Back to Job Search
Cloud Application Security (DevSecOps) SME
Digital, London
Apply now
Apply now
Cloud Application Security (DevSecOps) SME
Digital, London
Apply now

What you'll be doing:

We're looking for a Cloud Application Security SME to join our delivery team, and help shape and direct our clients' security transformation journeys.

We work closely with the public sector, and as such you will be required to undergo SC clearance for this position. 

 

Here's some points on what to expect: 

  • Working within agreed timelines throughout the evaluate, design and build phases to identify security requirements; define application security solutions; configure and test using DevSecOps tools and platforms.
  • Leveraging your core competence and knowledge of industry Application Security standards, frameworks and good practices to support security reviews, enablement, validation or definitions of application security outcomes.
  • Identifying:
    • Client needs for application security technology/tools and process adoption.
    • Technical security requirements, both functional and non-functional.
    • Gaps, issues, assumptions and failings in the client application security landscape.
    • Client needs in terms of outcomes, stakeholder engagement and risk mitigation.
  • Defining:
    • Project testing strategy, test plans, test scenarios and approach.
    • Security environment objectives and targets, including change impact and risk.
    • Cross-team implementation plans.
    • Appropriate metrics and processes to achieve client objectives and targets.
  • Enacting:
    • The setup of application security specific components and processes for development, test, and production environments.
    • Application security and DevSecOps technology implementations and configurations.
    • Robust practices for the protection and security of client systems
  • Oversee, evaluate, and support:
    • Discovery and audits
    • Documentation, validation, assessment, and authorisation
    • GRC Consultants and Service/Solution architects in the securing of products and services.

 

What experience you'll bring:

You're somebody that's obsessive about solving business and client challenges, and take a strong focus on security risk to help tackle client challenges.

 

You have an egineering background and have experience operating at a client advisory level. You use your ability to blend your technical knowledge and consulting ability to craft market-leading solutions to multi-million pound problems. 

 

You should be experienced in: 

  • Designing and building within a public cloud environment (E.g. Azure, GCP, AWS)
  • Skilled in programming, with expertise in your language of choice (E.g. Java, Python, TypeScript, Go, Rust).
  • Strong understanding of API protocols such as REST, SOAP, gRPC, GraphQL, WebSockets and how to secure them. 
  • DevSecOps frameworks and methodologies. 
  • OWASP
  • Application and IaC security testing (SAST).
  • Integration/operation challenges with security toolsets, for example: Synopsys, Veracode, Checkmarx, Cequence, Akamai, Salt, GitLab, MicroFocus Fortify SCA, WebInspect, App Defender, Sonatype, SonarQube, Qualys and TripWire (IP360), Burp Suite, Synk, Twistlock. 
  • Knowledge of RDBMS (E.g. MySQL, PostgreSQL, MariaDB, Microsoft SQL Server, and Oracle Database)
  • Knowledge of Secure by Design and Zero Trust principles. 

 

Who we are:

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

 

For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA

Back to search Email to a friend Apply now

Service Line Manager

Warren O'Driscoll
Head of Security Consulting

Warren is a seasoned security consulting advisory leader & practitioner, who has worked in the Professional & Consulting Services sector for more than 25 years. Employed by NTT he holds a trusted client advisory & consulting role as well as working in client executive or director level roles, Warren is focused on building, leading & directing corporate security functions, educating client boards & executive management on Information & Cyber Security risks, defining strategies in Enterprise & Service Provider environments, as well as helping clients solve individual Cyber & Info. Sec. challenges. Warren understands business language, identifies key drivers and links this to his extensive experience in enterprise security, strategy & road mapping, audit, and a depth of knowledge in a portfolio of security, risk and privacy / industry methodologies & frameworks; NIST, ITIL, SABSA, TOGAF, COBIT, COSO & ISO to name just a few.

View LinkedIn
Location
Epworth House, London

“Upon joining the NTT DATA UK family, you will experience a culturally diverse organisation living our values of Clients First, Teamwork and Foresight as we partner with our customers every day.

At NTT DATA UK, we are proud to support and invest in our people. We offer a variety of rewarding career paths and opportunities to develop professionally - with access to cutting edge innovation.”

Fernando Apezteguia, CEO, NTT DATA UK

NTT DATA
#loveyourwork
Apply
Jobs at NTT DATA

Browse all