SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
18/06/2024
Project-based
SOC Engineer (with Elastic Experience) - On-site 5 days per week. Contract Type: Inside IR35 - £635 Security Clearance: Active SC is a must-have Methods has a leading cybersecurity function dedicated to safeguarding businesses from evolving digital threats. We are seeking a talented and motivated Security Operations Center (SOC) Engineer with essential experience in Elastic to join our team. If you're passionate about protecting critical data and infrastructure while leveraging cutting-edge technologies, we want to hear from you. Key Responsibilities: SIEM Management : Utilize your expertise in Security Information and Event Management (SIEM) systems, especially Elastic, to configure, monitor, and manage security alerts and incidents. Leverage Elastic's capabilities to analyze and correlate security data for rapid threat detection and response. Elastic Stack Proficiency: Demonstrate deep knowledge and hands-on experience with the Elastic Stack (Elasticsearch, Logstash, Kibana) for security data analysis and threat intelligence. KQL Query Development: Create advanced Kusto Query Language (KQL) queries to proactively identify potential security threats within Azure environments. Harness the power of data analytics to enhance our security posture and provide Real Time threat intelligence. Networking Security: Implement and maintain network security controls and protocols to protect against unauthorized access, data breaches, and network anomalies. Collaborate with network teams to ensure the security of critical infrastructure. Syslog Management: Configure and maintain syslog Servers to collect and analyze logs from various systems and devices. Identify and investigate security incidents leveraging syslog data to enhance threat detection and incident response capabilities. Azure Security Expertise: Work closely with Azure security tools and services to enhance cloud security, including Identity and Access Management (IAM), Network Security Groups (NSG), and Azure Firewall. Continuously improve security policies and practices in line with Azure best practices. Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field. Proven experience in a SOC role, demonstrating strong analytical and problem-solving skills. Deep knowledge of SIEM solutions, with a focus on Elastic and KQL. Familiarity with Azure security and networking principles. Understanding of syslog and log management. Relevant certifications such as CompTIA Security+, CISSP, or Microsoft Certified: Azure Security Engineer Associate are a bonus.
Title: Cloud Platform Engineer - Leading Financial Services Firm (Perm) Salary: 100k + Bonus & Pension Are you a talented Cloud Platform Engineer looking for an exciting opportunity to drive innovation and transformation in a leading financial services firm? Join our dynamic team and play a crucial role in our Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Engineer and secure core platform services across our global footprint - Optimize compute infrastructure to match business demands - Design and operate storage strategy for optimal data storage based on latency, redundancy, and cost - Collaborate with Cloud Security Engineering to automate vulnerability patching processes - Optimize global network for latency and performance to meet business expectations - Automate operational aspects of the infrastructure and systems life cycle - Maintain Azure tagging/naming taxonomies across all Cloud assets - Respond to incidents and ensure availability across the global infrastructure - Build infrastructure with automation tools like PowerShell, Ansible, Terraform, Azure DevOps CI/CD, and Kubernetes - Document actions to turn findings into repeatable and automated processes - Design, build, and maintain core infrastructure to enable scaling and support business growth - Debug production issues across services and levels of the stack Qualifications: - Strong knowledge of virtualization and containerization technologies on Azure - Proficiency in object-oriented programming and developing automated solutions through code - Passion for secure network design and protecting organizations from evolving cyber threats - Continual learning and advancement of Microsoft Azure technologies like Compute, Storage, and Networking - Interest in Open-Source development and industry innovation - Knowledge of configuration management systems like Ansible If you are a passionate Cloud Platform Engineer who thrives in a fast-paced, innovative environment, we'd love to hear from you. Apply now and join us in shaping the future of financial services technology. To apply, please submit your updated CV
18/06/2024
Full time
Title: Cloud Platform Engineer - Leading Financial Services Firm (Perm) Salary: 100k + Bonus & Pension Are you a talented Cloud Platform Engineer looking for an exciting opportunity to drive innovation and transformation in a leading financial services firm? Join our dynamic team and play a crucial role in our Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Engineer and secure core platform services across our global footprint - Optimize compute infrastructure to match business demands - Design and operate storage strategy for optimal data storage based on latency, redundancy, and cost - Collaborate with Cloud Security Engineering to automate vulnerability patching processes - Optimize global network for latency and performance to meet business expectations - Automate operational aspects of the infrastructure and systems life cycle - Maintain Azure tagging/naming taxonomies across all Cloud assets - Respond to incidents and ensure availability across the global infrastructure - Build infrastructure with automation tools like PowerShell, Ansible, Terraform, Azure DevOps CI/CD, and Kubernetes - Document actions to turn findings into repeatable and automated processes - Design, build, and maintain core infrastructure to enable scaling and support business growth - Debug production issues across services and levels of the stack Qualifications: - Strong knowledge of virtualization and containerization technologies on Azure - Proficiency in object-oriented programming and developing automated solutions through code - Passion for secure network design and protecting organizations from evolving cyber threats - Continual learning and advancement of Microsoft Azure technologies like Compute, Storage, and Networking - Interest in Open-Source development and industry innovation - Knowledge of configuration management systems like Ansible If you are a passionate Cloud Platform Engineer who thrives in a fast-paced, innovative environment, we'd love to hear from you. Apply now and join us in shaping the future of financial services technology. To apply, please submit your updated CV
Title: Senior Cloud Security Engineer (Perm) Salary: 100k + Salary + Bonus Are you a passionate and experienced Cloud Security Engineer looking to make a significant impact in a leading Financial firm? Join a dynamic team and play a crucial role in securing their cloud-based assets as we transform our enterprise technology to a Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Design, implement, and maintain secure cloud architectures across our Azure cloud platform - Develop and enforce cloud security policies, procedures, and best practices - Conduct regular security assessments, audits, and penetration testing to identify and mitigate vulnerabilities - Implement and manage cloud security tools and services, such as SIEM, IAM, and DLP - Collaborate with cross-functional teams to ensure the integration of security throughout the IT life cycle - Investigate and respond to security incidents, and develop incident response and disaster recovery plans - Ensure compliance with industry standards and global regulatory frameworks - Provide guidance and training to team members on cloud security best practices - Stay up-to-date with the latest cloud security threats, technologies, and countermeasures Qualifications: - Extensive experience with cloud security architectures and best practices across Azure cloud platform - Deep understanding of cloud security controls, including IAM, network security, data protection, and security logging/monitoring - Knowledge of common security frameworks and compliance standards, such as NIST, ISO 27001, and SOC 2 - Familiarity with security testing methodologies, such as penetration testing and vulnerability assessments - Experience with SIEM tools, such as Splunk, ELK stack, or Azure Sentinel - Understanding of secure coding practices and experience with static code analysis tools - Incident response and forensics skills - Relevant security certifications, such as CISSP, CCSP, or cloud platform-specific certifications - Proficiency in at least one object-oriented programming language - Strong passion for cybersecurity and protecting cloud-based assets in a Financial Services environment If you have a proactive mindset, keen attention to detail, and a desire to continuously learn and adapt to the ever-evolving cloud security landscape, we'd love to hear from you. To apply, please submit your CV
18/06/2024
Full time
Title: Senior Cloud Security Engineer (Perm) Salary: 100k + Salary + Bonus Are you a passionate and experienced Cloud Security Engineer looking to make a significant impact in a leading Financial firm? Join a dynamic team and play a crucial role in securing their cloud-based assets as we transform our enterprise technology to a Cloud-First, Cloud-Native architectural model. Key Responsibilities: - Design, implement, and maintain secure cloud architectures across our Azure cloud platform - Develop and enforce cloud security policies, procedures, and best practices - Conduct regular security assessments, audits, and penetration testing to identify and mitigate vulnerabilities - Implement and manage cloud security tools and services, such as SIEM, IAM, and DLP - Collaborate with cross-functional teams to ensure the integration of security throughout the IT life cycle - Investigate and respond to security incidents, and develop incident response and disaster recovery plans - Ensure compliance with industry standards and global regulatory frameworks - Provide guidance and training to team members on cloud security best practices - Stay up-to-date with the latest cloud security threats, technologies, and countermeasures Qualifications: - Extensive experience with cloud security architectures and best practices across Azure cloud platform - Deep understanding of cloud security controls, including IAM, network security, data protection, and security logging/monitoring - Knowledge of common security frameworks and compliance standards, such as NIST, ISO 27001, and SOC 2 - Familiarity with security testing methodologies, such as penetration testing and vulnerability assessments - Experience with SIEM tools, such as Splunk, ELK stack, or Azure Sentinel - Understanding of secure coding practices and experience with static code analysis tools - Incident response and forensics skills - Relevant security certifications, such as CISSP, CCSP, or cloud platform-specific certifications - Proficiency in at least one object-oriented programming language - Strong passion for cybersecurity and protecting cloud-based assets in a Financial Services environment If you have a proactive mindset, keen attention to detail, and a desire to continuously learn and adapt to the ever-evolving cloud security landscape, we'd love to hear from you. To apply, please submit your CV
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
18/06/2024
Full time
Senior Cyber Security Architect Salary upto £80,000 Description: Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Our mission is to improve and safeguard public-facing services. We apply digital thinking to ensure the future of our public services is centred around our citizens. Our human touch sets us apart from other consultancies, system integrators and software houses - we have a customer-centric value system whereby we focus on delivering what is right for our clients. We passionately support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Methods are experts in delivering secure, resilient cyber and information services - keeping systems and data safe. We help reduce risk and vulnerabilities from cyber-attacks by developing a security road-map tailored to your unique needs. We help organisations improve processes such as threat management by building an identity management programme, and establishing prevention, detection and response capabilities to cyber-attacks. Requirements Ability to research, articulate, pitch complex and innovative security advice, at both business and technical levels, for new or existing problems, with the objective to justify and communicate decisions directly to key customer stakeholders including senior management. Able to understand and comprehend the impact of decisions, balancing requirements and deciding between approaches Develop vision, principles and strategy for security for multiple projects or technologies; working in a particular field as subject matter expert, to support a team in delivering engagements at scale, which may require subtle security needs and requirements, contributing to development of information security policy, standards, procedures and guidelines. Effective business acumen and an understanding of the cyber security challenges faced by client, with the objective to develop our cyber assurance practice, by supporting business development and practice management. Experience of identifying and applying security risk and familiarity with common control frameworks, with the ability investigating major breaches of security and recommending appropriate control improvements. Maintaining awareness of key business and industry trends and understanding how they impact responses to cyber risk, with the contribution of the development of our team through training and coaching. Managing, delivering, leading cyber security and cyber risk assignments, with the management of portfolio of clients, across a variety of sectors and locations, including producing documentation, presentation, reports, recommendations and quality assuring, for the work produced by team members and being the point of escalation for lower grade roles. Providing our clients with trusted advice, rooted in a pragmatic and agnostic understanding of their business situation and objectives, to help them navigate complex, risk-driven cyber decisions. Working as a subject matter expert in your particular field, owning and delivering initiatives to embed quality through learning and other activity, working seamlessly and collaboratively with colleagues and clients from other service lines, supporting a team or colleagues to deliver engagements at scale, with the appropriate reach and influence across the teams and communities. Managing diverse teams within an inclusive team culture where people are recognised and encouraged for their contribution. Essential Skills and Experience: An experienced consultant with a background in Cyber Security Minimum 5-7 years of experience in Information Security related positions Minimum 3-5 years of experience in security architecture Cyber Security Certification eg ISC2 CISSP, ISC2 CCSP, ISACA CISM or similar Certification in AWS or Azure for Architecture and Security or similar IASME/Cyber Essentials Plus Certified Expert knowledge of secure network architecture and technical design Experience in creating secure architecture in either AWS and/or Azure Experience providing expert strategy, risk and technical advice, guidance and support on cyber security, both in business-as-usual and for live and planned projects within our clients' business. Expected to be the point of escalation for architects in lower grade roles and lead technical design of systems and services Broad range of cyber and information security skills, knowledge and experience such as security threats and vulnerabilities that impact/and/or emanate from system hardware, software and other infrastructure components, and relevant strategies, controls and activities to prevent, mitigate, detect and resolve security incidents affecting system hardware, software and other infrastructure components. Experience in gap analysis for specific domains, identify gaps in existing capabilities, service maturity. Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products' convergence over time and products decommissioning. Expert knowledge of identifying, developing and communicating threat modelling and understanding the impact of decisions, balancing requirements and deciding between approaches Research and apply innovative security architecture solutions to new or existing problems and be able to justify and communicate subtle design decisions Able to develop vision, principles and strategy for security architects for projects or technologies Demonstrably experienced in working as an effective member of a multi-disciplinary team and reach & influence a wide range of people across larger teams and communities. Excellent stakeholder management, presentation and communication skills, with the ability to interact with senior stakeholders across department and clients Pro-active approach to personal and professional development. Work closely with your peers in the security architecture group, service and solution architects, engineers, project teams. Must hold, or be able to hold, an HMG Security Check (SC) clearance. Ability to apply standards, practices, codes and assessment of certification programmes relevant to the IT industry and the specific organisation or business domain. Experience in writing and creating Cyber Security documents ie Risk Assessments, ESRM, DPIA etc and produce particular patterns and support quality assurance Knowledge of the IT/IS infrastructure (eg databases and LANs) and the IT applications and service processes used within own organisation, including those associated with sustainability and efficiency. Ability to use any tool or system which provides security access control (eg Active Directory) Showing proficiency in the principles and application of cloud/virtualisation (including ownership responsibilities and security implications) and be able to use tools and systems to manage virtualised environments eg Server/desktop virtualisation and SDDC (Software Defined Data Centre). Benefits Holiday: 25 days a year, plus bank holidays, with the option to buy 5 extra days each year Pension: 4% employer contribution and 5% employee contribution Discretionary bonus: based on company and individual performance Life assurance: 4 times base salary Private medical insurance: non-contributory (spouse and dependants included) Worldwide travel insurance: non-contributory (spouse and dependants included) Enhanced maternity and paternity leave after 18 months service Wellness: 24/7 confidential employee assistance programme, including counselling Social: Parties and social events, and commitment to charitable causes Professional development: access to LinkedIn Learning, and discretionary training budget Travel: season ticket loan, cycle to work scheme Development access to LinkedIn Learning, a management development programme and training Wellness 24/7 Confidential employee assistance programme
Methods Business and Digital Technology Limited Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Methods is currently recruiting for a DevSecOps Engineer (Cyber) Consultant to join our team on a permanent basis. This role will be based on-site Requirements Specialised in cloud management of platforms, applications, data and supporting infrastructure in the capacity of a system administrator of either the AWS or Azure platform Developing automation to support continuous delivery of changes using technologies on the Azure platform. Developing infrastructure as a service configuration to automate the creation of infrastructure and platforms to host test and production systems Building and setting up new development tools and infrastructure Understanding the needs of stakeholders and conveying this to developers Working on ways to automate and improve development and release processes Testing and examining code written by others and analysing results Ensuring that systems are safe and secure against cybersecurity threats Familiar with the NCSC secure design principles Familiar with managing security of cloud platforms, including administration of secrets, tokens and certificates. Working with Architects, Data and Software Engineers to ensure that development follows established processes and works as intended Planning out projects and being involved in project management decisions Responsible for the design, security, and maintenance of cloud infrastructure Making and guiding effective decisions, explaining clearly how the decision has been reached with the ability to understand and resolve technical disputes across varying levels of complexity and risk. Communicating effectively across organisational, technical and political boundaries to understand the context and how to make complex and technical information and language simple and accessible for non-technical audiences. Understanding of how to expose data from systems (for example, through APIs), link data from multiple systems and deliver streaming services. Ensuring that risks associated with deployment are adequately understood and documented. Ideal Candidates will demonstrate: Experience working across cyber security teams would be beneficial Solid infrastructure design experience for both on-prem and cloud, to implement or migrate applications and databases to Azure. Solid experience in a range of technologies and be able to make assessments as to what is best to be used for the projects and the organisation. As well as suggest and develop innovative approaches within constrained projects and environments. Strong experience in software development, change/release management processes, and technical governance to fully understand the typical life cycle and maintenance of live systems. Ability to work with containerization platforms such as Kubernetes, PKS, Docker; cloud provisioning software, including Ansible, Terraform, Azure blueprints, ARM templates; and application performance analysis and monitoring Experience of functional and non-functional testing including automated deployment experience of applications and databases. Understanding of the government digital service manual and standards across Discovery/Alpha/Beta/Live phases. Understanding of SaaS, PaaS, IaaS technologies and the implications of their use compared with bespoke development. Being able to provide training, support and mentoring to the wider business Knowledge of how to ensure that risks associated with deployment are adequately understood and documented. Desirable Skills & Experience: Worked as part of a system support team, managing live systems and triaging & resolving incidents to resolution including management of known defects and issues. Worked as part of multi-disciplinary project team. Experience with Terraform to deploy cloud infrastructure in Azure Experience with Azure DevOps and GitHub Actions to automate the build and deploy of containerised applications Experience implementing effective instrumentation to monitor applications Experience implementing SAST and DAST tooling in deployment pipelines like Trivvy and SonarQube Experience of both AWS and Azure Dev Ops tooling. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected . Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non-contributory (spouse and dependants included) Worldwide Travel Insurance - which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website
18/06/2024
Full time
Methods Business and Digital Technology Limited Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Methods is currently recruiting for a DevSecOps Engineer (Cyber) Consultant to join our team on a permanent basis. This role will be based on-site Requirements Specialised in cloud management of platforms, applications, data and supporting infrastructure in the capacity of a system administrator of either the AWS or Azure platform Developing automation to support continuous delivery of changes using technologies on the Azure platform. Developing infrastructure as a service configuration to automate the creation of infrastructure and platforms to host test and production systems Building and setting up new development tools and infrastructure Understanding the needs of stakeholders and conveying this to developers Working on ways to automate and improve development and release processes Testing and examining code written by others and analysing results Ensuring that systems are safe and secure against cybersecurity threats Familiar with the NCSC secure design principles Familiar with managing security of cloud platforms, including administration of secrets, tokens and certificates. Working with Architects, Data and Software Engineers to ensure that development follows established processes and works as intended Planning out projects and being involved in project management decisions Responsible for the design, security, and maintenance of cloud infrastructure Making and guiding effective decisions, explaining clearly how the decision has been reached with the ability to understand and resolve technical disputes across varying levels of complexity and risk. Communicating effectively across organisational, technical and political boundaries to understand the context and how to make complex and technical information and language simple and accessible for non-technical audiences. Understanding of how to expose data from systems (for example, through APIs), link data from multiple systems and deliver streaming services. Ensuring that risks associated with deployment are adequately understood and documented. Ideal Candidates will demonstrate: Experience working across cyber security teams would be beneficial Solid infrastructure design experience for both on-prem and cloud, to implement or migrate applications and databases to Azure. Solid experience in a range of technologies and be able to make assessments as to what is best to be used for the projects and the organisation. As well as suggest and develop innovative approaches within constrained projects and environments. Strong experience in software development, change/release management processes, and technical governance to fully understand the typical life cycle and maintenance of live systems. Ability to work with containerization platforms such as Kubernetes, PKS, Docker; cloud provisioning software, including Ansible, Terraform, Azure blueprints, ARM templates; and application performance analysis and monitoring Experience of functional and non-functional testing including automated deployment experience of applications and databases. Understanding of the government digital service manual and standards across Discovery/Alpha/Beta/Live phases. Understanding of SaaS, PaaS, IaaS technologies and the implications of their use compared with bespoke development. Being able to provide training, support and mentoring to the wider business Knowledge of how to ensure that risks associated with deployment are adequately understood and documented. Desirable Skills & Experience: Worked as part of a system support team, managing live systems and triaging & resolving incidents to resolution including management of known defects and issues. Worked as part of multi-disciplinary project team. Experience with Terraform to deploy cloud infrastructure in Azure Experience with Azure DevOps and GitHub Actions to automate the build and deploy of containerised applications Experience implementing effective instrumentation to monitor applications Experience implementing SAST and DAST tooling in deployment pipelines like Trivvy and SonarQube Experience of both AWS and Azure Dev Ops tooling. This role will require you to have or be willing to go through Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected . Details of this will be discussed with you at interview. Benefits Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non-contributory (spouse and dependants included) Worldwide Travel Insurance - which is non-contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website
Intuition IT Solutions Ltd
Hereford, Herefordshire
SC Cleared SIEM Engineer (SOC and Elasticsearch) - Inside IR35 - Hereford Intuition IT are currently working with a leading consultancy within the Public sector who are look for a SIEM engineer who has Elasticsearch experience. Responsibilities: Threat Detection and Analysis: Utilize your expertise in Elastic to monitor, detect, and analyze potential security threats and incidents. Incident Response: Lead or assist in the response to security incidents, conducting investigations to identify the root cause and implementing mitigation strategies. Log Analysis and Monitoring: Analyze and correlate log data from various sources to identify potential security incidents, anomalies, and trends. Elasticsearch Expertise: Leverage your proficiency in Elastic tools and technologies to optimize search queries, build dashboards, and develop custom alerts for proactive threat detection. Collaboration: Work closely with other members of the SOC team, as well as cross-functional teams, to share insights, collaborate on incident response, and improve overall security posture. Continuous Improvement: Stay abreast of the latest cybersecurity trends, vulnerabilities, and threat intelligence to contribute to the continuous improvement of security processes and procedures.
17/06/2024
Project-based
SC Cleared SIEM Engineer (SOC and Elasticsearch) - Inside IR35 - Hereford Intuition IT are currently working with a leading consultancy within the Public sector who are look for a SIEM engineer who has Elasticsearch experience. Responsibilities: Threat Detection and Analysis: Utilize your expertise in Elastic to monitor, detect, and analyze potential security threats and incidents. Incident Response: Lead or assist in the response to security incidents, conducting investigations to identify the root cause and implementing mitigation strategies. Log Analysis and Monitoring: Analyze and correlate log data from various sources to identify potential security incidents, anomalies, and trends. Elasticsearch Expertise: Leverage your proficiency in Elastic tools and technologies to optimize search queries, build dashboards, and develop custom alerts for proactive threat detection. Collaboration: Work closely with other members of the SOC team, as well as cross-functional teams, to share insights, collaborate on incident response, and improve overall security posture. Continuous Improvement: Stay abreast of the latest cybersecurity trends, vulnerabilities, and threat intelligence to contribute to the continuous improvement of security processes and procedures.
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
17/06/2024
Full time
About the Role Our client is currently seeking a Cyber Issues Manager to join their team. As a Cyber Issues Manager, you will have the unique opportunity to work on and support groundbreaking cyber security and networking technologies on a national and international scale. Your role will involve working on research and development projects to secure telecommunications networks, making the UK the safest place to live and do business online. You will play a vital role in managing security-related issues across the telecommunications projects. This includes triaging these issues, communicating the results to relevant parties, and working with equipment vendors and others to resolve them. Your knowledge, experience, and networks will be crucial to ensure its relevance and representation. About You Significant experience in telecoms network environment, ideally in identifying and communicating security-related issues. Strong understanding of relevant legislation, such as the Telecommunications (Security) Act 2021. Technical leadership in telecoms security or equivalent cyber security. In-depth knowledge of network protocols, software workings, and security vulnerabilities. Experience working with telecoms infrastructure equipment vendors and UK Communications Service Providers. Understanding of hardware and software development life cycles. Applied knowledge of cryptographic algorithms/standards, data structures, and distributed systems. DV clearance with no restrictions or the ability to obtain DV clearance. About Us Our client aims to provide cutting-edge technology to secure telecommunications networks, accelerate the rollout of 5G, and diversify the supply chain market. As part of this initiative, our client, plays a crucial role in providing measurement science, engineering, and technology to ensure the highest standards of cyber security. If you want to be part of an innovative team and contribute to securing the UK's telecommunications networks, apply now!
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
14/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
- Head of Infrastructure/Site Reliability - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
14/06/2024
Full time
- Head of Infrastructure/Site Reliability - Glasgow/Hybrid - Excellent Salary & Benefits Package - Immediate Start Fantastic new opportunity to the market to join our Glasgow-based Fintech client, specialising in managed Cloud provision. The business is entering a growth phase and now recruiting for a seasoned Head of Site Reliability with an infrastructure background, as they continue to grow their tech team from their newly opened, state-of-the-art tech hub in Glasgow. This is a key hire and the first in this space, as the business begins to build out their new Site Reliability team. The successful candidate will be responsible for building out the function, providing true leadership and co-ordination, whilst having a breadth of technical know-how. This opportunity is truly greenfield in nature and offers a blank canvas to implement plans and procedures with the aim of improving the infrastructure reliability, security and functionality with automation at the forefront. Reporting into the COO, you will be a natural leader of people and teams, with the goal of collaborating on the design, deployment, and maintenance of the global infrastructure and to provide system support for the Security, Network Operations and Development teams. The role would ideally suit an experienced automation-focused individual with comprehensive working infrastructure knowledge of Windows and Linux environments (RHEL, Ubuntu), as well as network operating systems experience. Commercial use of Infrastructure-As-Code (IAC) tooling such as Terraform and Ansible is also beneficial. Candidates who are proactive and dedicated are preferred, as this role is highly visible. You will also be a significant contributor to the team's IT success, supporting and delivering infrastructure and solutions and working directly with data centre, network, software development and project teams alike. Key Skills & Experience Proven experience in a site reliability engineering, DevOps, or similar role, with multiple years in a leadership position. Extensive background in cloud computing services (AWS, Google Cloud or Azure) Container orchestration technology exposure (eg Kubernetes). Proficiency in automation Knowledge of Scripting languages (Python, Shell or Go). Knowledge of Cyber Security principles and best practices. Knowledge of regulatory environments and compliance standards Exceptional problem-solving skills Ability to work under pressure in a fast-paced environment. Excellent communication and leadership abilities Strong track-record of building and motivating high-performing teams. Bachelor's or master's degree in Computer Science, Engineering, or a related field.The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below) The above is not exhaustive. Please forward your CV to discuss this requirement in more detail to (see below)
Lead PHP (Laravel) Developer- £80k + 20% Bonus - Join a fintech specialist supporting financial advisers, property developers and homeowners. As a Lead PHP Developer you will be working on a large scale greenfield project and a Legacy system which will be modernised following the companies widescale development upscale. You will be involved in marking architectural decisions, contributing to design patterns, create new web-based applications. Location: X2 week in Watford Office, WD17 1EU Salary: £75,000-£80,000 + 20% bonus Key responsibilities: Assist in architecting, design, development, implementation of complex web-based applications and core utilities Collaborate with divisional architects, lead engineers and other engineers to set web-based architectural standards for the division Help to maintain and develop the company's software applications Provide a level of mentorship to junior developers (when necessary) Effectively manage time and convey progress whilst working on multiple tasks Assist in improving the company's deployment processes Interpret and evaluate business requirements and contribute to the design of applications Write and review technical and non-technical specifications Our Expectation for the ideal candidate Senior level Knowledge and Experience with PHP and Laravel Senior level Knowledge and Experience in Javascript (Preferable Vue.js) Strong command line use of Git. Knowledge of Zend framework. In depth experience with MySQL obust knowledge around cyber security (vunerabilities, mitigations, dependencies) Previous experience designing and building cloud SaaS Applications Previous experience using JIRA & Confluence. If you're interested in joining a Fintech company who strive on modernising their technology by adopting new technology and promoting a high quality engineering environment. Please get in touch with a up to date CV to get a conversation rolling. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
14/06/2024
Full time
Lead PHP (Laravel) Developer- £80k + 20% Bonus - Join a fintech specialist supporting financial advisers, property developers and homeowners. As a Lead PHP Developer you will be working on a large scale greenfield project and a Legacy system which will be modernised following the companies widescale development upscale. You will be involved in marking architectural decisions, contributing to design patterns, create new web-based applications. Location: X2 week in Watford Office, WD17 1EU Salary: £75,000-£80,000 + 20% bonus Key responsibilities: Assist in architecting, design, development, implementation of complex web-based applications and core utilities Collaborate with divisional architects, lead engineers and other engineers to set web-based architectural standards for the division Help to maintain and develop the company's software applications Provide a level of mentorship to junior developers (when necessary) Effectively manage time and convey progress whilst working on multiple tasks Assist in improving the company's deployment processes Interpret and evaluate business requirements and contribute to the design of applications Write and review technical and non-technical specifications Our Expectation for the ideal candidate Senior level Knowledge and Experience with PHP and Laravel Senior level Knowledge and Experience in Javascript (Preferable Vue.js) Strong command line use of Git. Knowledge of Zend framework. In depth experience with MySQL obust knowledge around cyber security (vunerabilities, mitigations, dependencies) Previous experience designing and building cloud SaaS Applications Previous experience using JIRA & Confluence. If you're interested in joining a Fintech company who strive on modernising their technology by adopting new technology and promoting a high quality engineering environment. Please get in touch with a up to date CV to get a conversation rolling. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
13/06/2024
Full time
*We are unable to sponsor as this is a permanent Full time role* *Hybrid 3 days onsite 2 days remote* A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required. Responsibilities: Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities. Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs. Administration of the GRC technology platforms. Qualifications Bachelor's degree or five (5) years of work experience in IT Security is required. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required. Technical writing experience is required. Experience with instructional content educational writing strongly preferred. Strong knowledge of risk management principles and practices are required. Strong knowledge of security administration and role-based security controls are required. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Interview, gather, and understand content from subject-matter experts. Maintain accurate records and manage client security and risk requests. Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Request Technology - Craig Johnson
Chicago, Illinois
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
12/06/2024
Full time
*We are unable to sponsor for this permanent Full time role* *Position is bonus eligible* Prestigious Global Firm is currently seeking a GRC Security Risk Specialist. Candidate will work on the Governance, Risk Compliance team, leads and executes the programs within the GRC team, is a subject matter expert for Information Security (consulting to technical/non-technical management and the user community), and performs key risk management functions within the Security Governance department. Primary functions include life cycle management of client responses, Policy & Standards life cycle management, Security Vendor Risk program management, Security Awareness, Controls Assurance, and GRC platform and program management. Responsibilities: Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation. Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cyber security and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff. Manage and support the 3rd Party Security Vendor Risk Management program and lifec-ycle. Manage the exception request process and consult as needed. Lead the Security Awareness program. This includes road-map development, measurement, and evaluation of cyber training/education courses and methods based on instructional needs. Management and support of the GRC technology platforms. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Qualifications: Bachelor's degree or five (5) years of work experience in IT Security is required. Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required Prior IT Security experience in the legal industry experience is preferred. Technical writing experience is required. Experience with instructional content, educational writing, and technical writing strongly preferred. Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred. Three or more years of experience managing timelines and being self-directed preferred. Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred. Client focus, including tact and diplomacy is required. Interview, gather, and understand content from subject-matter experts Maintain accurate records and manage client security and risk requests Ability to perform as primary Security Subject Matter Expert (SME). Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation. Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm s security program and controls. Demonstrate the ability to create and maintain security policy, standard, guideline and procedure documents. Demonstrate the ability to communicate effectively technical topics at an appropriate level of detail to varied audiences - including IT Subject Matter Experts, senior management and non-technical users. Communicates succinctly and effectively Strong organization and problem-solving skills required Strong project and time management skills required Strong reading comprehension skills required Strong analytical ability with excellent written and verbal communication skills required Strong PC skills with Microsoft (ie Word, Excel, PowerPoint) required Ability to work independently and as a group member is required SharePoint administration is preferred for team Intranet site management Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options. Strong knowledge of risk management principles and practices. Strong knowledge of security administration and role-based security controls. Strong knowledge and use of GRC platforms. Knowledge of host and network-based anti-malware technologies. Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote. Knowledge of client and server Firewalling technologies and capabilities. Knowledge of security event management (SIEM), event correlation and analysis technologies. Knowledge of data encryption technologies. Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities. Knowledge of web filtering and email SPAM prevention techniques. Knowledge of vulnerability assessment and forensic investigations tools. Knowledge of mobile device security and Mobile Device Management solutions. Knowledge of Privileged Access Management technologies. Preferred Skills: Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
Proficiency in French would be desirable. Role Description and Responsibilities Expert represents both the different stakeholders and the internal client's voice by identifying their expectations, preferences and aversions, which he translates into business requirements. The Expert must ensure the perfect understanding of the products on the part of the engineering team, as well as its progress. The expert is responsible for defining stories, prioritizing the backlog and organizing the execution of operational priorities, while maintaining the conceptual and technical integrity of the features/user stories. The expert has a significant role in quality and is empowered to judge if stories are finalized or not. Responsible for translating the Cyber Defence vision and strategy into target operating model and processes for the Security Logging & Monitoring capabilities. Communicate the Security Logging & Monitoring target operating model and processes effectively to key stakeholders and Cyber Defence team members. Incorporates stakeholder input into product roadmap while effectively negotiating priorities based on value. Works day to day with stakeholders and different IT teams clarifying requirements, removing roadblocks, constantly communicating and gaining alignment around the Security Logging & Monitoring capabilities. Ensures delivery of Security Logging & Monitoring yearly roadmap, partners with delivery teams to ensure deliverables are clear, removes barriers for Cyber Defence team members and resolves open issues/questions quickly and efficiently. Sets the quality standard for delivery. Develops test plans and monitoring user story acceptance criteria, reviews each deliverable and provide feedback to team and improve team processes. Leads problem resolution as needed to ensure a prompt and efficient service. Responsible for Security Logging & Monitoring key performance indicators (KPI's). Have an ability to translate a complex applicative ecosystem, distributed across many layers, devices, data flows applications and relevant threat factors (actors, attack techniques, attack tools, ) into number of detection conditions (event, a log source, a detection logic) required to develop effective applicative detection use cases.
12/06/2024
Project-based
Proficiency in French would be desirable. Role Description and Responsibilities Expert represents both the different stakeholders and the internal client's voice by identifying their expectations, preferences and aversions, which he translates into business requirements. The Expert must ensure the perfect understanding of the products on the part of the engineering team, as well as its progress. The expert is responsible for defining stories, prioritizing the backlog and organizing the execution of operational priorities, while maintaining the conceptual and technical integrity of the features/user stories. The expert has a significant role in quality and is empowered to judge if stories are finalized or not. Responsible for translating the Cyber Defence vision and strategy into target operating model and processes for the Security Logging & Monitoring capabilities. Communicate the Security Logging & Monitoring target operating model and processes effectively to key stakeholders and Cyber Defence team members. Incorporates stakeholder input into product roadmap while effectively negotiating priorities based on value. Works day to day with stakeholders and different IT teams clarifying requirements, removing roadblocks, constantly communicating and gaining alignment around the Security Logging & Monitoring capabilities. Ensures delivery of Security Logging & Monitoring yearly roadmap, partners with delivery teams to ensure deliverables are clear, removes barriers for Cyber Defence team members and resolves open issues/questions quickly and efficiently. Sets the quality standard for delivery. Develops test plans and monitoring user story acceptance criteria, reviews each deliverable and provide feedback to team and improve team processes. Leads problem resolution as needed to ensure a prompt and efficient service. Responsible for Security Logging & Monitoring key performance indicators (KPI's). Have an ability to translate a complex applicative ecosystem, distributed across many layers, devices, data flows applications and relevant threat factors (actors, attack techniques, attack tools, ) into number of detection conditions (event, a log source, a detection logic) required to develop effective applicative detection use cases.