Technical Information Security Consultant

Technical Information Security Consultant required for market-leading financial services firm. The role will be centred on ensuring security is delivered into a range of value streams.  There will be a focus on working closely with DevOps and Engineering teams and embedding security throughout project and development lifecycles.

Responsibilities:

• Act as the main security point of contact & SME
• Conduct High Level & Low-Level technical risk assessments
• Conduct document and conceptual design reviews
• Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation
• Embedding security within DevOps (eg CI/CD pipelines), developing security requirements
• On-demand Security assessment of various components like Web apps, Containers, Platforms etc
• Reviewing security assessment reports and create a remediation pipeline
• Experience in web application security assessments like SAST, DAST etc.
• Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
• Obtain and review all required artefacts as part of the application security framework
• Drive security evaluation early in the cycles through iterative security testing
• Provide advisory services and direction to development teams during development cycles
• Manage control exemptions/remediations identified through projects
• Advise on external regulatory requirements
• Provide metrics for relevant areas of responsibility when required
• Challenge stakeholders to ensure security is efficiently delivered
• Mediate between development and security teams to facilitate business

As an ideal candidate, you will have expert knowledge of DevSecOps, Security Governance, NIST or OWASP (SAMM, DSOMM) and Cloud Security. You will have strong knowledge of threat & vulnerability management and penetration testing, although we do not require a penetration tester. You will also have a proven track record of success in a similar role.

We seek individuals from a diverse talent pool and encourage applicants from underrepresented groups to apply to our vacancies. Our commitment to fair recruitment processes means that we welcome applicants from all backgrounds, regardless of their lived experience or personal characteristics. We also invite applicants who meet most of the listed requirements, even if not all, to apply. If you require any adjustments to the application process, please let us know.

Barclay Simpson acts as an Employment Agency for permanent positions and an Employment Business for temporary/contract engagements.