Summary: The Technical Information Security Consultant will play a crucial role in integrating security into the DevOps process for a leading financial services firm. This position involves collaborating with DevOps and Engineering teams to ensure security assurance throughout project and development life cycles. The consultant will act as a subject matter expert and lead various security assessments and reviews. The ideal candidate will possess extensive knowledge in DevSecOps, Security Governance, and Cloud Security.

Key Responsibilities:

• Act as the main security point of contact & SME
• Conduct High Level & Low-Level technical risk assessments
• Conduct document and conceptual design reviews
• Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation
• Embedding security within DevOps (eg CI/CD pipelines), developing security requirements
• On-demand Security assessment of various components like Web apps, Containers, Platforms etc
• Reviewing security assessment reports and create a remediation pipeline
• Experience in web application security assessments like SAST, DAST etc.
• Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
• Obtain and review all required artefacts as part of the application security framework
• Drive security evaluation early in the cycles through iterative security testing
• Provide advisory services and direction to development teams during development cycles
• Manage control exemptions/remediations identified through projects
• Advise on external regulatory requirements
• Provide metrics for relevant areas of responsibility when required
• Challenge stakeholders to ensure security is efficiently delivered
• Mediate between development and security teams to facilitate business

Key Skills:

• Expert knowledge of DevSecOps
• Security Governance expertise
• Familiarity with NIST or OWASP (SAMM, DSOMM)
• Cloud Security knowledge
• Strong understanding of threat & vulnerability management
• Experience in penetration testing (not required to be a penetration tester)
• Proven track record in a similar role

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT