Apply now!

In a rush? Simply drop off your CV by clicking on the button to your right, and we'll get in contact if we have a suitable vacancy.

Lead Security and Information Risk Advisor

Location:
Greater London
Sector:
Commercial
Job Type:
Contract
Salary:
Negotiable
Reference:
073931

Role

Security Analyst
London
Contract

Job Description:
• As the lead Security Analyst working on the Analytical Platform, you will join a talented S&P team of cybersecurity consultants, offensive security engineers, security operation engineers and strategic risk advisors that provide advice, guidance and direction to the whole of the MOJ.
• You will work closely with a cybersecurity consultant on the Analytical Platform to identify security gaps, advise on if and when they need mitigation, design security controls for proportional resolution and be the primary hands-on implementer for them, working with the Analytical Platform development team.

Technologies:
• The Analytical Platform is hosted on Amazon Web Services ('AWS') using Kubernetes. It leverages Auth0 for authentication, GitHub for application/infrastructure code storage and primarily Terraform to provision cloud resources.
• Most of the MOJ systems you may interact with are on AWS, but we also use Azure. We author in Python, JavaScript and Go. We version control with Git.

Main Responsibilities:
• Develop and automate security capabilities
• Identify low-level through to strategic gaps in defences
• Advise on security measures that should be implemented
• Implement technical security measures
• Promote security awareness within MOJ teams
• Support technical security incident response

Skills & Experience:
Essential-
• Experience with scripting threat and vulnerability management solutions, application security and using analytics to understand/influence such changes
• A good understanding of Python or another modern scripting language
• The ability to use AWS & Linux operating systems using non-graphical interfaces with ease
• Experience with securing AWS (in particular, IAM, S3 and EC2)
• Experience with securing Linux-based containers
• Experience with version control through Git
• Experience with proactively investigating, analysing, managing and mitigating/resolving security incidents
• Excellent communication skills
• Knowledge of web application (example include REST/gRPC, APIs, role-based access, OWASP Top 10) and cloud infrastructure vulnerabilities and common remediation techniques
• Knowledge of security monitoring, prevention and control systems including but not limited to firewalls, IDS/IPS, web proxies, antivirus and log correlation solutions
Desirable-
• Understanding of how technical security fits in within wider threat models
• Experience with securing Kubernetes
• Experience designing and implementing multi-account AWS structures
• Experience designing and implementing cross-account AWS IAM roles and using assume-role
• Experience of security automation using a wider set of scripting languages, such as Perl, Python, Ruby, and/or Bash as well as the configuration of infrastructure with code automation (e.g. Atlassian tools, Ansible, Puppet, or Chef)
• Experience with version control software and job execution tools beyond Git, such as GoCD, Octopus, Jenkins, RunDeck, SaltStack
• Experience with cloud platforms to include virtualization, containerisation and orchestration technologies on Azure
• Experience with implementing/securing federated identity solutions using OAuth and OIDC
• Experience of secure coding and testing across a variety of tools (static, dynamic, and both automated and manual) and vulnerability management
• Knowledge of security architectures, in particular for modern digital services, including how they are developed and operated safely at scale
• Experience with log aggregation tools such as Splunk
• Experience with SIEM tools such as LogRhythm
• Knowledge of penetration testing (or 'red teaming') and related disciplines.
• Recognised security certifications (particularly from AWS)
 
At First Recruitment we understand just how important it is to secure the right people. That's why our consultants always take the time to understand requirements in detail and offer sound advice to both clients and candidates.

This is a superb opportunity for anyone looking to work for a reputable organisation.

Recommended for You

Related Jobs

Recently Viewed

  1. Lead Security and Information Risk Advisor

    073931

    Greater London

    Negotiable

Testimonials

Help us with our survey
Do you feel the jobs market has picked up?