Job Description
Ensure that specified security controls/counter-measures mitigate, minimise, or treat discovered risks are pragmatic, appropriate and cost effective
Technical assurance of projects to ensure they comply with the security architecture, covers both new systems and their integration with legacy.
Latest start date Tuesday 31 July 2018
Expected contract length 24 Months total-Initial 12 months-further period up to 12 months depending on business need & performance
You will work as part of a Technical Design Authority who are responsible for specific domains.
They will need to collaborate closely with delivery teams in a multi-supplier environment.
What the specialist will work on
1. Defining the security architecture for our digital platform (Platform, endpoints, networks & application)
2. Demonstrating how security architecture addresses technical risks identified by independent IA team
3. Assuring end to end technical security where shared solutions are being used
4. Focus is on cloud architectures but will also include Crown Hosted solutions where applicable
Typically on-site with wider team and clients in an Agile environment. Some site visits. Use of Confluence, Jira and ardoq are the tools used to track progress against deliverables.
Security clearance - SC Clearance is required - must be eligable
Essential skills and experience
• Have proven track record of designing accredited cloud based security architectures for large and complex organisations
• Have in depth knowledge of AWS security tools, open source security controls and experience of Automated security testing tools
• In depth understanding of cloud technologies. Specifically, secured cloud solutions previously on cloud platforms (e.g. MS, AWS, Google, Skyscape )
• Experience of a broad range of networks and underlying IT technologies and environments (e.g. container technologies like Docker and Kubernetes)
• In depth understanding of cloud based, open source and traditional security technologies, controls and an in depth understanding of security specific protocols (e.g. TLS, Kerberos and SAML)
• Lead IA/Security Architect (LCCP) and Certified Senior Information Risk Adviser (SCCP)
Nice-to-have skills and experience • Experience of HMPO systems or similar government operational systems and scale
• Experience of GDS best practices
GSA Techsource Ltd operates as an Employment Agency when recruiting for permanent vacancies, and an Employment Business when recruiting for contract vacancies. All contract rates quoted are to Ltd companies.