Security Architect (2741481)

Job Title: Security Architect
Location: Newport, UK 
Work Type: Contract/Freelance
Rate: £800/day
Duration: ASAP - 6 Months+
 
The Security Architect enables the design and implementation of secure enterprise level system architectures. To achieve this objective he/she will be positioned as the lead security Information Assurance (IA) on projects where he/she will liaise closely with the SDA, System Element SMEs, TM and PMO to advise and direct the evolution of the system design towards a secure architecture that satisfies the security requirements, complies to relevant security policies, standards and achieves the necessary accreditation.
 
Responsibilities: 

• Identifies information risks that arise from potential solution architectures
• Designs alternate solutions to mitigate identified information risks
• Ensures that alternate solutions or countermeasures mitigate identified information risks
• Applies 'standard' security techniques and architectures to mitigate security risks
• Develops new  architectures that mitigate the risks posed by new technologies and business practices
• Provides consultancy and advice to customers on Information Assurance (IA) and architectural problems
• Supervises Security SMEs reporting to them
• Keep informed on emerging Cyber security technologies and architectural patterns
• Keep up to date on security policies, standards, evaluation/certification processes (e.g. ISO 27001, MOD JSPs, NCSC guidelines, NATO directives/guidelines)
• Understand and avoid NCSC identified common “anti-patterns”

 
Knowledge/Skills:

• Architectural frameworks (e.g. TOGAF/MODAF, SABSA)
• Secure architectural patterns (e.g. NCSC/NATO APs)
• MoD/NCSC/NATO Accreditation methodologies and security standards (e.g. JSP 440, JSP 604, ISO 27001)
• Capture and understand information flows through a system
• Vulnerability Analysis: Understanding of attack vectors (technical and physical) against a system
• Technical/procedural countermeasure solutions/products and mitigation techniques proportionate to the risk posed (e.g. MFA, Diode, Gateway, IDS/IPS, PKI, RBAC, CAPS products)
• Knowledge of latest security technologies and defence in depth approach including but not limited to:
  • Boundary protection services/devices: Next Gen Firewalls, VPN, IDS/IPS, WiFi security, Data Diode, Web/Mail/directory proxies, DLP
  • Hosting security: Server platform lockdowns, Virtualisation security
  • Application security: Secure Gateways, Application proxies, DB security
  • End User Device (EUD) security: Client lockdown, Drive Encryption, DLP,
  • Anti-malware: Server AV, Client AV, network-borne AV, mail gateway AV
  • Protective Monitoring/SOC Services: SIEM, Vulnerability Analysis/Scanners, IDS/IPS, Alerting/Reporting use cases
• Desirable:
  • Experience/knowledge of SATCOM solutions