Security Consultant - Apps

Email a friend

Location

UK Wide

About Us

Capgemini is expert in IT infrastructure and application integration. We offer a complete range of cybersecurity services to guide and secure our clients’ digital transformations. Our Cybersecurity Unit brings together 2,500 professionals to help define and implement our clients’ cybersecurity strategies. We protect their IT, industrial systems and the ever growing number of products and systems enabled by the Internet of Things (IoT). We also strengthen their defences, optimize their investments and control their risks. Resources in our Cybersecurity Unit include security experts (e.g. experts in infrastructure, applications, endpoints and identity and access management), a research and development team (whose members specialize in malware analysis and forensics), ethical hackers, five multi-tenant security operation centers (SOC) in different parts of the world, and an Information Technology Security Evaluation Facility. We are also a global leader in testing.

Main Purpose of Role

Exciting plans for accelerating the growth of Capgemini’s cybersecurity business mean we are looking to expand the UK part of our Cybersecurity Unit. We want top-flight Security Consultants, Senior Security Consultants and Managing Security Consultants who can think like an attacker and address our clients’ cybersecurity challenges with market leading solutions. As one of our consultants, you’ll work with wide range of different clients and can expect to apply your technical expertise, insight and imagination to lots of different assignments.

Key Responsibilities

• Being a focal point for identifying, analysing, evaluating and resolving security and information risks affecting our clients’ existing solutions and new solutions we deliver for them
• Directing the selection, design, development and implementation of technical, physical, personnel, process and procedural security controls for existing and new solutions
• Checking existing and new solutions comply with applicable laws, regulations, standards, policies and guidance on security and information risk management
• Explaining to risk owners and other stakeholders (business and technical) the causes, likelihood and potential business impacts of security and information risks throughout the information systems lifecycle
• Supporting sales initiatives by, for example, contributing to Pre-Qualification Questionnaires (PQQ), Invitations To Tender (ITT), client meetings and presentations
• Providing security thought leadership (on specific assignments and to the market at large)

Skills and Experience

We expect all our consultants to match the following specification to an extent commensurate with the seniority of the role for which they are applying.

Essential:
• A rounded understanding of information security;
• Client-facing and business development skills;
• Know-how and real-world experience in delivering at least one of these services:
• Strategic consulting (e.g. security maturity assessments, defining Cybersecurity roadmaps etc.);
• Operational consulting (e.g. using the 27000 series or frameworks from sources such as ISF, NIST etc. to deliver security risk assessment, determine security objectives and requirements, and produce organisational and technological policy and procedures);
• Audit services (e.g. assessing the appropriateness of security in organisations, architecture or configuration, assessing and advising on how to achieve compliance with significant standards and regulation such as PCI-DSS, SOX, DPA etc)
• Ability to balance security and information risk against requirements such as usability, agility and cost;
• Ability to translate security policy requirements sensibly into technical solutions;
• Ability to quickly recognise and overcome ambiguity;
• Propensity to think innovatively (recommending alternative solutions to meet security requirements);
• Strong appreciation of the pros and cons of security enforcing solutions from a business perspective;
• Demonstrable success in delivering security-related projects;
• Relevant professional certification (or commitment to achieving such).

Desirable:
• Detailed knowledge of at least one industry sector;
• Knowledge and experience in any of the following:
• Application security e.g. security testing, security of web-based applications (including SDLC) or security of embedded applications in industrial or consumer devices;
• Data centre security e.g. cloud security, storage security or secure virtualization;
• End-point security e.g. security of office-based workstations, mobile devices or industrial control system devices;
• Identity and access management (IAM) e.g. implementation of specific IAM products or accompanying business change).

Person Profile

• Professional integrity
• Pragmatism
• Collaborative instincts
• Client focus (able to understanding and assimilating clients’ views, concerns and issues)
• Analysis and judgement
• Interpersonal and communications skills
• Fast learner
• Self-confidence and resilience
• Personal organization and time management

Email a friend