Inside IR35

3-6 Months

• Create technical designs
• Working with HLD, LLD, DFD, Workflows and process maps. This should include creation as well review of existing architectures and recommending improvements.
• SNOW integration experience, including dashboards and views creation.
• Azure cloud compliance monitoring
• CIS Benchmarks
• Any relevant security certification (CISSP, CISM, CISA etc
• Threat Modelling (Mitre Att&ck, STRIDE)
• Infrastructure (Azure/Microsoft stack/Network)
• ERP transformation experience
• Cloud migration experience and guardrail development.
• Good understanding of DevOps inc. Infra as Code
• Low code automation buil
• Experience with SCAP assessments eg CIS-CAT, Qualys
• Experience with control frameworks NIST 800-53, 800 - 128, CSF 2.0, ISO 27002, IEC 62443
• Experience with OT security

Perform integration

In the context of managing secure configuration and security baselines, facilitate integration across several security toolset including but not limited to ServiceNow, Azure Cloud native tools (Purview/Secure Score etc) Defender EPP, Intune, SCCM, Nagios, FireMon, FortiSIEM, Qualys etc. This covers Azure cloud based and on-prem assets (Systems and underlying infrastructure).

Assess make recommendations for technical solutions

Where security configuration management toolset coverage gaps have been identified, make recommendations for the appropriate toolset that will enable adequate monitoring in line with organisation's policies and standards.

Present Designs for approval and ratification

Work with authorities such as the architecture review board, change approval board etc to get proposed designs approved, and changes approved. This should include the iterative review processes.

Build compliance dashboards

In ServiceNow and any other appropriate tool, build compliance dashboards for secure configuration monitoring.

Recommend best practices for managing system configuration

Make best practice aligned recommendations on management of security baselines and configuration for different types of systems including ERP, security management and databases.

Automation

Create and build automation workflows where applicable to enable management of security configurations

Identify areas where automation has been applied within the exist implementation for IT systems