Security Analyst (SecOps) to work with a central Government department based in Westminster, London. This is a 6 month contract, outside of IR35, paying up to £600 per day.
As the lead Security Analyst working with a team of cyber security consultants, offensive security engineers, security operation engineers and strategic risk advisors that provide advice, guidance and direction
You will identify security gaps, advise on if and when they need mitigation, design security controls for proportional resolution and be the primary hands-on implementer for them
Hosted on Amazon Web Services (‘AWS’) using Kubernetes. It leverages Auth0 for authentication, GitHub for application/infrastructure code storage and primarily Terraform to provision cloud resources.
* develop and automate security capabilities
* identify low-level through to strategic gaps in defences
* advise on security measures that should be implemented
* implement technical security measures
* promote security awareness
* support technical security incident response
ESSENTIAL SKILLS & EXPERIENCE
* experience with scripting threat and vulnerability management solutions, application security and using analytics to understand/influence such changes
* a good understanding of Python or another modern scripting language
* the ability to use AWS & Linux operating systems using non-graphical interfaces with ease
* experience with securing AWS (in particular, IAM, S3 and EC2)
* experience with securing Linux-based containers
* experience with version control through Git
* experience with proactively investigating, analysing, managing and mitigating/resolving security incidents
* excellent communication skills
* knowledge of web application (example include REST/gRPC, APIs, role-based access, OWASP Top 10) and cloud infrastructure vulnerabilities and common remediation techniques
* knowledge of security monitoring, prevention and control systems including but not limited to firewalls, IDS/IPS, web proxies, antivirus and log correlation solution
DESIRABLE SKILLS & EXPERIENCE
* experience with securing Kubernetes
* experience designing and implementing multi-account AWS structures
* experience of security automation using a wider set of scripting languages, such as Perl, Python, Ruby, and/or Bash as well as the configuration of infrastructure with code automation (e.g. Atlassian tools, Ansible, Puppet, or Chef)
* experience with version control software and job execution tools beyond Git, such as GoCD, Octopus, Jenkins, RunDeck, SaltStack
* knowledge of security architectures, in particular for modern digital services, including how they are developed and operated safely at scale
* knowledge of penetration testing (or ‘red teaming’) and related disciplines.
Please apply should you meet the above criteria
Michael Bailey International is acting as an Employment Business in relation to this vacancy.