Job Application

Cloud Security Consultant - Outside IR35 - Hybrid

The Cloud Security Consultant provides Systems and Applications based IT Security advice and assurance to a number of projects sitting within the IT Department.

The role sits within the IT Security Team, with 100% assignment to projects, and is responsible for protecting the Confidentiality, Integrity, and Availability of information assets.

This includes planning and delivery of the Cyber Security Principles that underpin the project, including supporting the creation of RFPs and RFQs which will determine the design and successful implementation of this project. The role may be required to establish and implement new IT Security Policies, Procedures, Standards, as needed and support the management and operation of IT Security related technology as determined by the project.

Deep understanding of DevSecOps principles and Cloud security with focus on Azure is a must.

KNOWLEDGE/EXPERIENCE

• Demonstrable experience of successfully securing Microsoft Cloud solutions
• Extensive understanding and implementation of the IT Security environment, policies, guidelines and standards, including awareness of ISO 27001/2.
• Educated to honours degree level and/or a relevant and recognised IT Security accreditation.
• Technical assessments of RFPs and third party partner selection in line with OJEU or similar governance structures.
• Broad understanding of corporate IT infrastructures and technologies.
• Demonstrable experience of successfully operating within a Matrix' IT Security team & bespoke project team.
• Experience of working on multiple projects simultaneously and effectively managing the competing priorities.
• Demonstrable knowledge of technical security solutions covering modern Security solutions and Tooling.
• Knowledge of standards and industry best practice for risk assessment of IT applications, particularly in a financial setting.
• Good understanding of PKI, digital certificates, and key management, in the context of IT applications as consumers of the service.
• Identity and Access Management (IAM) for critical business applications, including external third-party identity and/or privileges access may be a requirement.
• Relevant experience in the Financial Services sector.
• Ability to handle pressure and work to challenging deadlines.
• Scope of services successfully transitioned to third party provider and knowledge transfer complete.
• Demonstrable experience of conducting security assessments and threat identification, mitigation and remediation.
• Good understanding of Defender for Cloud and its policies
• Ability to guide projects to apply appropriate security standards and policies.
• Good technical understanding of Cloud security, security configuration and best practices for Servers, workstations, SASE technologies, SD-WAN, Firewall infrastructure and penetration testing scoping.
• Deep technical knowledge of the following: data encryption, data leakage controls, application integration, identity and access management, certificate management and database security.
• Excellent understanding of the Secure Application Development Lifecycle (SDLC) and the ability to advise the AppDev teams in the remediation.
• Technical experience of some of the following applications: Security auditing tools, AV, Firewalls, Proxy, SIEM, PAM.
• Ethical hacking and KQL background are advantageous.