SNC-Lavalin is going through an exciting period of change. A Canadian listed engineering and construction firm, on July 2017 they acquired the UK engineering consultancy Atkins bringing with it a great opportunity to re-position the SNC-Lavalin brand in the eyes of our markets and ahead of our competitors. The combined group now has approximately 50,000 employees around the world and both Atkins and SNC-L’s offerings combined give us the opportunity to continue our growth. The future of engineering and construction is in the greater use of data, combined with technologies to deliver our services more efficiently and bring different offerings to our clients. From apps, virtual reality and artificial intelligence, to mobility as a service and digital asset management, we are combining our traditional engineering skills with technology to fundamentally change the way we do things.
IT Services has developed an operating model to evolve the way IT services are provided to the company, moving from a ‘Business as Usual’ focus to an organisation driven by a joint technology roadmap with the business and enabling business value. Here, the key focus areas include: getting the basics right, being a true partner to the business, information assurance & security, career management for our staff, and supporting the organization on its digital journey.
This role is in the Security Services team and the team is responsible for delivery and management of IT Security toolsets within the company. Core areas we cover are:
- Identity Protection
- Platform and Software Security
- Network Security
- Business Support for client security requirements
We work with all teams in IT Services and provide support to the Cyber Security team, within Global Security, when responding to incidents. Members of the team are based in the UK and Canada.
Role
This role is to design, build and oversee the implementation of IT security measures in a global organisation serving 40,000 users worldwide.
As a result of executive commitment to security we have an exciting security programme which includes the following:
- Vulnerability management systems (scanning and agent based)
- EDR/ATP
- Security Event Log collection and management
- File System Auditing and Permissions Management
- Email Threat Prevention systems
- Privileged Access Management solutions
- The role also involves working closely with our internal development teams to:
- Design and implement an ecosystem for agile development of secure applications
- Raise awareness of common security vulnerabilities and countermeasures so that security issues are built in for new systems at the earliest opportunity.
Responsibilities
The role holder will be expected to:
- Document the current state security architecture and identify weaknesses and opportunities for improvements.
- Develop a future “to be state” for the security architecture and define roadmaps towards that goal.
- Produce cost and timescale estimates for projects on the security roadmap
- Develop architectures for security projects
- Plan, research and design robust security architectures for IT projects
- Provide technical assurance to ensure new systems comply with security requirements
- Assess security controls of third parties and Cloud Service Providers
- Provide technical supervision for (and guidance to) security engineers and analysts within the team
- Test security of applications and services to ensure they behave as expected
- Assess requests for security exemptions and provide guidance/risk mitigation
- Provide expert guidance in security incident response and recovery.
Requirements
Essential requirements:
To succeed in this role the candidate will need the following:
- CCP Practitioner, CISSP or equivalent qualifications
- The ability to derive requirements and design security solutions
- Experience in assessing and solving cloud security issues
- Application security experience in a DevSecOps/Agile environment
- In depth experience of authentication and access control principles
- Full understanding of Active Directory authentication, roles and user rights
- Experience of virtualization and storage security
- Good presentation, oral and written communications
- Good influencing and collaboration skills
- Experience of system and application hardening
Desirable requirements:
The ideal candidate will also have:
- Postgraduate degree in Information Security or equivalent
- One or more of the following qualifications:
- CSA or CCCP
- CISSP-ISSAP
- GIAC
- SABSA - practitioner level
- Experience of working within an Enterprise Architecture team, following a commonly recognised framework.
- Experience of working in s software development team.
- Programming experience in one or more of .Net, JavaScript and Python.
- Experience in use of SAST and DAST technologies.
Soft Skills
In addition to technical knowledge and experience we are looking for someone with a good set of soft skills including:
- Ability to build and maintain efficient working relationships
- Ownership of, and accountability for, assignments
- Ability to plan and prioritise your own work effectively, whilst remaining a team player
- Ability to act independently to resolve problems
- Ability to inspire and lead others
Training
Atkins develops individuals through a portfolio of training and development activities designed to help you make the best of your abilities and talents. These are reviewed with individuals through an annual appraisal process. We actively support staff in achieving corporate membership of relevant institutions.
Rewards and benefits:
Atkins offer a fantastic range of benefits, which you can tailor to suit your own health, wellbeing, financial and lifestyle choices.
All the information you need to know is available on our dedicated benefits portal; your reward, which is available to access 24/7 from any device: https://yourrewarduk.snclavalin.com/
Security Clearance:
This role may require security clearance and offers of employment will be dependent on obtaining the relevant level of clearance. If this is necessary, it will be discussed with you at interview.
If applying to this role please do not make reference to (in conversation) or include in your application or CV, details of any current or previously held security clearance.
SNC Lavalin Group, is committed to having a diverse and inclusive workforce. As an Equal Opportunities Employer, we value applications from all backgrounds, cultures and ability.
SNC Lavalin Group recognize that there are many well qualified people who are looking to further their career, but who cannot commit to full time employment. We support flexible working arrangements and are interested to discuss how we can accommodate individual requirements.
