Accessibility Links

Security Manager

  • Salary: Negotiable
  • Job type: Contract
  • Location: Southend-On-Sea, Essex
  • Sector: IT
  • Date posted: 19/07/2018
  • Job reference: J389861A

We're really sorry, but it looks like this job has already been filled.

Register your CV with us, see our latest jobs or use the search below.

Role: Security Manager (Development)

Location: Southend

Duration: 6 Months

Start date: ASAP

Must hold or be willing to undertake SC clearance

Building relationships with DEDG Development Teams.

  • Supporting their development projects to ensure that security is considered from the outset.
  • Support development teams with threat modelling, risk identification and mitigation.
  • Liaising with business stakeholders to ensure that security requirements are identified, that assurance plans are in place and that DEDG services gain security assurance.

Task Description

For each new or change project within DEDG, engage with technical architects to ensure that security related user stories are considered at sprint 0, that threat models are undertaken in order to determine the risks that service presents and that security is built in to the way that the services are designed and operated.

Translate technical risks into business risks in order that the business risk owner and assurance team [formerly accreditors] understand the level of risk exposure from all new and change projects.

Work with developers and architects to understand the technical risks:

  • Ensuring that the identified risks are treated appropriately and pragmatically.
  • Ensuring that code reviews are undertaken for critical code; working with developers to ensure their code is designed to be secure.
  • Ensuring that deployments are secure by understanding the underlying technology e.g. containerisation, virtualisation, etc.
  • Ensuring that the environments in which code runs are appropriately secured E.g. AWS, Azure, GCP, private cloud, etc.

Technical Skills

Experience in operating within HMG security frameworks e.g. SPF, JSP-440, etc.

Experience of implementing security policy above OFFICIAL.

Business Skills

You need to have an understanding of software development lifecycles and how they integrate with security

Knowledge of hosting environments and the associated security context e.g.

AWS, Azure, GCP, private cloud, etc.

Knowledge of virtualisation and containerisation technologies e.g. Docker.

Mandatory Technical Skill

Qualifications required (or working towards):

  • Senior/Lead CESG Certified Practitioner (CCP), CISSP, or
  • Undergraduate degree/Postgraduate qualification/Masters in an Information Security discipline; or Equivalent experience.

Experience of implementing security policy above OFFICIAL.

Strong communication skills, both written and oral.

Organised, responsive and a keen problem solver.

Ability to lead as well as being a team player.


Similar jobs
View more similar jobs