Security Conslutant - Cheshire, United Kingdom - Gibbs Hybrid

Gibbs Hybrid

Verified Company

Cheshire, United Kingdom

2 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Gibbs Hybrid requires an experienced Application Security Consultant for a world leading IT services client.

Remote initially - 1-2 days a week at client site likely in the new year (Cheshire)
£650 per day (Inside IR35)
6-12-month contract with extensions highly likely
An Application Security Consultant owns one or multiple work streams offered by the AppSec team. Based on the overall team structure a Sr. Application Security Consultant might have to do people management. A person in this role is proactive in managing stakeholder expectations and be mentor/guide for others within the team. As an SME, they will be the single point of contact for specific technologies.
Work with other engineers and functions in and across the department and help resolve their cyber and security challenges.

Work very closely with our partners to help our partners convey their strategy within our own team and wider VM/CSO function.

Where applicable suggest alternatives to CSO partners with the aim to partner up long term and improve synergy between our 2 teams.

The nature of the role may require adhoc assignments of various sorts.

Other times this may require pulling sleeves up and looking into CICD very deep, suggest remediations of various security or audit findings etc.

Often indeed requirement would be to understand source code and dig deep there too (java/c#/python etc).

Strong knowledge on ASPM, SAST, DAST, SCA, IAST, cloud security and other AppSec related technologies.
Experience in rollout of AppSec services.
Experience in understanding and contributing to the overall security strategy.
Should be able to contribute to the deliverables immediately.
Manage multiple activities and manage deliverables within the team.
Take ownership of activities within the team and be accountable for seeing them through.
Help implementing the vision and alignment to strategic objectives from security standpoint
Adhoc hands on development when required
Direct line management of employees may be part of the role in the future, but not now

Key Accountabilities

Own one or more security services.
Continuous improvement of service offering with a keen eye for integration with other systems
To be able to communicate with key internal and external stakeholders in a professional and constructive manner
Development of an understanding of the CIOs requirements wrt software engineering across all technology and contributing to the enhancement of the platform from control and security perspective
Awareness and understanding of all regulations and controls in relation to software development.
Ability to interpret user requirements and convert them into deployable production code with a high degree of independence (for hands on development)
Help securing code that is appropriate for a platform used by ~20k engineers in our firm
Investigation of various security issues and threats reported by the various security tooling in VM and AppSec.
Able to execute the assigned project within schedule and budget with mínimal supervision
With the sound technical background solid understanding of SDLC, PDLC and Agile methodologies
Act as a guidance when it comes to DevSecOps and DevOps principles
Address any customer (engineers mostly) queries promptly; minimize impact to business in case of production issues

Decision-making and Problem Solving

Final say regarding technical choices in a collaborative team based approach (where accountability sits with the role)
The role requires a continuous focus on the security of the solutions - understanding the impact of changes at a low-level is essential
Must be able to understand complex analytical problems and use their experience, good judgement, knowledge of alternative options, sophisticated analytical and innovate thought to contribute to the resolution
Solid problem-solving skills and the ability to teach and guide others to do the same

a. Issues may involve
i. Various changes from regulators or other central functions impacting software development
ii. Resolving issues in production at short notice
iii. Assisting support team in L2/L3 capacity as required

Customer centric approach - putting yourself in engineering shoes to achieve the best possible level of service long term

Risk and Control Objective

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise Wide Risk Management Framework and internal Policies and Policy Standards.

Person Specification

Confident, enthusiastic and proactive
Living Barclays Values on daily basis, acting as a role model
Implementing Barclays Mindset on daily basis, acting as a role model
Open minded, aware of being part of a central team full of experienced and senior employees with massive engineering background
Ability to escalate issue to management as appropriate
Not be afraid to go to /call team members / customers to solv