Main Purpose of Job:
You will provide the technical security expertise to assist the Information Security Manager in assuring that information security is appropriately integrated into all IT projects and processes. This means you will take a hands-on approach in providing consultancy and security architecture support for IT change initiatives and projects, and the remediation of identified security risks.
The role will support the delivery of the IT strategy by providing expertise in relation to the secure configuration of managed services and cloud-based IT services, particularly Azure and Microsoft 365. You will therefore have a strong understanding and practical experience of securing Microsoft cloud technologies and supporting project delivery teams to ensure appropriate security considerations are brought to the architecture, design, implementation, and operation of these environments.
Key Job Responsibilities:
* Provide security and risk assessment consultancy on projects and other formal workgroups and committees, making appropriate recommendations for security design and risk mitigation to ensure that IT and information security is considered in the design of new services or changes to existing services.
* Provide in-depth security expertise in the areas of cloud security on Azure and Microsoft 365, including both security and compliance controls and general input to the security architecture across the cloud estate.
* Perform security risk assessments, followed by initiating and managing appropriate remedial action, to ensure that IT infrastructure and application systems are adequately protected.
* Ensure information security management is kept informed of project developments and ongoing security activities, including escalating any issues requiring attention.
* Ensure that Change Management processes include a security review and in particular sign off all Firewall rule set and networking changes to ensure the integrity of CAF's network security is maintained.
* Support the Information Security team in day-to-day activities including security monitoring, incident management activities, and a future 24×7 support rota.
* Provide mentoring to Junior Security team members