Security Engineer
Infoplus Technologies UK Ltd, City of Westminster
- Full time
- Contract
Apply on company site
IDM Developer (h/f)
Emagine Consulting, City of Westminster
- Full time
- Contract
Apply on company site
Network Engineer - Stable...
Flint UK Technology Services, Manor Park, Newham
- Full time
- Contract
Apply on company site
Python Developer
Coforge U.K. Ltd, City of Westminster
- Full time
- Contract
Apply on company site
Senior Databricks Enginee...
Korn Ferry, City of Westminster
- Full time
- Contract
Apply on company site
Full Stack Developer
CACI, City of Westminster
- Full time
- Contract
Apply on company site
Automation Engineer
Korn Ferry, City of Westminster
- Full time
- Contract
Apply on company site
DV Cleared Data Scientist
Korn Ferry, City of Westminster
- Full time
- Contract
Apply on company site
DV cleared Data Analyst
Korn Ferry, City of Westminster
- Full time
- Contract
Apply on company site
Solution Architect
scrumconnect ltd, City of Westminster
- Full time
- Contract
Apply on company site
Data Steward/Data Scienti...
Emagine Consulting, City of Westminster
- Full time
- Contract
Apply on company site
Salary not available. View on company website.
Infoplus Technologies UK Ltd, City of Westminster
- Onsite working
- Full time
- Contract
Posted today, 23 Jul
Job ref: d29f02511a21495f9f03b30fe9356d1f
Full Job Description
Location: London
Contract
Inside IR35
Job Description
Role description: (Please include a brief outline of the impact this role will have, including overview of customer industry and projects, access to cutting-edge technology etc.) Cyber Security Designs, Strategies, and Security Patterns, data security and compliance by implementing GCP, Azure security best practices, managing IAM roles and permissions, GCP, Azure environments by implementing robust security controls, encryption, and access management policies
Key responsibilities:
Each team that owns a security control has been responsible for creating the format they use to guide the consumers of that control
1. Engineering Guardrails that help security control users identify the strategic solution to meet their use case and map to the appropriate engineering pattern
a. Depending on the type of security control, the security control users would know the use case they need to meet, the technology they are using, and the environment it's needed it.
i. For example, the use case may be something like as a production oracle database deployed in AWS that holds PII data, I need field level encryption for defined columns. The guardrail would map field level encryption (control required) for production oracle databases (technology/platform) in AWS (environment/datacentre) to the specific engineering pattern that tells them how to meet that use case for oracle in AWS.
2. Engineering Patterns tell the security control users how to use the required control on the technology/platform they are using and for each environment/datacentre. Many of the engineering patterns will be the same regardless of the technology/platform or environment/datacentre. But when those variables do impact HOW a user onboards a given security control, patterns specific to their overall use case is required.
Each technology that is used to meet security use cases will have engineering patterns documented.
Engineering patterns will be mapped to an engineering guardrail
There will be an engineering pattern for each variation that is needed to meet known use cases. For example, if different steps are required to onboard the security control on different technologies, platforms, environments, or datacentres, unique patterns will be written for each known combination resulting in needing to follow different steps.
LBG GSRA and AccSec Teams agree on prioritised list of Technologies that need to have Engineering Patterns generated
Contractor will work with relevant Product Owner and Engineering Leads to identify each unique use case that requires an engineering pattern
Contractor will work with feature team's engineers to populate the engineering pattern for each unique use case
Initial engineering patterns will go through user acceptance testing to ensure the intended audience is able to use the document as expected
LBG GSRA and AccSec Teams will work with contractor to ensure proper governance is achieved for each engineering pattern
The maintenance review cycle will be initiated from the date the document completed governance assurance.
Completed engineering pattern will be added to applicable engineering guardrail and published in the Group Security Reference Architecture
Key skills/knowledge/experience:
Both the Engineering Guardrails and the Engineering Patterns are needed for most, if not all, CSO controlled security technologies. The Accelerated Security Workstream and Group Security Reference Architecture team will work with the contractor to prioritise the order the technologies are documented
Developing Engineering Guardrail Template
Developing Engineering Pattern Template
User acceptance testing templates
Test and learn of templates
Upload finished templates to GSRA SharePoint
Both the Engineering Guardrails and the Engineering Patterns are needed for most, if not all, CSO controlled security technologies. The Accelerated Security Workstream and Group Security Reference Architecture team will work with the contractor to prioritise the order the technologies are documented
Developing Engineering Guardrail Template
Developing Engineering Pattern Template
User acceptance testing templates
Test and learn of templates
Upload finished templates to GSRA SharePoint