Role Description
The SecOps Consultant reports into the Mastek SecOps Lead for the Customer programme. With direction from the SecOps Lead, this role is responsible for ensuring that security procedures are maintained in compliance with the Government Security Classifications framework and are continually improved and developed in accordance with good practice, legislative change and Home Office policies and procedures.
Duties will include:
•maintenance of security operating procedures (SyOps) and information security management policies
•reviewing presented designs to ensure security compliance
•threat modelling
•assurance of patching operations and release notes
•performing and reviewing release vulnerability scans
•contributing to vulnerability risk assessments
•assessment of external threat feeds
•conducting security incident investigations
•creating and reviewing ITHC Remediation Action Plans
•contributing to certificate management ceremonies
•reviewing digital access requests and supporting Joiner/Mover/Leaver process
•reviewing Technical Implementation Plans
•creating and maintaining ITHC change management and delivery kanban board tickets
•contributing to the maintenance of a security awareness culture
•attending in-person meetings in the office 2-3 days per week
This would be an exciting position for an experienced Security Consultant who is seeking new challenges to be part of a technically complex, secure government cloud services programme.
Skills and Qualifications
Essential:
•Proven experience in excess of 5 years of undertaking a similar role
•British UK resident and have Home Office SC and NPPV3 clearance (or willing to undergo clearance process)
•the ability to obtain all relevant UK Government clearances
•In-depth understanding and experience of Home Office security processes
•Experience in supporting secure government cloud migration/transformation projects
•Experience in developing, maintaining, and monitoring policies and procedures so that the business remains pro-actively compliant with current security guidelines and legislation
•Experience in investigating security breaches
•Experience in delivering security training and awareness initiatives
•Flexibility to travel with the UK, especially Croydon and Birmingham
•Strong written and oral communication skills
•NCSC IA Architect / SIRA (Senior) or ex-CLAS (current or previously held)
•Certified Information Systems Security Professional (CISSP)
Desirable:
•Knowledge of Home Office clients and specific standards and policies
•Relevant certifications and qualifications
•Understanding of other relevant legislative compliance aspects (e.g. GDPR)
•Experience in undertaking the design of required security controls for new projects or application services
•Experience in undertaking similar roles in the delivery of Critical National Infrastructure
•Awareness and understanding of public cloud security controls and accreditation processes
•Experience of using Agile project delivery toolsets (Jira, Confluence, ServiceNow, CI / CD)
•Supporting presales activities when required in defining information security response to potential UK Government clients
#J-18808-Ljbffr