Description
This role is within the Security Consultancy sub-team who provide specialist technical security advice collaborating with technical and business teams throughout the entire or part of a digital solutions life cycle.
The team owns and develops Security Patterns, Security Specifications, and the Threat Modelling Framework, to support secure technology innovation in a changing threat landscape.
The Technical Security Consultants responsibilities will vary based on business alignment and will include :
- Lead as an internal consultant at Manager level to an assigned
- Platform/Product/Capability/Practice Management area as part of our Centre of Excellence function providing technical security direction, stakeholder management, and driving improvements to our ways of working.
- Collaborate with programmes and projects, product and engineering teams to help deliver digital solutions that meet the business need, by supporting and contributing to design reviews.
- Ensuring that the proposed design, build and run are compliant with and client security requirements ensuring all applicable security controls and patterns are implemented.
- Work alongside internal Design Authorities and Change Management functions to ensure all change initiatives are reviewed, supported, and aligned with security requirements.
- Using threat modelling to provide risk and threat-based advice to programme stakeholders along with actionable recommendations where necessary in the design and implementation of digital solutions.
- Advise on secure-by-design adoption of AI/GenAI capabilities (e.g. Microsoft 365 Copilot/Copilot Studio and LLM integrations) including prompt and data protection, model/service selection considerations, misuse and abuse cases, and appropriate technical guardrails.
- Manage the scoping of security testing requirements for new systems and products working closely with our Security Testing function.
- Undertake Post Deployment Security Architecture reviews of existing digital solutions.
- Support the creation of secure development guidance documentation and eLearning, security patterns and specifications in collaboration with Engineering/Development teams and Enterprise Security Architecture.
- Provide solution architecture support (i.e. PoC, design creation, roadmap support) for security solutions (e.g. AI, IAM).
- Work towards and achieve or extend professional certifications as part of personal development (e.g. security or cloud vendor certifications).
- Share experiences with others to assist their learning and understanding, and promote good security hygiene and its benefits.
Prior Experience
Essential Skills/Experience :
- Have worked in at least one of :
- Infrastructure/Solution Architect
- Technical Security Architect/Consultant
- Security Operations
- Secure application development
- A good understanding of concepts and their application across several key areas including application, cloud, and SaaS security, best practices, and industry standards (and where relevant, AI/GenAI security concepts).
- You will bring hands on experience and knowledge in securing digital products/solutions in at least one or more of the following areas :
- Artificial intelligence (e.g. AWS Bedrock, CoPilot, CoPilot Studio, Google Gemini, Azure OpenAI, Google Vertex)
- Cloud (e.g. AWS, Azure/M365, Google, ServiceNow, SAP)
- Networks (e.g. firewalls, routers, switches, WIFI, LAN/WAN, SDN)
- Operating Systems and hardware (e.g. Microsoft, Linux, Apple, Android)
- Security Solutions (e.g. Entra ID, CyberArk, SailPoint, Threat Modeler)
- Good experience of working in an Agile/DevOps software development environment using Threat Modelling.
- Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams, or sharing experience.
- Experience prioritising and delivering in an environment with competing demands and evolving requirements.
- Able to navigate through complex security problems to find the root cause and a balanced outcome, taking ownership of activities.
It would be desirable if you can demonstrate some, or all of the following :
- Container/serverless platforms.
- Infrastructure/network security.
- Modern application development processes and testing.
- AI/GenAI security (e.g. threat modelling for AI solutions, prompt injection and data exfiltration risks, data poisoning/model integrity risks, model/service supply chain considerations, and applying appropriate guardrails and monitoring).
- Have or working towards technical security certifications (e.g. CISSP, CCSP, Microsoft/Google/AWS technologies).
- Having worked in customer service/regulated environments, delivering high quality information security services.
(ref:hirist.tech)
