Who you’ll be working with
With incidents of cyber-crime frequently in the news, Capgemini’s clients are increasing conscious of the need to protect their systems and data. The successful applicant for this role will join Capgemini’s Inverness based UK Security Operations Team, which in turn forms part of the Company’s Global Cybersecurity Unit.
The Highland Security Operations Centre (HSOC) has proven highly successful since its formation in 2014 and serves a range of government and commercial clients headquartered in the UK and Continental Europe. Successful applicants will have the chance to develop a career which in the future could see them working in areas such as Protective Monitoring, Threat Intelligence, Vulnerability Management, Penetration Testing, Digital Forensics and Identity & Access Management.
The HSOC does now have office space in Nairn and there are plans during 2018 to refurbish this into a second Highland SOC. However do note that whilst some opportunity to work from the Nairn office does exist right now, all training will be done in Inverness.
The focus of your role
The Security Compliance Consultant will report to the HSOC Manager and provide service to the Capgemini Account Security Assurance Manager with responsibility for measuring and reporting of Capgemini’s compliance with client security requirements, ensuring that all identified non-compliances are escalated to the relevant teams responsible for the implementation of the requirement, and where necessary assist the team in formulating any necessary remediation plans.
The role is full time with a 37.5 hour week worked Monday to Friday Core Hours. As part of the mutualised HSOC team HMG security vetting clearance at SC level is required. Successful applicants not already in possession of SC will need achieve this during their probation period; HSOC staff will assist and advise.
What you’ll do
The principle tasks include:
- Conduct security risk assessments
- Provide necessary input into Security Accreditation documentation
- Provide a security compliance point of contact for Accreditors and Project teams
- Make security improvement recommendations and create the supporting business cases
- Collect and interpret security compliance evidence, providing quarterly security compliance reports.
- Plan, conduct and examine security tests, reviews and audits as necessary.
What you’ll bring
Applicants will need to have experience/knowledge of, some or all of the following along with the desire and aptitude to train and gain competency in the remainder:
- Good general networking and internet services knowledge
- Previous Cyber Security experience – for project-related security assessments etc.
- Unix/Linux, Windows, Middleware
- Penetration Testing (analysis and review of internet service Penetration Test reports)
- Windows/Unix patching methodologies
Experience in use of some of the following would be advantageous, but it is of great importance to demonstrate an aptitude and desire to train and gain competency in them.
- Experience of Vulnerability Management software tools – e.g. QualysGuard, Tenable (Nessus) etc.
- Shell or Perl Scripting
- Security technologies:
- Proxy Servers
- email filtering
- Understanding of current industry security issues and solutions
- The ISO 27001 Security Standard
The successful applicant should also be able to demonstrate:
- An analytical mindset with skills essential for security investigation and management work including:
- The ability to spot and asses security risk wherever it may exist
- An enquiring mind that does not necessarily accept things at face value
- Excellent decision making skills
- The ability analyse a situation and identify the best course of action
- Good interpersonal and team-working skills, including a willingness to share information and experience with colleagues
- That they have the ability to communicate effectively, both verbally and in writing, with a range of people including: end users, other support teams, third party support technicians and potentially, (in the case of a potential or actual security breach) senior Capgemini and client management
What we’ll offer you
Professional development. Accelerated career progression. An environment that encourages entrepreneurial spirit. It’s all on offer at Capgemini. And although collaboration is at the core of the way we work, we also recognise individual needs with a flexible benefits package you can tailor to suit you.
Why we’re different
At Capgemini, we help organisations across the world become more agile, more competitive and more successful. Smart, tailored, often ground-breaking technical solutions to complex problems are the norm. But so, too, is a culture that’s as collaborative as it is forward thinking. Working closely with each other, and with our clients, we get under the skin of businesses and to the heart of their goals. You will too.