Information Technology Security Consultant

Xceedance

Website: xceedance.com
Job details:

Job Responsibilities:

We seek a Security Architect to join the

1. Security Analysis & Requirements: Evaluate current security posture, identify vulnerabilities, and define pragmatic security requirements aligned to Xceedance’s risk appetite and Target Operating Model.

2. Framework Application: Apply the OWASP Top 10 principles to our software development and deployment processes. Leverage MITRE Frameworks (ATT&CK, D3FEND, and Insider Threat) to develop and apply to security patterns.

3. Threat Modelling: Use Threat intelligence to inform potential attack scenarios to conduct threat modelling exercises using STRIDE and/or DREAD to anticipate potential security issues.

4. Risk Assessment & Control: Conduct risk assessments considering exposed vulnerabilities. Propose layered controls to reduce threat profile and enhance detection capability.

5. Cloud(Azure) & Container Security: Stay updated with the latest cloud and container security patterns. Apply best practices to ensure the security of our cloud infrastructure and container deployments.

6. Product Architecture Documentation: Develop and maintain detailed architect documentation that embeds security with the best practices and protocols.

7. Proactive Security: Stay updated with the latest security threats, trends, and technologies. Spearheaded proactive measures and initiatives to enhance the organization’s security posture and standing within the industry.

8. Continuous Improvement: Assess and optimize existing security processes, workflows, and tools to ensure efficiency and effectiveness through automation.

Position Specific Skills:

Bachelor’s degree in computer science, Information Security, or a related field.

• 5-8 years of experience in cybersecurity roles, with at least 2 years in security architecture.

• Strong knowledge of: Cloud Security (Azure) and container security, Threat modeling techniques (STRIDE, DREAD), Security frameworks (OWASP, MITRE ATT&CK/D3FEND), Risk assessment, and layered security controls.

• Demonstrable, fostering a positive and collaborative work environment. Individuals may have attended several external 'security meetups' in the last two years.

• Ability to analyse complex security issues and provide pragmatic solutions.

• Strong verbal and written communication skills, with the ability to convey complex technical information to non-technical stakeholders.

Preferred Certifications: Certified Ethical Hacker (CEH), CompTIA Security+, AZ-500, SC-100

Click on Apply to know more.