Security Engineer

Job title:

Security Engineer

Company

Avance Consulting

Job description

Role description:Cyber Security Designs, Strategies, and Security Patterns, data security and compliance by implementing GCP, Azure security best practices, managing IAM roles and permissions, GCP, Azure environments by implementing robust security controls, encryption, and access management policiesKey responsibilities:Each team that owns a security control has been responsible for creating the format they use to guide the consumers of that control1. Engineering Guardrails that help security control users identify the strategic solution to meet their use case and map to the appropriate engineering patterna. Depending on the type of security control, the security control users would know the use case they need to meet, the technology they are using, and the environment it’s needed it.i. For example, the use case may be something like “as a production oracle database deployed in AWS that holds PII data, I need field level encryption for defined columns”. The guardrail would map field level encryption (control required) for production oracle databases (technology/platform) in AWS (environment/datacentre) to the specific engineering pattern that tells them how to meet that use case for oracle in AWS.2. Engineering Patterns tell the security control users how to use the required control on the technology/platform they are using and for each environment/datacentre. Many of the engineering patterns will be the same regardless of the technology/platform or environment/datacentre. But when those variables do impact HOW a user onboards a given security control, patterns specific to their overall use case is required.Each technology that is used to meet security use cases will have engineering patterns documented. Engineering patterns will be mapped to an engineering guardrail There will be an engineering pattern for each variation that is needed to meet known use cases. For example, if different steps are required to onboard the security control on different technologies, platforms, environments, or datacentres, unique patterns will be written for each known combination resulting in needing to follow different steps.GSRA and AccSec Teams agree on prioritised list of Technologies that need to have Engineering Patterns generated Contractor will work with relevant Product Owner and Engineering Leads to identify each unique use case that requires an engineering pattern Contractor will work with feature team’s engineers to populate the engineering pattern for each unique use case Initial engineering patterns will go through user acceptance testing to ensure the intended audience is able to use the document as expected GSRA and AccSec Teams will work with contractor to ensure proper governance is achieved for each engineering patternThe maintenance review cycle will be initiated from the date the document completed governance assurance.Completed engineering pattern will be added to applicable engineering guardrail and published in the Group Security Reference ArchitectureKey skills/knowledge/experience:Both the Engineering Guardrails and the Engineering Patterns are needed for most, if not all, CSO controlled security technologies.The Accelerated Security Workstream and Group Security Reference Architecture team will work with the contractor to prioritise the order the technologies are documented Developing Engineering Guardrail TemplateDeveloping Engineering Pattern Template User acceptance testing templatesTest and learn of templatesUpload finished templates to GSRA SharePoint

Expected salary

Location

London

Job date

Sat, 22 Mar 2025 23:19:20 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsjobs.org) you saw this job posting.