IT Security Specialist

Our client is looking for a IT Security Specialist to support full time for 2-3 months, this role would require the candidate onsite 2-3 days a week in Uxbridge.

This role will be responsible for ensuring that our projects and applications are held to a high standard of security, by performing security reviews and assessments, providing education and guidance for the implementation of security controls.

You will support on application security related discussions, designs and testing throughout the various stages of the IT lifecycle

Additionally, you will also be responsible for implementation of secure SDLC, training, and assisting other members of IT, development companies and strategic partners in the field of application security and will act on behalf of the client in professional forums to further progress them as a thought leader in the field of Information Security.

Responsibilities:

• Act as the security representative within project streams for new and upcoming initiatives, translating security policies into risk controls for new and existing projects.
• Conduct security architecture and design reviews.
• Support project and development teams with relevant security knowledge
• Assist with the implementation of security design principles.
• Guide development and project teams in the remediation of identified security deficiencies.
• Support the planning and execution of application pentests, and the follow-up of remediation measures.
• Be accountable to business and IT for the planning and execution of application pentests, and the follow-up of remediation measures.
• Recommend and assist in the implementation of security controls in the SDLC of supported applications.
• Manage the technical security auditing process within internal IT transformation program as well as the B2C program and ensure auditing follow up and mitigation actions.
• Manage risks for the area for which they are responsible for and ensure that the overall risk in the portfolio is known and decreasing.
• Be visible in the information security industry, by participating in industry vents, driving vision to be a thought leader in information security

Qualifications:

• Significant working experience in a technical capacity in a Security or IT department, preferably across multiple security domains.
• Demonstrable experience in performing security assessments and security design reviews.
• In-depth security knowledge for cloud platforms, mainly Salesforce, Azure and AWS.
• Experience in software development and Application Security.
• Knowledge and expertise in secure software development lifecycle (SSDLC) is highly desirable.
• Ability to understand, follow up and progress mitigation activities for security auditing reports, penetration testing reports and/or configuration reviews.
• Degrees and certifications are welcome, but are not required.

Specific security & IT skills:

• Secure Architecture and Design principles
• Pentesting tools and techniques
• Threat Modelling
• Secure coding for common languages and platforms
• Security frameworks, such as OWASP, NIST CSF, CIS etc.
• Understanding of EU and international compliance requirements, such as GDPR, PCI-DSS, CRA etc.
• Containers and serverless technologies