Security Consultant- Threat modelling

We are a $13+ billion global technology company, home to more than 224,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering, cloud, and AI, powered by a broad portfolio of technology services and products. HCLTech is a globally recognized leader in the Tech and IT industry, but we’ve never forgotten the startup mindset that got us here. We’ve always approached our work with an idea-first attitude because every one of our accomplishments —no matter how big or small —can be traced back to an idea’s single spark. It’s that spark —that inner drive —that sets our people apart from our competitors. It enables us not just to pull off game-changing feat after game-changing feat but to better our world in the process. We want you to find your spark. Because that’s what drives you to be better, be more and ultimately, be more fulfilled. To learn more about how we can supercharge progress for you, visit www.hcltech.com

Job details: Security Consultant

Location: Edinburgh, Leeds, Halifax, Manchester or Bristol

Hybrid mode- 2 days week (Work from client location)

This is Fixed term contract role

Job Description

WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week currently, or 40% of our time, at our office location.

About this opportunity: Our Security Consultancy and Design team are continuing their search for Cyber Security Consultants who have a broad knowledge of Cyber Security domains and controls working across a wide range of computing platforms. Join our Chief Security Office here at client as we build the bank of the future. Are you someone who wants to be in the heart of Cyber Security delivering change and working in an agile way? Interested in being a part of shaping our Security Strategy? We have the perfect opportunity for you. We are actively welcoming enthusiastic Cyber Security Professionals from all industries and backgrounds to join our expanding team as we embark on an exciting journey where you will have the opportunity to ensure security by design is embedded across our change portfolio. Cyber Security sits at the heart of our business providing the Group with a secure operating environment, safe from malicious attacks.

What you’ll need

• Ability to develop, design secure solutions and produce a Security Design documenting the controls.
• The ability to deconstruct a solution / network architecture.
• Ability to identify and mitigate against threats and vulnerabilities associated with proposed solutions and evaluate the soundness of solutions using industry standard practices (e.g., STRIDE, MITRE).
• Demonstrate the ability to interpret threats into Risks, using your knowledge and experience to assist the business in assessing likelihood and impact.
• Effectively communicate technical concepts to both technical and non-technical collaborators.
• Skills to produce and articulate Security Designs to all collaborators within the project and business.
• Comfortable weighing the risks and benefits of competing Security design options.
• Comfortable working on multiple challenging projects simultaneously.

Mandatory skills

• Experience require with security consultancy delivery (e.g. threat modelling, secure design, driving decisions)
• Experience with cloud-native platforms and modern architectures
• Developing a more security-led perspective, rather than primarily infrastructure-focused responses
• Building stronger risk-based thinking across end-to-end systems (linking threats, risks and controls)
• Deepening understanding of security controls and their practical application
• Gaining further exposure to security standards and regulatory frameworks (e.g. PCI DSS, data protection)
• Strengthening end-to-end security design capability (e.g. threat modelling, control coverage)
• Providing clearer examples of individual contribution and ownership in security decisions

Any experience of these would be really useful

• Awareness of industry related security standards such as ISO 27000 series, PCI DSS, COBIT, NIST, OWASP.
• Certifications in Security Management such as CISSP / CISM / CCSP or equivalent.
• Certifications in technical Security domains such as CEH / OSCP or equivalent.
• Experience of Public and or Private cloud environments.