Main Purpose of the Role & Responsibilities in the Business
As a Lead Security Engineer (Consultant) in Kainos, you will be responsible for leading our security engineering and security testing efforts across Kainos Platforms and Services. You will set direction on our security testing methodology, engagement scoping, outputs and tool/technology selections, whilst developing our more junior security engineers accordingly. You’ll work with agile delivery teams to develop good security practices throughout the software development journey. As a technical leader, you will share knowledge and help educate our customers and Kainos team members on good security practices. You will manage, coach and develop a small number of staff, focusing on managing employee performance and assisting in their career development, and provide direction and leadership for your team as you solve challenging problems together.
Minimum (essential) Requirements
- Expertise in securing Web Applications and Cloud Platforms (e.g. AWS/Azure).
- Expertise in testing software and infrastructure security using existing manual or automated security tools, e.g. perform and document penetration tests on web-based applications, networks and computer systems.
- Expertise in assessing software and infrastructure source code from a security standpoint.
- Expertise in Continuous Security, Continuous Integration and Continuous Delivery techniques.
- Knowledge of international security standards and regulations such as NCSC, NIST, CIS, PCI, GDPR, OWASP ASVS, HIPPA, SOC2 etc.
- Knowledge of typical cyber security attack vectors (e.g. OWASP Top 10, SQL, XSS, XXE, MITM etc.) and can articulate threats and risk via threat modelling exercises/workshops.
- Excellent communication skills, with the ability to convey security complexities to audiences of various technical abilities.
- Demonstrated ability in managing, mentoring and coaching members of your team and wider community.
- Good programming or scripting experience across Windows/Linux/MacOS.
- Stays up to date with new threats and attack types.
Desirable
- Penetration testing qualifications (e.g. OSCP, CREST, TIGER or equivalent).
- Experience of working with external penetration test companies to translate report findings into actionable tasks.
- Experience with security tools (e.g. Burp Suite, OWASP-ZAP, NMAP, Nessus, Kali, Metasploit).
- Knowledge about main cyber security areas (e.g. OSINT, network scanning, enumeration, sniffing, session hijacking, social engineering, firewalls, honeypots, IDS/IPS/WAF/AV/DLP, Cryptography/PKI, IoT threats, trojans/viruses/worms/backdoors/ransomware).
- Active participation in knowledge sharing activities, both within the team and at a wider level.
- Active in the security community – conference speaking, active sharing of knowledge externally.
- Experience of working in an Agile environment.
Embracing our differences
At Kainos, we believe in the power of diversity, equity and inclusion. We are committed to building a team that is as diverse as the world we live in, where everyone is valued, respected, and given an equal chance to thrive. We actively seek out talented people from all backgrounds, regardless of age, race, ethnicity, gender, sexual orientation, religion, disability, or any other characteristic that makes them who they are. We also believe every candidate deserves a level playing field.
#J-18808-Ljbffr…
