Security Architect

Core Technology Systems ,
London, Greater London

Overview

Job Description

Overview Core is a Microsoft 365 partner that helps our clients improve the way they work through digital transformation. We put them back in control of their IT, and help them drive their business forward using IT. We are proud of our rich history of technical achievements, dating back to 2001, when we implemented the UK's first Microsoft SharePoint system. Role Summary Manage the security needs of Cores Managed Service clients including maintenance of ISO27001 certification. Heavily focused on Microsoft Security products, the role includes monitoring and management of pre and post breach incidents and overall service improvement and growth planning for the security dept. Objectives of the Roles * Provide a secure managed environment for Core and Cores customers * Provide pre-sale expertise around Security solutions. * Conduct client security assessments and workshops. * Develop High and Low Level Design documentation as follow up to the assessments * Hands-on participation in building secure client environments based on Microsoft E3 & E5 365 solutions including Azure Identity, Azure ATP, Azure Information Protection and Azure Sentinel Duties and Responsibilities * Work closely with enterprise architects, other functional-area architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements; * Assess and understand Core's current security posture and future architecture, providing recommendations for improvement and risk reduction * Develop the business, information, and technical artefacts that constitute the enterprise information security architecture and solutions * Serve as a security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices * Contribute to the alignment of security governance with ISO27001 and contribute to the development and maintenance of the information security strategy in accordance with the standard * Researches, designs, and advocates modern technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors * Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks * Communicates security risks and solutions to business partners and IT staff * Design security configuration guideline for information technology devices and systems, as well as mechanisms for assessing compliance with the guidelines * Design and build controls to address security risks and events as identified * Embrace a culture of continuous service improvement and service excellence * Stay up to date on security industry trends Skills/Experience Required 5-10 years in the Information Security industry Strong experience with security strategy, with a passion to make security realistic, achievable and interwoven with the business fabric Strong experience with a broad range of Microsoft security technologies, including Defender, DLP, EOP, NAC, IDS/ IPS, IDAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management; Exposure to Office 365 E3 and EMS E3 security features such as; Microsoft Intune Azure Multi Factor Auth Conditional Access Control Self Service Password Reset configuration Microsoft Cloud App Security Azure ATP Azure Sentinel Azure Information Protection Azure AD P1 & P2 E5 features Advanced eDiscovery Customer Lockbox Advanced Data Governance Service Encryption with Customer Key (nice to have) Office 365 Privileged Access Management PowerShell scripting skills * Strong oral, written, and presentation abilities -able to convey risk to all levels of the business, from C-level executives to operations and development teams * Strong experience in migrating enterprise companies from traditional data centre infrastructure, application and data designs to hybrid or fully-cloud enabled practices * Strong experience with cloud provider ecosystems, including Microsoft Office 365 E5 SKUs and Microsoft Azure. * Some experience with Unix/Linux and Windows system administration * Some experience with logging and alerting platforms, including SIEM integration * Some proven ability in security process and organizational design * Current understanding of Industry trends and emerging threats * Knowledge of incident response methodologies and technologies. * Well-rounded background in network, host, database, and application security; Desirable * Formal training in and experience using an enterprise architecture methodology (for example, the Zachman Framework or TOGAF); * Experience driving a culture of security awareness * Experience with the Data Protection Act 1998 and the new GDPR regulation * Experienc