Cloud Security Architect (AWS)

Robert Half have partnered on an exclusive basis with an exisiting client in the Bristol area to recruit a Cloud Security Architect on a permanent basis.

Key Responsibilities:

• Research, document and maintain secure design patterns.
• Act as a principle point of contact for Information Security advice and support, especially on new developments, projects and major changes.
• Collaborate with DevOps teams to help provide support & guidance around adopting security by design ethos in the development lifecycle.
• Provide on-going consultancy to software development projects throughout the entire lifecycle developing a DevSecOps culture.
• Engage with the Technical Architecture, Programme Management and IT Support teams to advocate security best practice and support secure decision making.
• Develop, document and maintain the security architecture framework, blueprints and roadmap for the organisation.
• Continually review and extend Security Playbooks and preventative controls, countermeasures and solutions in line with a continuous improvement framework.
• Support the continuous improvement of security operations for monitoring, testing and, where necessary, conduct security design and implementation review audits.
• To deliver technical and risk-based reports and official papers relating to test findings, aligned to an agreed framework.
• Provide consultation for the security risk register, CEB and Architecture Review Board meetings.
• Test and evaluate security products.
• Understand and interpret legacy infrastructure and design.
• Remain up to date with industry best practice, new technologies and emerging threats to evaluate and prepare for their impact to the organisation.
• Support security assessments, audits, and reviews to ensure compliance with the security policies, standards, and regulations.

Essential Personal Characteristics:

• A continual passion to learn and inspire, setting a good example across the business.
• Strong communicator and stakeholder management skills across all levels of an organisation.
• The ability to plan and manage own workload, prioritise tasks and meet deadlines - including the ability to manage multiple ongoing projects.
• Self-starter with a 'can do' attitude to get things done and able to work independently. Has a track record of proposing novel ways to move around delivery roadblocks.
• Solution based thinker - excellent problem solving and troubleshooting skills
• Analytical and interpretative abilities to transpose requirements into manageable deliverables.
• Excellent written and verbal communication skills and an ability to convey complex security concepts to non-technical stakeholders. A high level of documentation skills.
• Proactive ownership of own development to ensure that skills are kept up to date, in line with industry changes.

Experience

• Required
  • At least 5 years of experience in information security, preferably in a security architect role.
  • Strong knowledge and experience in security architecture principles, frameworks, and standards. Experience in designing, implementing, and maintaining security architectures.
  • Knowledge of security frameworks, standards, and best practices such as NIST, CIS, ISO, COBIT, OWASP.
  • Strong knowledge and experience in various security domains, such as network security, application security, cloud security, identity and access management, cryptography, etc.
  • Strong knowledge and experience in various security technologies and tools, such as firewalls, VPNs, IDS/IPS, SIEM, DLP, WAF, etc.
  • Strong knowledge and experience in various security methodologies and processes, such as risk management, threat modelling, security testing, incident response, etc.
  • Experience in cloud security, DevSecOps, with history involving application development and agile methodologies.
  • Extensive knowledge in cloud platforms (particularly AWS and Azure services) and prime business applications (especially top-tier ERP applications).
  • Excellent communication, collaboration, and problem-solving skills.
  • Ability to work independently and collaboratively in a fast-paced and dynamic environment.
  • Ability to think strategically and creatively to solve complex security problems.

• Desirable
  • A bachelor's degree in information security or industry recognised security certifications such as CISSP, CISSP-ISSAP, CISM, CEH, or SANS GIAC.
  • Information security risk / Cyber threat modelling techniques.
  • API integration and Security techniques.
  • Experience working with Information security frameworks and compliance standards (e.g. ISO27001, Cyber Essentials Plus, NIST, SOC2 and PCI-DSS).
  • Good understanding of the Data Protection Act / General Data Protection Regulation.
  • Comfortable working outside of core working hours, and travelling, when necessary.

Salary/logistics

• £75,000 - £85,000 + bonus + additional benefits
• Hybrid working from Bristol offices (2 days a week desirable)

Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: roberthalf.com/gb/en/privacy-notice.

JTRA1_UKTJ