Role – Senior Security Consultant
Salary – £70-80K
Location – London
Module - Hybrid
ROLE
We are seeking a seasoned
Senior Security Consultant
to lead and drive security initiatives across. Cloud environments, Identity and Access Management (IAM), Threat Modelling processes and Security Operations Centre (SOC) engineering. In this role, you will work with cross-functional teams. to deliver cutting-edge security solutions that address the evolving threat landscape, helping organisations to safeguard their critical assets.
This role requires a mix of strategic vision, technical expertise, and a hands-on approach to solve complex security challenges for our clients.
KEY RESPONSIBILITIES:
CLOUD SECURITY:
* Design, implement and manage secure cloud architectures for platforms like AWS, Azure and Google Cloud.
* Develop and enforce cloud security policies, procedures and standards for cloud platforms, ensuring compliance with frameworks like ISO 27001, NIST, CIS and SOC 2.
* Conduct cloud security posture assessments and recommend improvements to harden cloud infrastructure.
* Oversee the integration of security controls such as encryption, firewalls and SIEM tools within cloud environments.
IDENTITY AND ACCESS MANAGEMENT (IAM):
* Architect and implement scalable IAM solutions to safeguard organisational assets.
* Manage and configure tools like Okta, Azure AD, Ping Identity, or similar IAM platforms.
* Establish best practices for role-based access control (RBAC), single sign-on (SSO), multifactor authentication (MFA), and least-privilege principles.
* Perform continuous monitoring, access reviews and privilege escalation analysis.
THREAT MODELLING AND RISK ASSESSMENT:
* Conduct threat modelling exercises for applications, infrastructure and cloud environments to identify potential vulnerabilities and risks.
* Create mitigation strategies and remediation plans to address identified threats.
* Collaborate with development and engineering teams to integrate security-by-design principles into workflows.
* Stay updated on emerging threats and implement proactive measures to mitigate risk.
SOC TOOLS ENGINEERING:
* Deploy, manage and optimise SOC tools, including SIEM (e.g., Splunk, QRadar), SOAR (e.g. Cortex XSOAR, Phantom), EDR (e.g. CrowdStrike, Sentinel One), and other monitoring tools.
* Develop playbooks and automation scripts to enhance SOC efficiency and incident response capabilities.
* Integrate threat intelligence feeds into SOC workflows for real-time monitoring and response.
* Conduct regular tool performance reviews and implement upgrades or replacements as necessary.
COLLABORATION AND ADVISORY
* Partner with client stakeholders to define security strategies, requirements and roadmaps.
* Provide technical guidance to engineering teams on secure design and implementation.
* Collaborate with DevOps teams to embed security into CI/CD pipelines and ensure
DevSecOps principles are followed.
* Act as a trusted advisor to senior leadership, presenting findings, strategies and
* recommendations.
SKILLS
* Extensive experience in Cyber Security, with expertise in cloud security, IAM, SOC tools engineering and threat modelling.
* Strong experience in securing cloud platforms (AWS, Azure, GCP) and understanding of their native security services.
* Deep knowledge of IAM principles, tools (e.g., Okta, Azure AD, CyberArk), and frameworks.
* Proficiency in leading threat modelling sessions and using relevant tools.
* Hands-on experience with SOC tools, including SIEM, SOAR and EDR solutions.
* Familiarity with compliance frameworks like GDPR, CCPA, HIPAA, PCI-DSS, NIST and ISO 27001.
* Strong scripting and automation skills (e.g. Python, PowerShell, Bash).
* Proven track record of leading security initiatives across complex environments.
* BSc or MSc degree in Computer Science, Information Security or related field.
* Relevant industry certifications such as CISSP, CCSP, AWS Certified Security Specialty, Azure Security Engineer Associate, GCP Professional Cloud Security Engineer, or equivalent.
* Exceptional problem-solving abilities and attention to detail.
* Strong communication skills with the ability to articulate complex security concepts to technical and non-technical stakeholders.
* Proven ability to manage multiple projects and prioritize tasks effectively