Job ID 2024-11169 Date posted 12/09/2024 Location Cambridge, United Kingdom Category IT Job Overview The role will spend time helping teams come up to speed with refreshed approaches to security requirement identification, threat modelling, coding standards, and security testing, with a focus on applying these concepts to traditional and modern infrastructure in green-field and existing deployments. It will involve taking insight from these activities to advise and construct the 'middleware' that makes the right security choices easier to make and implement for responsible teams. As our GRC world evolves, this role will play a pivotal role in maintaining alignment between SDL and policies, standards and guidelines, using a common security framework to apply consistency. Finally, you will add to our general capacity for security consulting and reviews, including assisting GRC teams where required. Responsibilities Maintain and develop standards and guidance that builds SDL maturity in the IT team Help traditional infrastructure teams develop strategies for meeting the spirit of SDL requirements, pushing towards use of automation, infrastructure-as-code, & DevOps methods rather than manual or golden image techniques Develop implementation-specific architecture templates that meet security requirements expressed in policy and standards Assist with security reviews of and technical recommendations into high-level and low-level designs where required Assist with GRC consultation queries where required Invest in others, including application development and infrastructure teams, to support business applications and processes in new ways. Afford mentorship regarding solutions and concepts. Further a culture of innovation within the architecture and broader IT team. Required Skills And Experience Ability to align security frameworks with organisation security policies, and to craft corresponding security controls (whether implemented by technology or process) Proven experience implementing SDL in non-software contexts, including infrastructure. Experience with Infrastructure-as-Code (IaC) and automation through DevOps, and tools such as Jenkins, Terraform, and Ansible. Prior experience working with recognised security frameworks from ISO, NIST, etc, and with neutral / harmonisation frameworks like UCF (Unified Compliance Framework). Solid technical understanding of both on-premise infrastructure (network, platform, network-based storage, OS, virtualisation), cloud infrastructure (AWS, GCP, Azure, and others), and technologies found in both (e.g. docker, Kubernetes). “Nice To Have” Skills And Experience Bachelor's degree in computer science, information technology, or a related field; or equivalent experience/professional/industry certifications. Understanding of identity & access management for both people & systems. Understanding of software engineering. Exposure to large enterprise platforms such as SAP and Salesforce. Knowledge of Arm based compute & software. Relevant industry / vendor certifications. A passion for optimisation and automation, and a desire to motivate change Strong motivation and drive, with the ability to operate across multiple projects simultaneously, including those that span geographies In Return We offer exciting and interesting work in global and diverse team. Arm's growth trajectory will ensure career progression and the opportunity to have a significant impact on our success. Accommodations at Arm At Arm, we want our people to Do Great Things. If you need support or an accommodation to Be Your Brilliant Self during the recruitment process, please email Hybrid Working at Arm Arm’s approach to hybrid working is designed to create a working environment that supports both high performance and personal wellbeing. We believe in bringing people together face to face to enable us to work at pace, whilst recognizing the value of flexibility. Within that framework, we empower groups/teams to determine their own hybrid working patterns, depending on the work and the team’s needs. Details of what this means for each role will be shared upon application. In some cases, the flexibility we can offer is limited by local legal, regulatory, tax, or other considerations, and where this is the case, we will collaborate with you to find the best solution. Please talk to us to find out more about what this could look like for you. Equal Opportunities at Arm Arm is an equal opportunity employer, committed to providing an environment of mutual respect where equal opportunities are available to all applicants and colleagues. We are a diverse organization of dedicated and innovative individuals, and don’t discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.