Cloud Security Engineer - Portsmouth, United Kingdom - SGN

SGN
SGN
Verified Company
Portsmouth, United Kingdom

3 weeks ago

Tom O´Connor

Posted by:

Tom O´Connor

beBee Recruiter
Description

THE ROLE


You will also act as the conduit between information security and the cloud centre of excellence (CoE) team, helping to champion cloud security best practices and approved architectural pattern, whilst maintaining the independent by assessing deployed solutionfor misconfigurations.


You will help ensure the overall security of our Cloud estate, ensuring that it is securely designed, implemented, and operated in line with legislative, regulatory, and business security requirements.

You will possess technical security expertise coupled with a strong team focus, excellent communication, relationship building and influencing skills.

Key responsibilities will include;

  • Responsible for ensuring that SGNs cloud security standard is fully implemented and updated
  • Manage cyber security risk assessments, compliance checks, audits, and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration and ensure Cyber Security controls are operatingas designed.
  • Ensure that security validations tools are embedded into the CI/CD pipeline and that assurances are obtained for netnew deployment
  • Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents
  • Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
  • Support the cloud centre of excellence with cloud service automation and orchestration helping to move away manual based deployment to a continuous integration and continuous deployment (CI/CD) engineering practices
  • Work alongside and coordinate our thirdparty vendors including 'managed security services provider' (MSSP), penetration testers, attack path mapping and SOC operators including following up remediation work and reports
  • Investigate and work with the other teams to investigate, remediate and document cyber security incidents.
  • Work with the technical security and assurance team to help deliver new security tooling.
  • Be a Security touchpoint for Project Business Analysts and Project Management.
  • Security Architecture and Design
  • Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements pertinent to OT environments
  • Attend relevant Architecture Review Board and Technical Design Authority meetings providing signoff to designs created to deliver technical solutions into the OT environment
  • Participate in project initiatives around Governance Risk and Compliance tooling, third party risk/ supplier assurance and metrics initiatives.
  • Postimplementation / prego live auditing of initial requirements for Security OT projects, checking agreed design proposals matched against delivered solutions.
  • Remain up to date on cuttingedge cloud technology.
  • Ensure cloud security standard and supporting guideline are implemented and maintained.
  • Ensure guardrails are implemented and maintained to prevent against system wide abuse, compromises and attacks
  • Support the deployment of capabilities that allows for the continuous detection of insecure configuration and vulnerabilities.
  • Ensure vulnerabilities are remediated
  • Where required, provide relevant technical/nontechnical security support to the wider SGN Security team and wider SGN organisation, including the SGN CISO, Security Operations, Security Risk Management and Security Assurance
  • Operate collaboratively with the IT Security Leads and the wider Corporate IT team to deliver the required solutions

WHAT YOU'LL BRING

  • The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
  • Must have expertise in Cloud (IaaS, Paas, SaaS), in particular AWS and Azure
  • Must have proven expertise in three of the following security domain areas; Vulnerability Assessment and Management, Security Risk and Compliance, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, IncidentManagement and Security Engineering
  • Must have 12 years' cyber security experience
  • Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
  • Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment
More jobs from SGN
See all jobs of SGN