Resillion is a global company with end-to-end capabilities: no matter your industry, your geographical location, or stage in your digital journey. With offices in North America, Europe, and Asia, Resillion will be by your side. Helping you and your organization realize your ambitions in cyber security, testing of digital media content and quality assurance.

Whether, testing, certification, (software) development, cyber security, or data-protection, the experts at Resillion do whatever it takes. We work as long and hard as necessary to get you to market. 

Job Description

Project Security Consultant - Outside IR35 - Glasgow Hybrid 

Location: Glasgow (Hybrid Mode) 

• Provide technical security consultancy to the change delivery functions – agile & waterfall
• Liaise with technical stakeholders within Agile Tribes, Projects, and Programmes
• Assess changes for technical vulnerabilities, threat models, assess security risk exposure, and identify appropriate controls to bring the risk within tolerance
• Engage effectively with specialists in Architecture, Security Operations, Security Culture, Security Delivery, and Security Risk and Governance teams to ensure completeness and consistency of the advice provided to delivery functions
• Ensure advice provided is of a high standard and based on best practice, supported by Security Leadership and within the cost and risk tolerance of the organisation
• Work closely with specialists in Security Operations to build operational use cases for detect and respond capabilities by ensuring Logging and Monitoring, Incident Response, and Threat Intelligence are all considered and included in security requirements, are implemented, tested, and validated by the business change delivery owner
• Apply the information security risk assessment process to identify risks within the scope of the information security management system and identify the risk owners
• Delivering risk assessment reports, threat modelling, and risk treatment recommendations in a timely and repeatable manner
• Contribute to, and maintain, an effective risk management mechanism to ensure that system owners have accurate and current a view of information risk exposure

Experience And Qualifications Required

Essential skills

• Technical background, with knowledge of one or more of the following, Development, IT support, Data Science, networking or system administration
• Understanding of Cloud migration and Application Security development lifecycle and DevSecOps principles, automation, and familiarity with security architecture modelling
• Knowledge and experience of securing Azure
• Knowledge and experience of using at least one risk methodology
• Security Software as a Service implementations
• Strong stakeholder management and communication skills and a proven track record of working with businesses to meet strategic objectives

Desirable
 

• Experience of threat modelling, risk/posture assessments, and control implementation
• Experience of agile and waterfall delivery environments
• Recognised security professional qualifications (e.g CISSP, CCSP, CISMP)
• Cloud specific qualifications (e.g – CSA CCSK, CCSP, AZ-900)

Scope of work

• Provide support for existing strategic initiatives that include OT, IOT and IT platforms
• Perform informal Platform Security assessments. Produce security assessment reports outlining finding, risks and recommendations
• Analyse the results of penetration tests and help identify vulnerabilities and recommend remediation strategies
• Evaluate and enhance incident response plans and procedures
• Analysing results from vulnerability scanning tools it identify and prioritise security vulnerabilities
• Provide recommendations for solutions and vendors that align to the organisation’s security needs
• Aid projects in creating test plans for security assessments and generating test reports to demonstrate improvements
• Perform new Projects Triage and Assessment decisions
• Support Exceptions process
• Providing review and input to Security Policies and Procedures
• Maintain an audit trail, following the departments established protocols, to provide a comprehensive record of all security assessments and actions taken

Provide cover for team members during absences