Lead Security Engineer

Description:

As a Lead Security Engineer you will work closely with clients to help inform their security strategy and to ensure our teams are delivering secure digital services and cloud-based platforms, aligned to our customers risk tolerance. You will need to be comfortable sharing your knowledge and skills with others. We’d love to hear some examples of mentoring, coaching and growing team members. Maybe you will have written some blog posts about your discipline, or perhaps even delivered a talk or two.

The following skills will be assessed during the application process

• Working within a technology consultancy
• Strong understanding of integrating security as part of a multidisciplinary approach to delivering digital services (products) and platforms utilising a DevSecOps approach and enabling Continuous Security as part of wider CI/CD tools and practices
• Up-to-date understanding of, and ensuring compliance to, security standards and regulations including GDS Technology Code of Practice, NCSC Cyber Principles, ISO27001, SoC, NIST, PCI, and GDPR
• Up-to-date understanding of testing the security of software and infrastructure using appropriate security tools including automated cloud-based tooling
• Up-to-date understanding of network security (e.g. OSI, TCP/IP), web application security (e.g. OWASP) and cryptographic controls (e.g. PKI, TLS)
• Up-to-date understanding of identity management and authentication/authorisation products and patterns
• Evidence of self-development – we value keen learners
• Drive to deliver outcomes for users
• Desire to mentor others
• Empathy and people skills