Join our Engineering team as a Security Consultant; an opportunity to work within a highly defined cyber space and build relationships with wider stakeholders to drive and meet our business goals.
We are looking for an experienced Security Consultant to provide cyber security advice and guidance to the business, projects and IT teams. Responsibilities include:
• Deliver our “Secure First” cyber strategy by working with projects from inception and acting as a “trusted advisor” to internal and external teams. Build and maintain successful working relationship with business, third parties, projects and whole life Engineering teams
• Conduct gap analysis and risk assessment activities throughout the project life cycle and make recommendations to address and mitigate risks that are out of appetite. Ensure that residual project risks are documented and accepted or transferred to risk owners at project closure.
• Advise on the scope of penetration tests and vulnerability assessments throughout the project lifecycle. Review the results and provide recommendations for risks out of appetite.
• Advise, review and sign off security testing strategies against requirements.
• Contribute to the development of the organisations cyber security strategies, security non-functional requirements, Technology Reference Models, security policies and standards.
What we’re looking for:
Want to be part of our dedicated cyber team? We’re looking for a talented individual that can demonstrate skills in:
• Proven experience working as a security consultant or advisor
• Familiarity with industry compliance and security standards - Cyber Essentials, ISO 27001, NIST, CIS, NCSC Cloud Security Principles, NCSC 10 Steps to Cyber Security
• Good consulting skills and ability to communicate with business and technical stakeholders
• Ability to understand business problems and articulate business and cyber security risk at technical and business process level
• Knowledge of Vulnerability Management tooling, Malware Defence, Identity & Access Management, Security Incident Event Management, Encryption Technologies, Secure Software Lifecycle and the General Data Protection Regulation (GDPR)
• Knowledge of IT, network security, Windows and Linux platforms
• Good knowledge and understanding of information risk concepts and principles.
• Good knowledge of cloud platforms, such as Azure, AWS, Oracle
• Experience of working on bids and procurements, i.e., responding to, and writing, commercial ITTs
• Formal cyber security certification - Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), Certified Information Security Manager certification (CISM).
We want you to love what you do. That’s why our benefits package rewards a job well done. We’ll give you:
• Salary – Circa £45,000
• Performance related bonus
• Competitive pension
• 37 hour working week
• 25 days annual leave - Plus bank holidays and an extra 3 over Christmas
• A wide range of additional benefits including free parking, sport and social activities
Location: This role will be based in Southampton.