Security Architect

Description

Remote is seeking a Security Architect to join the team at ASD. The Security Architect will produce a secure product meeting REDSPICE Resilience goals and work cross-functionally to assess risk and deliver countermeasures protecting customers and company data.

Role Information

Job Duties and Responsibilities

• Work with vendors, product owners and developers to implement the solutions that will minimise existing operational risk through identifying and manage risk treatment register.

• Ensure processes align with project delivery, operational standards/controls, and recommended secure configuration improvements.

• Work collaboratively with product owners and developers to identify, test, and assess security controls in alignment with the PSPF, ISM, E8 and organisational policy.

• Contribute to the implementation of the CNAPP/SASE tooling across our cloud platforms.

• Collaboration with cloud platform and technology teams to ensure that CNAPP/SASE capability is successfully integrated.

• Work in a complex and fast moving environment to be proficient across cloud security best practice.

• Monitor, report and improve security posture in AWS environments by tracking remediation of security gaps and vulnerabilities by severity.

Technical skills

• At least 5 years experience working as a Cloud Security Engineer Strong technical experience and proficient across cloud security best practice.

• Deep understanding of AWS and/or Azure cloud platform infrastructure, and securing cloud environments on AWS.

• Proven experience in implementing and managing security controls.

• Experience working as a AWS Cloud Security Engineer.

• Experience managing complex projects.

• Experience in Atlassian JIRA/Confluence.

• Experience in IRAP assessment highly desirable.

Essential criteria

1. Information assurance: Level 5 (SFIA)

Interprets information assurance and security policies and applies these to manage risks. Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines. Plans, organises and conducts information assurance and accreditation of complex domains areas, cross-functional areas, and across the supply chain. Contributes to the development of policies, standards and guidelines.

1. Information security: Level 5 (SFIA)

Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards. Contributes to development of information security policy, standards and guidelines. Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security, and recommends appropriate control improvements. Develops new architectures that mitigate the risks posed by new technologies and business practices.

1. Network design: Level 5 (SFIA)

Produces, or approves network providers', network architectures, topologies and configuration databases for own area of responsibility. Specifies design parameters for network connectivity, capacity, speed, interfacing, security and access, in line with business requirements. Assesses network-related risks and specifies recovery routines and contingency procedures. Creates multiple design views to address the different stakeholders' concerns and to handle both functional and non-functional requirements.

1. Specialist advice: Level 5 (SFIA)

Provides definitive and expert advice in their specialist area. Actively maintains recognised expert level knowledge in one or more identifiable specialisms. Oversees the provision of specialist advice by others. Consolidates expertise from multiple sources, including third-party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation.

1. Systems design: Level 5 (SFIA)

Designs large or complex systems and undertakes impact analysis on major design options and trade-offs. Ensures that the system design balances functional and non-functional requirements. Reviews systems designs and ensures that appropriate methods, tools and techniques are applied effectively. Makes recommendations and assesses and manages associated risks. Adopts and adapts system design methods, tools and techniques. Contributes to development of system design policies, standards and selection of architecture components.

Desirable criteria

1. Consultancy: Level 5 (SFIA)

Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution. Identifies, evaluates and recommends options. Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements. Seeks to fully address client needs and implements solutions if required. Enhances the capabilities and effectiveness of clients, by ensuring that proposed solutions are fully understood and appropriately exploited.

1. Emerging technology monitoring: Level 5 (SFIA)

Monitors the external environment to gather intelligence on emerging technologies. Assesses and documents the impacts, threats and opportunities to the organisation. Creates reports and technology roadmaps and shares knowledge and insights with others.

1. Enterprise and business architecture: Level 5 (SFIA)

Develops models and plans to drive the execution of the business strategy, taking advantage of opportunities to improve business performance. Contributes to creating and reviewing a systems capability strategy which meets the business's strategic requirements. Determines requirements and specifies effective business processes, through improvements in technology, information or data practices, organisation, roles, procedures and equipment.

1. Innovation: Level 5 (SFIA)

Manages the innovation pipeline and executes innovation processes. Develops and adapts innovation tools, processes and infrastructures to drive the process of innovation. Identifies resources and capabilities needed to support innovation. Encourages and motivates innovation communities, teams and individuals to share creative ideas and learn from failures. Manages and facilitates the communication and open flow of creative ideas between interested parties and the set-up of innovation networks and communities.

Click here to request a response template

Click here if you'd like us to contact you to discuss further.