Job: Security Architect

Location: Reading, UK, Hybrid

Job Type: Permanent

Job Description
We are seeking a highly skilled and experienced Security Architect to join our team who will be responsible for development of the Security Architecture that ensures the appropriate protection of all aspects of security, (people, process, electronic, data, physical) in Spring Fibre. You will be a subject matter expert and provide security guidance and recommendations to technology/business teams and contribute toSpring's security policies, standards, and guidelines related to information and Network security. This is a technical role and suitable for someone who has hands on experience in Cybersecurity.
Responsibilities
Help develop an Enterprise Security Architecture Framework, including patterns for identity & authentication, authorization and access control, cryptographic key and certificate management, auditing and security monitoring, data leakage prevention, privacy enhancement & protection and other standards in alignment with Enterprise Architect platforms. Establish metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function. Identify, register and maintain security risks throughout their lifetimes, including agreeing treatment of risks with their owners, and reporting &escalating to Internal Audit and the CIO, when necessary. Develop, review and update security & privacy policies & standards and provide awareness guidelines, implementation and exceptions advice. Engage with owners & custodians of BAU IT systems to understand the architecture, data flow and security controls in their systems. Conduct periodic security compliance assessments and ISO 27001/2 reviews of BAU IT applications, infrastructures & ISMS. Review the security posture of potential M&A acquisition targets.

Requirement

Mapping long term business requirements to security architecture frameworks such as NIST, CIS etc.

Experience delivering Hybrid Cloud and Internet facing applications with a strong focus on cyber security.

Broad hands-on knowledge of Firewalls, intrusion detection systems, data encryption, and other industry-standard techniques and practices.

Strong knowledge of IT infrastructure, IP Networking, security best practices, and automation technologies.

Application security: including but not limited to: authentication, identity and access management, auditing, use of cryptography, data security,

privacy enhancing technologies, web services security, OWASP, threat & vulnerability management and secure code development methodologies.

Infrastructure security: including but not limited to: network security, host security, database security, device security, VPNs & SSLs, secure file transfers, security event monitoring, malware security and cyber security.

Operational security: including but not limited to: incident management, change & patch management, data centre & physical security, backups, DR & BCP, outsourcing, managed services, cloud computing, asset management, cryptographic keys & certificate management, PCI DSS and DPA compliance and ISO 27001/2.

Analysing network security controls, including Firewall and Router security configuration.

Preferred

Delivering the security review processes and frameworks, with full audit trail.

Managing multiple security assessments and changing priorities, simultaneously

Ensuring Security Architecture Review is built into group wide and business specific processes for acquiring and developing new technology,including developing any needed processes.

Aligning business requirements to complex security architecture frameworks.

Skills Required:

In depth knowledge of:

Firewall: Juniper/Cisco/PaloAlto.

Onion Security, Splunk, Suricata, Kali.

Application Security.

Identity and Access Management.

Data Protection.

Endpoint Security.

Cyber Security Operations. Experienced with Threat Modelling. Pen testing and basic incident response. Scripting languages ( python, or PowerShell/building dashboards/au-tomating common tasks)

Preferred:
Experience in designing systems against a zero-trust architecture. Experience with designing SOC architectures (ie SIEM, SOAR and vulnerability management solutions). Expert-level certification in either AWS or Azure, with a Security specialization. Experience in working within regulated environments, such as PCI-DSS Experience in defining secure development life cycles.
Qualifications
Bachelor's Degree in either Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, Math, Physics. CISSP, Certified Information Systems Security Professional, International Information Systems Security Certification Consortium (ISC2) Certification, Microsoft Azure Solutions Architect, or AWS Solutions Architect.