Vallum
Reading, Berkshire
Job: Security Architect Location: Reading, UK, Hybrid Job Type: Permanent Job Description We are seeking a highly skilled and experienced Security Architect to join our team who will be responsible for development of the Security Architecture that ensures the appropriate protection of all aspects of security, (people, process, electronic, data, physical) in Spring Fibre. You will be a subject matter expert and provide security guidance and recommendations to technology/business teams and contribute toSpring's security policies, standards, and guidelines related to information and Network security. This is a technical role and suitable for someone who has hands on experience in Cybersecurity. Responsibilities Help develop an Enterprise Security Architecture Framework, including patterns for identity & authentication, authorization and access control, cryptographic key and certificate management, auditing and security monitoring, data leakage prevention, privacy enhancement & protection and other standards in alignment with Enterprise Architect platforms. Establish metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function. Identify, register and maintain security risks throughout their lifetimes, including agreeing treatment of risks with their owners, and reporting &escalating to Internal Audit and the CIO, when necessary. Develop, review and update security & privacy policies & standards and provide awareness guidelines, implementation and exceptions advice. Engage with owners & custodians of BAU IT systems to understand the architecture, data flow and security controls in their systems. Conduct periodic security compliance assessments and ISO 27001/2 reviews of BAU IT applications, infrastructures & ISMS. Review the security posture of potential M&A acquisition targets. Requirement Mapping long term business requirements to security architecture frameworks such as NIST, CIS etc. Experience delivering Hybrid Cloud and Internet facing applications with a strong focus on cyber security. Broad hands-on knowledge of Firewalls, intrusion detection systems, data encryption, and other industry-standard techniques and practices. Strong knowledge of IT infrastructure, IP Networking, security best practices, and automation technologies. Application security: including but not limited to: authentication, identity and access management, auditing, use of cryptography, data security, privacy enhancing technologies, web services security, OWASP, threat & vulnerability management and secure code development methodologies. Infrastructure security: including but not limited to: network security, host security, database security, device security, VPNs & SSLs, secure file transfers, security event monitoring, malware security and cyber security. Operational security: including but not limited to: incident management, change & patch management, data centre & physical security, backups, DR & BCP, outsourcing, managed services, cloud computing, asset management, cryptographic keys & certificate management, PCI DSS and DPA compliance and ISO 27001/2. Analysing network security controls, including Firewall and Router security configuration. Preferred Delivering the security review processes and frameworks, with full audit trail. Managing multiple security assessments and changing priorities, simultaneously Ensuring Security Architecture Review is built into group wide and business specific processes for acquiring and developing new technology,including developing any needed processes. Aligning business requirements to complex security architecture frameworks. Skills Required: In depth knowledge of: Firewall: Juniper/Cisco/PaloAlto. Onion Security, Splunk, Suricata, Kali. Application Security. Identity and Access Management. Data Protection. Endpoint Security. Cyber Security Operations. Experienced with Threat Modelling. Pen testing and basic incident response. Scripting languages ( python, or PowerShell/building dashboards/au-tomating common tasks) Preferred: Experience in designing systems against a zero-trust architecture. Experience with designing SOC architectures (ie SIEM, SOAR and vulnerability management solutions). Expert-level certification in either AWS or Azure, with a Security specialization. Experience in working within regulated environments, such as PCI-DSS Experience in defining secure development life cycles. Qualifications Bachelor's Degree in either Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, Math, Physics. CISSP, Certified Information Systems Security Professional, International Information Systems Security Certification Consortium (ISC2) Certification, Microsoft Azure Solutions Architect, or AWS Solutions Architect.
Job: Security Architect Location: Reading, UK, Hybrid Job Type: Permanent Job Description We are seeking a highly skilled and experienced Security Architect to join our team who will be responsible for development of the Security Architecture that ensures the appropriate protection of all aspects of security, (people, process, electronic, data, physical) in Spring Fibre. You will be a subject matter expert and provide security guidance and recommendations to technology/business teams and contribute toSpring's security policies, standards, and guidelines related to information and Network security. This is a technical role and suitable for someone who has hands on experience in Cybersecurity. Responsibilities Help develop an Enterprise Security Architecture Framework, including patterns for identity & authentication, authorization and access control, cryptographic key and certificate management, auditing and security monitoring, data leakage prevention, privacy enhancement & protection and other standards in alignment with Enterprise Architect platforms. Establish metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function. Identify, register and maintain security risks throughout their lifetimes, including agreeing treatment of risks with their owners, and reporting &escalating to Internal Audit and the CIO, when necessary. Develop, review and update security & privacy policies & standards and provide awareness guidelines, implementation and exceptions advice. Engage with owners & custodians of BAU IT systems to understand the architecture, data flow and security controls in their systems. Conduct periodic security compliance assessments and ISO 27001/2 reviews of BAU IT applications, infrastructures & ISMS. Review the security posture of potential M&A acquisition targets. Requirement Mapping long term business requirements to security architecture frameworks such as NIST, CIS etc. Experience delivering Hybrid Cloud and Internet facing applications with a strong focus on cyber security. Broad hands-on knowledge of Firewalls, intrusion detection systems, data encryption, and other industry-standard techniques and practices. Strong knowledge of IT infrastructure, IP Networking, security best practices, and automation technologies. Application security: including but not limited to: authentication, identity and access management, auditing, use of cryptography, data security, privacy enhancing technologies, web services security, OWASP, threat & vulnerability management and secure code development methodologies. Infrastructure security: including but not limited to: network security, host security, database security, device security, VPNs & SSLs, secure file transfers, security event monitoring, malware security and cyber security. Operational security: including but not limited to: incident management, change & patch management, data centre & physical security, backups, DR & BCP, outsourcing, managed services, cloud computing, asset management, cryptographic keys & certificate management, PCI DSS and DPA compliance and ISO 27001/2. Analysing network security controls, including Firewall and Router security configuration. Preferred Delivering the security review processes and frameworks, with full audit trail. Managing multiple security assessments and changing priorities, simultaneously Ensuring Security Architecture Review is built into group wide and business specific processes for acquiring and developing new technology,including developing any needed processes. Aligning business requirements to complex security architecture frameworks. Skills Required: In depth knowledge of: Firewall: Juniper/Cisco/PaloAlto. Onion Security, Splunk, Suricata, Kali. Application Security. Identity and Access Management. Data Protection. Endpoint Security. Cyber Security Operations. Experienced with Threat Modelling. Pen testing and basic incident response. Scripting languages ( python, or PowerShell/building dashboards/au-tomating common tasks) Preferred: Experience in designing systems against a zero-trust architecture. Experience with designing SOC architectures (ie SIEM, SOAR and vulnerability management solutions). Expert-level certification in either AWS or Azure, with a Security specialization. Experience in working within regulated environments, such as PCI-DSS Experience in defining secure development life cycles. Qualifications Bachelor's Degree in either Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, Math, Physics. CISSP, Certified Information Systems Security Professional, International Information Systems Security Certification Consortium (ISC2) Certification, Microsoft Azure Solutions Architect, or AWS Solutions Architect.
ARM (Advanced Resource Managers)
Rochester, Kent
A leading Defence client of ours is currently looking for a Principal Systems Engineer within their Defence team to work on a variety of safety/mission critical projects. The right candidate will be responsible for understanding the customers complex needs and developing, validating & managing Systems requirements at all levels. What you'll be doing: * Developing complex system architectures and sub-systems using a Model Based Systems Engineering approach * Integration, analysis and test of Real Time systems containing multiple technical disciplines such as electronic, mechanical, optical and software sub-systems. * Taking accountability for collaborative technical work package execution and associated outcomes * Providing guidance, coaching and nurturing talent in other engineers * Verifying that customer needs are satisfied * Steering new and improved systems development through implementation whilst making use of best practice systems life cycle processes alongside techniques such as Learn First and Agile Your skills and experiences: Essential: * Proven experience developing systems in relevant product markets and/or domains, such as control systems, Real Time displays or other safety related systems * Proven experience in requirements management, design analyses, modelling and simulation, using tools such as DOORS, Siemens Polarion, Enterprise Architect, MATLAB and/or Simulink and design methodologies such as SysML * A degree or equivalent qualification in a relevant Scientific/Engineering subject (eg Systems Engineering, Electronic Engineering, Physics or Mathematics) Desirable: * Experience in integration, test, and/or verification of Real Time and/or safety related systems * Understanding of safety assessment processes including how these processes influence the design * Customer and/or supplier liaison experience for technical aspects, verifying and obtaining agreement that customer needs are satisfied * An understanding of information assurance, cyber security and environmental impact aspects relating to Real Time Embedded engineering products Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
A leading Defence client of ours is currently looking for a Principal Systems Engineer within their Defence team to work on a variety of safety/mission critical projects. The right candidate will be responsible for understanding the customers complex needs and developing, validating & managing Systems requirements at all levels. What you'll be doing: * Developing complex system architectures and sub-systems using a Model Based Systems Engineering approach * Integration, analysis and test of Real Time systems containing multiple technical disciplines such as electronic, mechanical, optical and software sub-systems. * Taking accountability for collaborative technical work package execution and associated outcomes * Providing guidance, coaching and nurturing talent in other engineers * Verifying that customer needs are satisfied * Steering new and improved systems development through implementation whilst making use of best practice systems life cycle processes alongside techniques such as Learn First and Agile Your skills and experiences: Essential: * Proven experience developing systems in relevant product markets and/or domains, such as control systems, Real Time displays or other safety related systems * Proven experience in requirements management, design analyses, modelling and simulation, using tools such as DOORS, Siemens Polarion, Enterprise Architect, MATLAB and/or Simulink and design methodologies such as SysML * A degree or equivalent qualification in a relevant Scientific/Engineering subject (eg Systems Engineering, Electronic Engineering, Physics or Mathematics) Desirable: * Experience in integration, test, and/or verification of Real Time and/or safety related systems * Understanding of safety assessment processes including how these processes influence the design * Customer and/or supplier liaison experience for technical aspects, verifying and obtaining agreement that customer needs are satisfied * An understanding of information assurance, cyber security and environmental impact aspects relating to Real Time Embedded engineering products Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.