Job Description
Job Overview:
The role will spend time helping teams come up to speed with refreshed approaches to security requirement identification, threat modelling, coding standards, and security testing, with a focus on applying these concepts to traditional and modern infrastructure in green-field and existing deployments. It will involve taking insight from these activities to advise and construct the 'middleware' that makes the right security choices easier to make and implement for responsible teams.
As our GRC world evolves, this role will play a pivotal role in maintaining alignment between SDL and policies, standards and guidelines, using a common security framework to apply consistency.
Finally, you will add to our general capacity for security consulting and reviews, including assisting GRC teams where required.
Responsibilities:
- Maintain and develop standards and guidance that builds SDL maturity in the IT team
- Help traditional infrastructure teams develop strategies for meeting the spirit of SDL requirements, pushing towards use of automation, infrastructure-as-code, & DevOps methods rather than manual or golden image techniques
- Develop implementation-specific architecture templates that meet security requirements expressed in policy and standards
- Assist with security reviews of and technical recommendations into high-level and low-l...