Website Holland and Barrett
We are transitioning from an Oracle based heavily outsourced organization to an inhouse DevOps model. This provides us an opportunity to design, develop and implement a future proof security architecture which has security and privacy built in by design.
Security therefore has to operate in a rapid deployment cloud based zero trust / least privilege environment which means the design needs to incorporate an “immune based approach” v a traditional “castle and moat” approach.
To address threat vectors at machine speeds, we need to use adaptive technology, i.e. unsupervised machine learning and AI to understand the organization, which can learn ‘on the job’ what is normal for HBI, ie from our own data; creating a bespoke constantly evolving understanding of our digital environments to detect individual and machine ab-normal behaviors.
You will need to be a good security architect with a strong technical and preferably software development based background. You will also need to understand and develop a security maturity model which addresses confidentiality, integrity and availability; and accommodates our transition. Furthermore, by using an automated SOC, security measures such as MFA and voice-based recognition should be fundamental to the overall design; however you need to understand the limitations of such technology and incorporate this into the maturity model.
As well as designing and developing integrated security processes, you will work directly with the engineering teams, explaining educating them in the latest security best practice. We are therefore looking for an experienced “hands on” security architect who has familiarity with the cloud and is looking to develop their skill set further within both cloud and automation.
- Research and evaluate new security technologies to be used as point solutions to gaps where the project / current environment is unable to take advantage of or needing greater functionality than reusable enterprise security services.
- Other duties as assigned or requested.
- The security architecture work will include operating system and application security identity, authentication and authorization, data protection, and partner/vendor access to corporate systems/data.
- You will be responsible for the architecture, design, implementation, and deployment of technical security controls on appropriate application of existing (and future) security services to solve problems or enable new business opportunities.
- Plan and implement security systems by evaluating and embedding technologies, methodologies and equipment; directing equipment and software installation and calibration; preparing preventive and reactive measures.
- Be familiar with data based zero trust cloud environments / least privilege (IAM) models
- Determine security requirements by evaluating business strategies and requirements; conducting system security and vulnerability analyses and risk assessments; identifying integration issues; preparing cost estimates.
- Support assurance compliance to required standards, procedures, guidelines and processes.
- Enhance security team accomplishments and competence by planning delivery of solutions which accommodate the DevOps environment; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
Qualification & Experience:
- 5 – 7 years experience in Information Security
- Must demonstrate initiative in solving unexpected problems associated with projects.
- Must possess the ability to manage technical activities of varying scale that require latitude in decision and actions.
- 5 – 7 years experience architecting solutions
- Experience with process and/or procedure documentation.
- Build a good rapport with engineering team colleagues and senior management
- 5-10 years software development
- Strong knowledge of ISO 27001, GDPR, PCI, COBIT and Center for Internet Security (CIS) Benchmarks etc
- Have strong problem solving / communications skills.
- Must have substantive and methodological expertise in multiple disciplines eg TOGAF
- As required, be able to support real time security incident identification and response; knowing the difference between problems and symptoms to rectify the overall problem quickly
- Retain currency in security related concepts and technology
- BSc – Information Systems, Computer Science, Information Security, or Engineering, and preferably an MSc
- Ability to understand and assess risk.
- Extensive demonstrated background in the areas of software development delivery (specifically SecDevOps) networking, systems, and security.
Company: Holland and Barrett
Vacancy Type: Full Time
Job Location: Liverpool, England, UK
Application Deadline: N/A