Cyber Security Consultant

**Cyber Security Consultant**

Based in Manchester UK, we are an independent Cyber Security Consultancy providing Security Consultancy and Managed Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses that want to develop strong security strategies.

We are a UK Government approved supplier and accredited Cyber Essentials Certification Body who provide a range of Security consultancy and Managed security services. Examples include Cyber Security, Cloud Security & Data Privacy Consultancy, Vulnerability Scanning, Cloud Security Assessments & Penetration Testing services.

We are growing and looking to recruit a Cyber Security Consultant with experience of supporting clients in the Public sector. We’re looking for an enthusiastic and driven individual to join our team. Client satisfaction is paramount to us and therefore strong customer facing skills are a must.

We are a small Consultancy with big plans for growth, offering a clear career path and family based approach to our team, Partners and Clients.

**The Role**

You will build effective working relationships with delivery team members and Cyber Security Specialists customers and operate with and without supervision as a Security SME across multiple Client projects.

**Responsibilities**
- Lead client-specific security and assurance of complex, cloud-centric data and digital services across entire lifecycle (strategy, design, implementation and operations)
- Provide specialist advice and knowledge of UK Government security architecture and assurance to OFFICIAL and above classifications.
- Provide specialist advice and knowledge of Public Cloud (Azure and AWS) cloud-based security architectures.
- Define and lead external security testing (ITHC, Pen Testing, etc) of solutions on the public cloud native platforms and Software as a Service (SaaS) solutions.
- Perform risk assessments of on-premise and public cloud hosted solutions and identify any control gaps and residual risks.
- Establish security requirements for cloud-based solutions by evaluating business strategies and requirements, implementing security standards such the NIST Cyber Security Framework.
- Identify and deliver appropriate controls based on industry standards (e.g. NCSC Cloud Security Principles) to drive cloud and customer security solutions framework based on business risk and cloud native threats.
- Continually evaluate new threats in the cloud, to identify the impact on IT and the business to develop and implement security controls.
- Provide direction, analysis and design facilitation to develop, maintain and govern a customer security architecture.
- Ensure that architecture principles, designs, technologies, methods and practices are properly executed.
- Perform Cyber Security Maturity Assessment to known standards such as the NIST Cyber Security Framework.

**Key Skills and Experience**
- Cloud security concepts, technologies and best practices for delivering security across IaaS, PaaS, SaaS and Serverless architectures.
- Significant public cloud (AWS and Azure) and hybrid cloud security architecture experience across multiple domains: Cloud, Network, Infrastructure, Application, Data, IAM.
- Implementing Information Security and Privacy Standards and Frameworks (e.g. ISO 27001, NIST, CIS).
- Working directly with engineering teams and architects to review system/data architectures through the development of patterns and industry best practice.
- Understanding and articulating the impact of vulnerabilities and required controls and mitigations on existing and future designs and systems.
- Ability to conduct Risk Assessments and effectively translate and accurately communicate security and risk implications to technical and non-technical stakeholders.
- Manage delivery manager and stakeholder expectations and be flexible, adapting to stakeholder reactions to reach consensus.

**Nice to have Skills**
- Formal security certifications e.g. CISSP, CISM, AWS Solutions Architect
- Working within environments utilising DevOps, DevSecOps, SRE, CI/CD, Infrastructure & Security as Code (Docker, Git, Terraform)
- Good understanding of Data Protection & GDPR

**Package**
- £40 - £65k per annum dependant on skills and experience
- Up to 10% annual bonus (if targets met)
- Funded InfoSec training and time allocated for self-study
- 40 hour working weeks
- Flexible working policy
- Hybrid working - Company HQ in Altrincham (South Manchester)
- 25 days holiday excluding bank holidays
- Company Sickness Policy
- Company Pension (can opt out)
- Company Expense Policy
- Private Health Care
- Career development opportunities
- Regular team meals and activities
- Exciting and fun Company to work for

**Salary**: £40,000.00-£65,000.00 per year

**Benefits**:

- Company events
- Company pension
- Free parking
- On-site parking
- Private medical insurance
- Sick pay
- Transport links
- Work from hom