JOB BOARD

• Experience of implementing security in the software development lifecycle 

• Experience with secure development tools/activities such as SAST, DAST, vulnerability management, threat modelling 

• Proficiency in English – written and verbal and experience of working with geographically dispersed teams 

• Experience working in an agile, DevOps/DevSecOps environment 

• You will be an experienced and empathetic leader or manager who values collaboration and teamwork.

• You will have a proven track record in digital and information security roles.

• You will have experience of working with grassroots movements, organisations, and activists and/or international nonprofits and foundations.

• You will have considerable digital and information security expertise and be able to communicate and apply that knowledge clearly, concisely, and effectively.

• You will be sensitive to the progressive and rights-based missions and diverse profiles of our clients and other stakeholders.

• You will have excellent written and spoken English.

• Experience in Security or a Security-adjacent field. We are open to junior, mid-level and senior candidates as we are recruiting multiple Security Engineers to join the team.

• Experience with Microsoft Azure and/or cloud infrastructure platforms

• Knowledge of modern adversary tactics, techniques, and procedures.

• Proficiency with a scripting language (e.g. Python, Bash, PowerShell, or similar).

• Ability to empathize and collaborate with colleagues, independently manage and run projects, and prioritize efforts for risk reduction.

Important skills and experience:

• Agile / scaled Agile delivery, Programme management, Resource management and providing technical and service leadership to junior SOC Engineers (mentoring/coaching) 

• Proven communication skills and experience in writing documentation for clients.

Important Knowledge:

• C2M2, NIST CSF, NIST 800-53, NIST 800-171, NIST 800-172, ISO 

• Current market and emerging leaders in data analytical and SIEM platforms. Network security implementations (e.g host-based IDS, IPS), including their function & placement

• Cyber defence and information security policies, procedures, and regulations and Network security architecture concepts, including topology, protocols, components, and principles.

• Experience of business continuity practices within industry (ideally in the financial sector), including understanding of end-to-end incident management processes. This should include an industry recognised qualification relating to business continuity, disaster recovery and incident management (for example; ITIL (V3 or 4), CBCI, CBCP, ISO, BCM, CCIM, etc.) or appropriate equivalent work experience.

• Experience in leading practice business continuity and incident management practice standards, such as ITIL and ISO (business continuity, disaster recovery and incident management-related)

• The successful candidate will hold or will be required to obtain Security Clearance (SC) level vetting

• 5+ years in a hands-on security or software engineering related role A technical background rather than a pure compliance background would be preferable

• Knowledge of common security and compliance certifications and frameworks, such as ISO 27001, SOC 2 type 2, PCI DSS, FedRAMP, HIPAA etc.

• Experience in responding to data security questionnaires

• Experience investigating or dealing with software or infrastructure security issues

• Good understanding of software development and infrastructure common practices, especially related to SDLC