Security Design Specialist - Luton

IT/Information/Cyber Security
Ref: 43 Date Posted: Monday 20 Jan 2020
LinkedIn ShareShare
Reference No:        2053/39
Company:               Transport
Reports to:              Head of Security Operations
Salary:                    £61,000 - £84,000
Benefits:                 Generous

The Role

The security specialist will provide consultancy and technical assurance of solutions.
  • Responsible for technical assurance of security systems, infrastructure, applications and solutions, aligned to IT strategy and security standards
  • Responsible for establishing and maintaining security standards, processes, procedures and guidelines related to security architecture and Technical Design Authority process
  • Provide IT teams with security focused technical consultancy to ensure compliance with security policies, standards and regulations
  • Input into RFI and RFP technology/vendor selection, ensuring solutions embed and meet security requirements and are secure by design.
  • Take ownership of specialist security domains
  • Contribute to/and implement strategies for embedding relevant security policies and security technical standards in projects and services
  • Ownership of the design and configuration requirements for operational security systems and platforms
  • Responsible for continuous improvement of security services and contribution to the security architecture roadmap
  • Retain a working knowledge of related security technical areas such as; application, network and host, to enable effective liaison with other technical groups and protection of the information
  • Produce and disseminate management information in relation to security technical architecture, technical assurance of projects and all associated solutions
  • Keep abreast of emerging trends, technologies and regulation
  • Establish mechanisms, behaviours and culture to encourage the protection of information and information systems
  • Work closely with enterprise architects, solution architects, technical architects and other senior IT designers to ensure all services are ‘Secure by Design’
  • Ownership and Delivery. Has a clear focus to deliver results, working to targets, reviewing progress and adapting their plans accordingly, motivating themselves/the team to achieve.
  • Business Performance. Understands business and external environment, is cost conscious and understands the longer-term perspective and implications of decisions.
  • Innovation and Change. Is open to new ways of doing things and questions existing approaches, views change as an opportunity, comfortable working in a dynamic and ambiguous environment.
  • Building Relationships. Expresses ideas confidently and clearly, builds positive and constructive relationships with others, gets to know colleagues within their own team and supports them to ensure team goals are achieved.  
Requirements of the Role
  • The jobholder must have a thorough understanding of the security threat landscape, significant risks, technical developments and directions. 
  • Strong interpersonal skills are essential, as the jobholder must be able to operate effectively at all levels.
  • Demonstrable experience of working in a security architecture team
  • Depth of experience in IT Technical Security, including time as a security senior practitioner
  • Experience of security systems and controls, including, vulnerability management, web content filtering, intrusion prevention, SIEM, email security, DLP, NAC,  IAM, O365, AWS, SDLC, SDLC, SAST, DAST, SecDevOps tool chain and Web Application Firewalls
  • Ability to harness the commitment and contribution of team members outside of direct span of control
  • Excellent written and oral communication skills
  • Ability to conduct research into security technical platforms and evaluate capabilities
  • Ability to effectively prioritise and execute tasks in a high-pressure environment
  • A Self Starter with the ability to lead and drive change through an organisation.
  • Ability to build strong relationships and influence decisions with internal and external stakeholders.
  • Familiarity with patterns, practices and frameworks of Enterprise Architecture
  • Be a business-focussed, creative, innovative pragmatic and positive team player
One or more of the following qualifications are highly desirable.
  • Masters in Information Security (MSc)
  • Certified Information Systems Security Professional (CISSP)
  • TOGAF Certified
  • Certified Information Security Architecture Professional (CISSP-ISSAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Cloud Security Professional (CCSP)
  • ITIL
  • Vendor technology certifications e.g. AWS Security