Embedded Security Consultant

  • Location

    City of London, London

  • Sector:


  • Job type:


  • Salary:


  • Contact:

    Daniel Darlington

  • Contact email:


  • Job ref:

    Embedded Security_1575370459

  • Published:

    8 months ago

  • Duration:

    3-6 Months

  • Expiry date:


  • Start date:


Embedded Security Consultant
Location: London
Duration: 6 months

Would you like to join a global leader in consulting, technology services and digital transformation?

Our client are at the forefront of innovation to address the entire breadth of opportunities in the evolving world of cloud, digital and platforms.

Role and Responsibilities:
The fundamental purpose of the Embedded Security Consultant is to ensure that security is embedded into the day-to-day activities of the DevOps teams.
The role also:
* acts as a conduit for the IT Security and DevOps teams;
* acts as a buffer between the speed of continuous integration and the need for strategic security and managing overall business and security risks;
* ensures consistency in terms of security across teams;
* provides an escalation point for the teams

The Embedded Security Consultant will be assigned to a number of teams for which he/she should create an understanding of project scope, stakeholders, maturity levels (Agile/DevOps and Security), roadmap and planned releases.

The consultant must:
* identify, engage and establish relationships with key stakeholders in assigned teams (PM, Technical Leads, Architects);
* assess Dev team maturity, profile and processes in Agile/DevOps methodology. The Assurance Questionnaire (see Artefacts) completed by the consultant with the Project manager of the team can then be used to prioritise engagements with teams.
* assess Dev team IT Security profile, controls, and level of engagement to date;
* identify ongoing, planned releases and product roadmap;
* confirm the necessary engagements are in place to guarantee the appropriate IT Security SMEs are involved;
* liaise with relevant IT Security stakeholders to prioritise activities and unblock any upcoming release;
* provide advice and guidance to relevant stakeholders about the IT Security engagement model;

As the Embedded Security Consultant becomes familiar with the teams, their security posture and engagement challenges, the next stage is explore the teams' engagements and adapt their ways of working to bring security to the table as early on in the development lifecycle as possible. Additionally, the consultant should consider how to improve the IT Security engagement to make it less complex, more efficient and ensure it aligned across markets and regions by bringing together the different stakeholders.

The consultant must:
* work with the teams to understand the best approach to document and monitor IT Security engagement and posture;
* create a dedicated Confluence page to track engagements and supporting materials;
* set-up daily or weekly stand ups to discuss progress of IT Security engagement and challenges;
* assess the scope of different projects to:
* avoid duplication of IT Security engagement (e.g. where the same component is assessed twice due to miscommunication or wrong information being conveyed);.

As the team transitions into a steady state and its security posture matures, the Embedded Security Consultant is expected to be fully aware of the security challenges as they come up, promote actively the use of IT Security tooling and support the team in getting the relevant SME input and advice.
The activities include:
* facilitate IT Security engagement as appropriate:
* organise meetings, workshops, follow-ups between IT Security SMEs and project teams;
* work with other Embedded Security Consultants to bridge gaps in understanding across teams and sharing of common approaches and solutions.

Please Submit C.v's in first instance.