Information Security Consultant

Market-leading insurance firm seeking technical security consultant. The role will be centred on providing general security consultancy (project risk assessments) with a focus on working closely with DevOps teams and embedding security throughout the software development life cycle.

Responsibilities:

• Manage security risk for the whole project life cycle
• Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation on internally & externally developed software.
• Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution.
• SDLC (defining Standards, good practices, checklist, operating model for Dev teams)
• Embedding security within DevOps (eg CI/CD pipelines), developing security requirements;
• On-demand Security assessment of various components like Web apps, Containers, Platforms etc;
• Reviewing security assessment reports and create a remediation pipelines.
• Entry level skill in writing code will be preferred.
• Experience in web application security assessments like SAST, DAST etc.
• Experience using tools like GitLab
• Hands on techniques for identifying SQL injections, XSS, CSRF, authentication, OWASP top issues

As an ideal candidate, you will have an industry certification such as CISSP and have expert knowledge DevSecOps. You will also have a proven track record of embedding security at every stage of the software development life cycle.