Security Architect (2 roles)
3 month rolling contract
£600-700/day (inside IR35)
The applicant must also be able to demonstrate the use and working knowledge of the NIST Cyber Security Framework. Mapping and translating the NIST cyber Security Controls framework to other frameworks such as ISF and CIS.
Ability to build strong working relationships with both business and technical stakeholders to define comprehensive Architecture and Design solutions. The successful candidate will be able to champion Architecture through to delivery.
· A strong knowledge and understanding of the current application threat landscape (including OWASP Top 10, SANS Top 25 etc.) as well as the application security architecture domain best practices (including architectural risk analysis).
· A strong knowledge and understanding of the Secure Software Development Lifecycle /DevSecOps including domain best practices such as threat modelling, secure/defensive coding, static application security testing, dynamic application security testing, application security automation etc.)
· Strong experience of application security around microservices, containerization, API and cloud security automation and orchestration technologies (Docker, OpenShift, Kubernetes, CI/CD/, Jenkins).
· Knowledge of Frameworks, knowledge domain specific frameworks including BSIMM, OWASP SAMM, SABSA, TOGAF, NIST, ISF, CIS, CCM, CSA, OSA and MODAF.
· Experience with data and application integration streams.
· Demonstrate the ability to prepare and deliver presentations to key senior stakeholders on architectural approaches strategy and methodology.
· Proficient in collaboration tools (including JIRA, Visual Studio Team Services, Confluence, Bitbucket, Git etc) and excellent communication and interpersonal skills.
· Demonstrated ability to produce high quality Enterprise Security Architecture artefacts and roadmaps.
· Demonstrable experience/knowledge of OAuth 2.0, OpenID Connect, XACML, SCIM, Application DDoS, Identity and Access Management, Data Loss Prevention, etc.
· Demonstrable experience/knowledge of software development methodologies including Agile-Scrum,
· Demonstrable experience/knowledge of risk within Security and how it aligns with an Enterprise.
· Proven experience with driving formal product evaluations.
· Experience delivering security solutions such as designing, planning and implementing encryption, key management, etc