Technical Security Specialist
We have a fantastic opportunity for a Technical Security Specialist to join our Information Security department. The successful candidate will give advice and guidance on the application of security and governance frameworks, policies, best practice, and security knowledge transfer to strengthen our security posture, based on the Business and Information Security strategies.
The Technical Security Specialist will work closely with the wider Information Security department and across the organisation. They will endeavour to nurture professional relationships with internal stakeholders both locally and globally throughout the business and be proactive in promoting security best practices against a balance of business opportunities and risk.
Main duties and responsibilities will include:
- Working with the Commercial Procurement Team to advise on security artifacts which need to be contractually captured and agreed when purchasing products and services.
- Working with and advise project managers, on the secure implementation of controls for product and /or services.
- Advising on security controls applicable to the relevant Operational, Administrative and Maintenance (OAM) framework on any technical delivery.
- Commission vulnerability and penetration testing (where appropriate) through to remediation and handover to BAU.
- Advising on the correct approach to decommissioning of product and services when approaching (EOL).
- Promoting the concept of working groups to foster collaboration with differing stakeholders, departments, and subject matter experts.
- Working with differing departments to improve the security posture as highlighted in the azure portal (Defender for Cloud), to a satisfactory level.
- Promoting the role and become recognised as the business technical security SME for Cyber.
- Monitoring industry trends, products & services and submit white papers for any gaps in the current or future security environment which may aid PM.
- Promoting and assisting to deliver the INFOSEC security strategy.
- Advising on the application of security controls within the following environments: Office 365, MS Azure, third party Cloud providers, SaaS (Software as a Service) services, on-premises services & infrastructures, IoT (Internet of Things).
Formal security qualifications will be a big plus, but experience and expertise are what we’re looking for. If you are the right candidate for us, you will have demonstrable experience in the following:
- (Mandatory) In-depth understanding of Cyber Security risks associated with various technologies (Cloud, on-premises, Mobile, Lan/ Wan, Remote Access, Data Centres, Telco, VPN technologies) and controls to mitigate them.
- (Mandatory) Security Fundamentals including OWASP top 10, API, PKI, MFA.
- (Mandatory) application of Azure (AZ-500).
- (Mandatory) application of O365 security & controls (MS-500).
- (Mandatory) Vulnerability Management and remediation – Vulnerability Life Cycle from identification to remediation.
- (Mandatory) Understanding of any of the following Defence-in-depth, Perimeter Security, Network Security, Endpoint Security, Email Security, Advanced Threat Prevention, Protection Monitoring, Access Control etc.
- (Mandatory) O365 security & controls (MS-500).
- Desirable - ITIL and Change Board submissions.
- Desirable Identity & Access management tools.
- Desirable Cisco / networking.
- Desirable Operating systems: Microsoft and Linux / Unix.
- Desirable Storage and Virtualization.
- Desirable IAM technologies and services (e.g., Active Directory, LDAP, IAM)
- Desirable Understanding of DLP “Data Loss Prevention”.
- Desirable Emerging Threats and attack vectors.
- Desirable Security implementation experience in an enterprise IT environment.
- Desirable Legal and Jurisdictional frameworks governing Privacy and data management/handling.
- Agile working i.e. the opportunity to work from home, subject to diary commitments;
- 25 days annual leave entitlement and the opportunity to purchase or roll over 5 days;
- Contributory pension of up to 5%;
- Private healthcare;
- Death in service cover (4 x base salary);
- Eligibility to apply for an interest free season ticket loan, an interest free gym membership loan and/or an interest free rental deposit loan;
- Cycle to work scheme.
We envisage this role being a full time position, however, we are open to considering flexible working arrangements.
For any queries or for a copy of the full job description, please contact our in-house Recruiter, Sim Dhonsi. Please note we only accept CVs that are logged on the Recruitment portal.
At Pinsent Masons we value diversity and inclusion. We are committed to creating a better workplace where all our talent can succeed and feel like they belong. We want to attract, retain and develop people at all levels and encourage applications from all suitably qualified candidates whatever your ethnicity, religion, age, physical or mental disability/ long term condition, sexual orientation, gender identity or expression or any other characteristics protected by local law in the jurisdictions in which we operate.