Who we are:
You'll be joining the 6th largest IT Service Provider, present in more than 50 countries. From our roots in Japan, NTT DATA's mission is to facilitate business change and technology transformation across many industries for a better future for our business, people and community. Some of the projects we have supported include the digitising of The Open golf tournament and applying Formula 1 technology to support medical staff at University Hospitals Leicester.
Everything we do is underpinned by our core values of 'Clients First', 'Teamwork' and 'Foresight' and we achieve these by putting people first.
We support and celebrate our differences and preferences, these are what makes us unique. Some of our initiatives, collectively known as “DO Diversity”, aim to create a space for us to learn and get involved in building a truly diverse environment. Our Culture & Ethnicity Network gives our colleagues a platform to share their various backgrounds; Our NINGEN programme allows the new generation of NTT DATA employees around the world to connect and shape the future of our organisation and the “City Gives Back” allows us to support our local community that has been affected by the COVID-19 pandemic...and much more!
What you'll be doing:
We are currently recruiting for Application & Cloud Security Consultant to join our growing client delivery business. The successful candidate will be obsessive about solving business and client challenges, with a strong focus on security risk to help tackle and direct client challenges. This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
You will be working in the Strategy, Design and Transition phases to unpack and evaluate challenges and change. Drawing upon your strong Security Application Testing & Cloud Architecture experience you will:
- Client needs in terms of; outcomes, stakeholder engagement and risk mitigation
- Stakeholder requirements for protecting the organisation’s mission and business processes.
- Operating structure, capability, process, taxonomy and good practice gaps
- Client Security Testing Requirements.
- Security gaps in both testing process and infrastructure.
- Any assumptions, issues and dependencies.
Review, challenge/validate -
- Project solution / application architecture Change – with a Security lens.
- Impact and risk associated within any Project Changes.
- Validation of testing outcomes and success criteria.
- Project testing strategy, test plans, test scenarios and approach.
- Change Impact & Risk assessment.
- Security environment objectives and targets.
- Appropriate; metrics, and processes to achieve objectives and targets.
- Weekly reporting on testing progress – for Client CISO.
- Qualification and Scoping of engagements
- Structured assessments to identify findings
- The setup of the testing environment, using:
- Application test plans and scenarios.
- Application Security Industry Good Practices.
- To build in security into the clients development process.
Oversee, evaluate and support -
- Documentation, validation, assessment, and authorisation processes necessary to assure new and existing information
- Discovery and audits, for extraction of findings and documentation of recommendations
- The adoption of frameworks such as ISO27001, NIST CSF and GITC and using these to implement outcomes.
- Subject matter expertise in Application / Cloud Security.
- Subject matter expertise in SSDLC and DevSecOps practices, frameworks and methodologies.
- The ability to take feedback & lessons learnt from both clients and colleagues.
- Knowledge of the OWASP top 10 and other common application vulnerabilities.
- Experience in Application & Infrastructure security testing including Static Application Security Testing, Dynamic Application Security Testing and security compliance activities.
- Experience of integration / operation challenges with security testing toolsets for example: MicroFocus Fortify SCA, WebInspect, App Defender, Black Duck, Sonatype, SonarQube, Qualys and TripWire (IP360), Burp Suite, Synk, Twistlock.
- Experience of testing and implementing security practices around waterfall SDLC’s as well as any agile CI/CD systems.
- Experience in analysing / reviewing source code review and security test results in order to make recommending remediation actions.
- Previous experience of working both on-premise and cloud based environments (AWS, Azure, GCP) would be an advantage.
- A good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS
- A good understanding of hardware load-balancing, firewalls, multi-tiered architectures.
What you'll need:
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have an Engineering and broad security delivery background and experience in operating at client Consulting and Advisory level for all things Application & Cloud Security;
- Proactive self-starter, able to orientate quickly to different challenges and environments.
- Holder of an application security certification – Check, Crest, OSCP, CSSLP or equivalent experience.
- Extensive, multi-year project experience in complex environments.
- Ability to operate in demanding situations whilst still having relentless drive to deliver with enthusiasm.
- Strong influencer, with a wide range of styles, having ability to build good working relationships with delivery partners and senior levels within the organisation
- Must be able to interface with and manage relationships with architects, business people, and technologists at senior levels, showing competence in all three areas.
- Continued personal growth attaining any necessary further security qualifications and learning
- Sometimes we work with Public Sector clients where Defence Vetting to such as SC maybe required, as such you hold or are willing to hold vetting certification, this can be beneficial
The focus on Clients First, Teamwork and Foresight is in our DNA and we are looking for someone who shares and embodies these core values, leading by example.
We don't look for finished articles. We look for people who want to continue their career growth alongside NTT DATA 's.