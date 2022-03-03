Security Assurance Consultant

mars 2022 par Elite Cyber Group

Primary Purpose of the Role : The Cyber Security Information Assurance Consultant will provide advice to the design team of resilient systems that operate in secure environments through the ide...

Support the production of security design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system, the undesirable security consequences and produces pragmatic security controls and traceable security requirements that will influence the secure solution design.

Supporting and guiding the process of taking a system through acceptance and accreditation by the governing risk management group in the customer organisation and produce a supporting security case.

Manage Vulnerability Assessments to identify and classify the security vulnerabilities in a system, including contextualisation of the results and management of remediation activities.

Identify the security activities that help an organisation maintain the ongoing security posture. Covering the monitoring, maintenance and management of the cyber security aspects of the solution, its people, and its processes.

Development and delivery of security training for a specific user community, taking into account their existing knowledge and training needs based upon the required learning outcomes.

Provide advice and undertake formal inspections of an organisation's security policies, processes and procedures.

Plan, control, report and manage the risk for a defined package of work to ensure delivery of on time, budget and quality products.

Identification of security risks through identification of vulnerabilities throughout the lifecycle, assessment of exposure, likelihood and severity of the risk in a quantitative or qualitative format that follows an industry recognised risk assessment methodology.

Support the secure product/system development following a secure by design methodology or following secure coding principles. This may rely on the following:

Network and endpoint security and hardening using technologies and protocols.

Selection of appropriate security components to provide security enforcing functions that can be justified through the evaluation of component's security function and implementation.

Identifying where cryptography can be applied, the fundamentals behind the technology and the ability to select the correct cryptographic product.

An understanding of the threats arising from the exploitation of vulnerabilities in the attack surfaces created across a distributed system and how these can be managed.

Articulate how security in the connected world is best implemented at the point where IT meets other industry domains such as manufacturing/CNI/Operational Technology and military environments.

Identification of the policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing.

Identification of suitable risk management activities (technical, physical or procedural) to direct and control an organisation or a system design to mitigate the identified risks.

Demonstrate a working knowledge of:

Policies and Standards that are required for systems operating in a controlled environments, such as ISO, industry specific for Nuclear / CNI / transportation or government/department policies.

Legal and regulatory topics that merit consideration when conducting various activities in the field of cyber security.

Understanding of human interaction with a system and developing controls that are will be effective, used by the operators and not disrupt user interaction with the system.

Creation of security documentation to support the development of a system, these could include: security Aspects, Risk Assessment, Risk Management, Security Policies, Security Test Plans/Results, Evaluation documents.

Development of tests that demonstrate the effectiveness of the design to meet the security requirements.

Knowledge of hardware, software, people and process vulnerabilities, how they occur, and of techniques that can be used to prevent or detect such vulnerabilities, or to mitigate their exploitation.

Understanding of the software development processes for implementing secure software from the design of the software to the operational use of the software.

High standards in written report and design documentation.

Presentation and communication skills.

Support Business Continuity Planning and Management to prevent and recover from potential threats and ensure the smooth running of an organisation or delivery of a service, and provide continuity of critical functions in the event of a disruption.

Concepts and technologies that are used to engineer systems which inherently protect users' privacy.

Understanding of cyber security solution (tech and process ) testing, exercising, training.

Working in a security risk assessment and risk management role.

Accreditation and certification

Secure Dev Ops

Penetration testing and vulnerability assessment

Manage self as a proactive self-starter

Perform through cooperation

Influence key stakeholders and engage teams and build relationships

Shape solutions out of complexity

A degree or equivalent in related control systems or cyber security. Experience will be considered in lieu of a formal qualification.

CCP SIRA or Architect

CISSP

CISM

CISA

Salaire : 65000

Date annonce : 03/03/2022

Date de debut : 03/03/2022

Lien pour postuler : https://apply.jobadder.com/eu1/3099...

Lien : https://elitecyber-group.com/cyber-...