Information Security Review & Threat Modelling Engineer (ISRP Manifold)

Deloitte
Belfast, United Kingdom
5 days ago

Role details

Contract type
Temporary contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
£ 59K

Job location

Belfast, United Kingdom

Tech stack

Amazon Web Services (AWS)
Cloud Computing
Cloud Computing Security
Computer Security
Network Segmentation
Systems Development Life Cycle
Software Deployment
Software Engineering
Scripting (Bash/Python/Go/Ruby)
Mitre Att&ck
Cloudformation
Information Technology
Terraform

Job description

We are seeking experienced Information Security Review & Threat Modelling Engineers to join a high-performing cyber security team. The successful candidate will be responsible for conducting security reviews of infrastructure products before production deployment, ensuring compliance with enterprise security standards, identifying security risks, and recommending remediation activities., * Perform end-to-end security reviews of infrastructure products and validate compliance with enterprise information security standards.

  • Work closely with engineering teams and third-party vendors to obtain information required for security assessments.
  • Review technical documentation and perform hands-on security testing of infrastructure products.
  • Identify security vulnerabilities, compliance gaps and non-conformities.
  • Produce detailed security findings and recommend remediation or risk mitigation strategies.
  • Support Information Security teams throughout remediation activities.
  • Design and review secure technical architectures.
  • Embed quality control measures across security review processes.
  • Produce high-quality technical documentation and maintain audit-ready evidence.
  • Manage stakeholder expectations and communicate findings effectively.
  • Escalate risks and issues appropriately.
  • Support internal and external security audits.

Requirements

  • Minimum 6 years' IT experience, including at least 4 years in Cyber Security/Information Security across cloud and on-premises environments.
  • 3-5 years' experience within Information Security or Information Technology.
  • Strong experience reviewing infrastructure security.
  • Hands-on cloud security experience across AWS and/or GCP.
  • Demonstrated expertise in Threat Modelling methodologies such as STRIDE, PASTA or MITRE ATT&CK/ATLAS.
  • Strong understanding of authentication, authorisation, encryption, logging & monitoring, infrastructure security and network segmentation.
  • Ability to design and review secure technical architectures.
  • Strong understanding of Infrastructure as Code (Terraform and/or CloudFormation).
  • Experience with Software Development Lifecycle (SDLC) and CI/CD pipelines.
  • Hands-on Python scripting skills with the ability to read, write and analyse scripts.
  • Experience across multiple technology domains.
  • Security testing experience is advantageous., * Associate or Professional AWS or GCP Cloud Certification (mandatory).
  • Associate or Professional Cyber Security Certification (mandatory).
  • Security-first mindset with the ability to think like an attacker.
  • Excellent analytical and problem-solving skills.
  • Strong written and verbal communication.
  • Excellent stakeholder and project management skills.
  • Degree in Computer Science, Cyber Security or related discipline preferred.

About the company

Deloitte drives progress. Our firms around the world help our clients become market leaders wherever they compete. Deloitte invests in outstanding people with diverse talents and backgrounds, empowering them to achieve more than they can elsewhere. Our work combines consulting with action and integrity. We believe that when our clients and society are stronger, so are we.

Apply for this position