AWS Technical Security Consultant

Role: Technical Advisory Security Consultant This is a Technical Advisory Cyber Security consultancy role with specific focus on assisting clients with Security Improvement and Remediation and Transformation programmes. Understanding the Security needs and aspirations of a client Delivering Technical Security Improvement and Remediation programs Guiding Design and Implementation of Cyber controls The C&I SIR practice works with NCC Group clients to deliver prioritised programs of security improvements: in close collaboration with NCC Group security audit, Incident Response, Penetration and Red Teams. Security Consultants play key roles in these client assignments: as recognised security experts they drive change, as well as advising clients and their service providers on changes they will make. Key to this role is assessing and enhancing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews. As part of a project team, they help to identify priorities, ensure delivery is happening at pace, and validate that improvements are properly implemented. This is a role which requires strong technical skills with a need to understand how the enhancement delivered can mitigate a part of the attack life cycle, some situations may require hands-on skills or over the shoulder guidance throughout the implementation of security principles for clients, as well as advising clients and their service providers on changes they will make in collaboration. Ensuring that a client Security Posture is materially impacted in a positive manner over the duration of an engagement. Assessing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews Providing technical input for work plans and project costings. During the lifetime of a project provide technical input to the prioritisation and planning processes. Creating technical content for project documents Collaborating with project managers on project status, resource allocation and project risk – preferably using Agile approaches Reviewing improvements delivered to ensure they deliver the expected risk mitigations. Clear knowledge of cyber security principles and the understanding of an attack chain lifecycle, though it is not essential to come from a pure play cyber security background. Demonstrate understanding of Cyber security frameworks, i.e. Ability to consume security reports and to recommend appropriate steps to mitigate concerns Well-rounded knowledge of IT roles and responsibilities which support security. Network engineering and support, Infrastructure engineering, Information security management and IT compliance Knowledge and understanding of modern Windows, Active Directory, Entra ID and Microsoft 365 Knowledge of the basics and advantages of Azure, AWS, GCP. Writing clear and accurate documentation Recognised expertise and qualification in IT information security management, or IT compliance Experience of working in an agile environment Windows, Active Directory, Entra ID (Azure AD) and Microsoft 365 Azure, AWS, GCP DevOps, CI/CD, software development and testing, infrastructure as code Network engineering and support Infrastructure engineering and support Information security management, IT compliance Blue team, network defense, protective monitoring engineering Understanding of DevOps, CI/CD, software development and testing, infrastructure as code A cyber security qualification such as CISSP or CISM Agile certification A technical cyber security qualification such as CEH In-depth knowledge of cyber security frameworks such as MITRE ATT&CK – which have heavy technical elements and the ability to relate those to Key controls in less technically focused frameworks. Agile certification Provides tools, resources, and support to team members, fostering an environment where they can thrive and excel. Actively seeks opportunities for personal and professional growth, championing learning and evolution for oneself and the organisation. We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace.