Senior Information and Cyber Security Consultant - AWS
Liverpool, England, United Kingdom
Applications have closed
The Very Group
About us
We’re The Very Group and we’re here to help families get more out of life. We know that our customers work hard for their families and have a lot to balance in their busy lives. That’s why we combine amazing brands and products with flexible payment options on Very.co.uk to help them say yes to the things they love. We’re just as passionate about helping our people get more out of life too, building careers with real growth, a sense of purpose, belonging and wellbeing.
About the role
A Senior Security Consultant to join the Tech Ops Architecture team to deliver technical solutions that meet the organisation’s security policies and standards.
This will include the provision of expert advice on the selection, implementation, and assurance of information Security controls & processes to maintain the confidentiality, integrity, availability of company services & assets.
You will be working effectively with business functions at all levels including project teams and agile squads.
Mentoring & guidance of Security consultants within the team and security stakeholders within the wider organisation.
The Very Group are undertaking a number of exciting initiatives that will transform it’s online ecommerce platform.
An individual experienced in securing web applications and services is required to ensure the delivered technical solutions & associated operating models meet The Very Group’s security standards and polices.
This engagement will require the consultant to have experience of AWS including serverless deployments along with Agile delivery methodologies and possess excellent stakeholder communication skills.
High level deliverables will include:
- Production of Security Threat Models.
- Production of detailed security requirements.
- Security Risk Assessments.
- Technical Assurance Review.
- Scoping & facilitation of Penetration Tests.
- Production of security process documentation.
For this role you will have the following responsibilities.:
- To be a senior security subject matter expert for Tech Ops and the organisation.
- To be the Senior Consultant assigned to an individual business tribe.
- Act as a mentor to security consultants and security champions.
- Undertake Security Threat Modelling.
- Define Security Requirements
- Document Security Risk Assessments
- Scope & Facilitate Penetration Tests.
- Shape and develop the Information Security mindset of a Tribe, working with Security Champions to develop training & awareness, Security Metrics and improvement use cases.
- Undertaking professional development to maintain professional skills and knowledge essential to the position.
- Staying abreast with Information and Cyber Security trends, threats and legal & regulatory changes.
Requirements
What you’ll bring
- Experience of securing web application services in cloud platforms.
- Deep understanding of AWS Services and experience of Serverless deployments
- Thorough understanding of OWASP Top 10
- Securing API services including a good working knowledge of OAuth 2,
- Application security lifecycle, including secure by design process.
- Experience in securing CI/CD pipelines
- Security testing tools knowledge
- Information Security and /or Information Technology industry qualification strongly preferred (such as CISSP or CISM).
- Experience of agile methods of working.
- Good understanding and experience of threat and risk modelling (STRIDE, DREAD).
- Good understanding and experience of the Secure Software Development Lifecycle.
Benefits
Some of our benefits
- Flexible, hybrid working model
- Inclusive culture and environment, check out our Glassdoor reviews
- Flexible benefits allowance to suit your needs
- 30 days holiday + bank holidays
- Udemy learning platform
- Bonus potential (performance and business-related)
- Up to 25% discount on Very.co.uk
- Matched pension up to 6%
- More benefits can be found on our career site
How to apply
Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this role, you may be required to undertake a credit, CIFAS and CRB check.
What happens next?
Our talent acquisition team will be in touch if you’re successful so keep an eye on your emails! We’ll arrange a short call to learn more about you, as well as answer any questions you have. If it feels like we’re a good match, we’ll share your CV with the hiring manager to review, and then be in touch to move to the interview process. Our interview process is tailored to each role and can be in-person and remotely. We will always look to make the adjustments you need to bring your best self to interview.
Equal opportunities
We’re an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security AWS CI/CD CISM CISSP Cloud E-commerce Ecommerce OWASP Risk assessment SDLC
Perks/benefits: Career development Equity Flex hours Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs