In this role, you will be a specialist in technology security and will provide support in designing, operating and delivering an independent security service across KCOM for Red Team testing, ethical hacking and penetration testing. You will support developing tests in compliance to security policies, industry regulators and standards.
You will probe the organisation’s networks and operational infrastructure, attempting to find any areas which are vulnerable to attack and identifying methods by which attackers could exploit security flaws.
More specifically, your key accountabilities will include;
- Contributing to the setting of security policies and strategic objectives in relation to information security assurance across the business.
- Scoping and delivering real-world scenario’s using current threat intelligence to test and measure KCOM’s defensive and response capabilities against social, physical, network and application attacks from a simulated real-life adversary.
- Planning and executing ‘no-notice’ assessments through a network of trusted agents to ensure negligible impact security tests based on pre-defined scopes and in support of new developments.
- Creating and managing a Forensics Readiness Plan and lead digital forensic investigations.
- Supporting the implementation of an enterprise security architecture, using best practice where relevant, to develop consistent security practices across the organisation and ensure security is considered in all processes and technologies.
- Providing clear reports to senior management, highlighting vulnerabilities and weaknesses with recommendations to fix them.
- Maintaining an accurate and up to date knowledge of information security issues, keeping abreast of new technologies, methodologies, techniques, vulnerabilities and market trends and communicate this appropriately.
- Assisting drive changes in design and delivery processes to ensure a ‘secure by design’ culture
- Acting as a senior point of contact in relation to technical security.
- Create a trusted technical security community within KCOM and chair a technical security forum monthly.
- Providing independent technical advice and guidance on security tools and techniques.
- Having a clear understanding of the information security threats facing the business and the current position in relation to mitigation.
- Consideration of information security obligations in all areas of the business as part of Business as Usual, indicating a clear change in the culture of the business.
- Providing regular, clear reporting to the Director of Risk Management on information security risk to understand the current position and potential future threats.
You will be CREST, Cyber Scheme or Tiger Scheme certified and be able to demonstrate previous experience in;
- Design and architecture security assessments
- Vulnerability and penetration testing of different types of networks (including telecoms)
- Cloud and Web Application penetration testing
- Simulated event testing
- Red Team testing
- Providing independent coherent reports to senior management
- Malware Analysis
- Digital Forensics investigations
- Telecommunications industry
This role can be based from either our Hull or Wakefield offices.
The benefits package includes; a car allowance, a bonus, 25 days holiday, competitive pension contributions, private medical insurance and access to our flexible benefits scheme.
- Professional community:Business Services
- Location:Hull – Salvesen Way
- Working Hours:37.5