About The RoleEssential duties & responsibilitiesWork within a dedicated security engineering function that accelerates the delivery of creative and secure capabilities for cloud products.Design and implement security architectures for cloud-based systems.Build security control framework and generic reference architectures for cloud-based applications.Assist with identifying security requirements to be followed by LoB/Dev teams when building Cloud applications.Perform risk assessment, threat modelling and review existing cloud security architectures to identify potential areas of weakness or need for enhancement.Perform security assessments including threat modelling and security integration. Ensure that security design and controls are consistent with organization's security architecture principals.Align cloud security practices with industry frameworks such as NIST, CIS, and CSA.Develop configuration hardening guidelines for Cloud Services (AWS, Azure, GCP)Provide expertise on encryption, key management, identity and access management (IAM), network security, and other cloud security technologies.Communicate effectively with stakeholders to provide regular updates on cloud security status and issues.Continuously evaluate the cloud security architecture for improvements and to accommodate changing cloud environments, accommodating for scalability, reliability, and availability.Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private and hybrid environments.About YouPosition SpecificationsIT Experience: 2 -10 yrs 2+ years of Information Security experience in areas of Information/Cloud SecurityIn-depth knowledge of any public cloud technologies (AWS, Azure, Google Cloud Platform) and associated security risks and controls.Demonstrated knowledge of software development processes (SDLC/Agile/Iterative/DevOps)Experience of delivering security solution architecture from end-to-end.Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls.A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.Ability to keep up to date with technology and security. Make informed decision and appropriate adjustments.Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex topics.Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.Familiarity with containerization and orchestration technologies (Docker, Kubernetes, etc.).Experience with Infrastructure as Code (IaC) tools (like Terraform, Ansible).Professional security management certification, such as a CISSP, CISM, CCSP, or similar.About UsAbout ClaranetFounded at the beginning of the bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernization experts, who deliver solutions across 11+ countries.At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.We are agile, focused and experienced in business modernization. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds, or as homeworkers.Working for ClaranetHere at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean with). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access.But what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organize key charity fundraising event per year and have a dedicated committee responsible for supporting employee’s fundraising efforts.Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organizations, we are dedicated to building a more diverse and inclusive workforce. We are also very proud members of Tech Talent Charter, a government supported, industry-led membership group created to address the UK’s tech talent shortage and diversity gap through collective action.Claranet Cyber Security is a world class business unit within Claranet, giving customers access to market-leading information security services spanning, training, consulting, and managed security services. Formed through the combined forces of NotSoSecure (based in US, UK and India), the UK Security Business Unit (previously known as Sec-1), and units in Brazil, France and Portugal.Our work takes us around the world where we speak and provided Hacking Training at top security events such as Blackhat, AppSec, OWASP, Ruxcon Breakpoint, Defcon, HITB, and Bru CON. Our Penetration Testing work feeds into this; we apply our research and share our knowledge through our Hacking Training, white papers and tools. Check out our blog posts on the NotSoSecure website.The team has a strong heritage of penetration testing, consultancy and security training for leading worldwide brands, built on the quality of its technical team and excellent customer service. In recent years the teams have also created a number of new managed security services and has aspirations to grow significantly over a number of markets, including US, Brazil, France and Germany, through sales to existing and new medium and larger enterprise organizations.Our VisionOur vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.Role SummaryAn advanced skillset position, the Information Security Architect is responsible for assessing and designing security solutions that protect the business but also allow the business to execute and innovate. The Information security architect works closely with many diverse and dynamic teams, including, but not limited to, various silo of Information Security, IT infrastructure, application development, security operations, security audit and end users. This position is also responsible for performing security assessments and partnering with the business to complete security assessments.The Information security architect provides expert guidance for addressing current security issues, perform security architecture assessment, has the foresight to see where the industry is headed and proactively deliver optimal secure solutions. The architect is expected to think like an adversary and identify how solutions should evolve as the threat landscape changes. Individual must possess strong communication and organizational skills, and the ability to guide less experienced coworkers. The architect provides technical leadership to delivery and solution design team members
Job Title
Senior Cloud Security Architect