

Experience required:

• The ability to deconstruct a solution / network architecture.
• Ability to identify and mitigate against threats and vulnerabilities associated with proposed solutions and evaluate the soundness of solutions using industry standard practices (e.g., STRIDE, MITRE)
• Demonstrate the ability to interpret threats into Risks, using your knowledge and experience to assist the business in assessing likelihood and impact.
• Effectively communicate technical concepts to both technical and non-technical stakeholders.
• Skills to produce and articulate Security Designs to all stakeholders within the project and business.
• Comfortable weighing the risks and benefits of competing Security design options.
• Comfortable working on multiple challenging projects simultaneously.

Ideally, you've got:

• Awareness of industry related security standards such as ISO 27000 series, PCI DSS, COBIT, NIST, OWASP
• Certifications in Security Management such as CISSP / CISM / CCSP or equivalent
• Certifications in technical Security domains such as CEH / OSCP or equivalent
• Experience of Public and or Private cloud environments.

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.