Netcompany is one of the fastest growing technology companies in the UK, recognised for disrupting the marketplace and helping to transform the IT sector. We deliver IT Transformation and Delivery services to some of the most well-known organisations in the UK and can count 18% of the FTSE 100 as clients, delivering services across several different sectors.
Netcompany have ambitious growth plans for the next few years and will continue to win and deliver multi-million-pound projects, offering a fantastic opportunity for all members of staff to grow with us and carve out a challenging, successful and rewarding career.
Working alongside the Project Manager, to translate business objectives into a project scope, and subsequently defining technical requirements. Demonstrable experience in the production of technical design documentation, working within a multi-disciplined, multi-supplier environment, planning, and delivering quality results within agreed timescales.
You will deliver security assessments and perform a key role in Security assessments while supporting various critical initiatives through the identification, analysis, evaluation, lifecycle management and adoption of security architectures and technologies.
As part of the role you will be required to:
- Work closely and liaise with senior security stakeholders e.g. systems assurance, accreditors, SWG’s (Security Working Groups), TDA etc
- Develop and implement technical designs risk assessments for cloud technologies & applications.
- Be familiar with security standards, governance & controls – NIST, NCSC, CIS, ISO27K family, CSA CCM, OWASP etc
- Review technical security & process documentation.
- Good stakeholder management, including working with senior management.
- Good all-round IT knowledge & experience
- Broad security knowledge across technology domains and the criticality of different types of systems within a wide and complex IT infrastructure
- Experience of architecting both enterprise and cloud based systems using industry best practices
- Knowledge of SOC/CSOC incident response and experience of architecting and implementing response and recovery processes for security events. Includes playbooks authoring and simulation exercises. Level of knowledge in the domain technology area would be considered an expert.
- Threat Modelling experience to identify structural vulnerabilities or the absence of appropriate safeguards across people, process and technology and allow for mitigation to be proposed and prioritized.
- Architecture and engineering of layered control capabilities.
- Accountable for the implementation, adoption and compliance of function specific policies, procedures and controls.
- Subject Matter Expert (SME) and point of contact for Security Architecture matters within key clients.
- Owns, maintains, and has responsibility for making updates to the documentation as well as the implementation of the policy and procedure.
- Remit of architectural engagement includes but not limited to INFRA, IT Engineering, Engineering, Product Development and Software Development.
- Develops policies and procedures within their subject area and are aligned with industry standards and best practice e.g. ISO27001, ISO21434, TISAX, IATF16949, CSA, NIST, NCSC, ASPICE for Cyber Security.
- Engages with and assists internal and external business stakeholders to resolve matters within subject area/s.
- Communicates with internal and external stakeholders to increase awareness of security architecture principles and policy requirements.
- Performs assessment of security controls within function and reports on compliance.
- Experience of architecting cloud based systems using industry best practices
- Have an understanding of cloud applications & API functionality
- Understand cloud services in particular Azure
- Develop on-premise to security cloud migration strategy
- Implementing frameworks for Saas, IaaS and PaaS deployment s aligned to industry best practise e.g. Cloud Security Alliance (CSA), NIST, NCSC
- Carry out gap analysis / risk assessment of existing on-premise and cloud deployments
- Develop and as assist in the implementation of DevSecOps processes
Relevant InfoSec Qualifications (highly desirable)
- The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, SABSA TOGAF, GIAC, Azure/AWS/Google Cloud Certifications or those relevant to the role.
Netcompany has existed in the UK since the acquisition of the very successful IT company, Hunter Macdonald in October 2017. Netcompany is one of Northern Europe’s most successful IT Companies, with offices in Denmark, Norway and Poland, Holland, UK and Vietnam.
At Netcompany we believe that a diverse and inclusive workplace is central to our success, which is why all qualified candidates are invited to apply regardless of gender, sexual orientation, disability, age, religion and belief, ethnic background, nationality, gender identity or culture. We are committed to live out a culture where we provide equal opportunities for all.