Location: Bristol, UK
About the Role
As part of our mission to automate retail at scale, we are looking for an experienced Cloud Security Architect to join our growing team in the UK. Our security team is based in the UK and has a global responsibility to govern and guide the rest of the organisation in applying best practices.
The Cloud Security Architect will direct, validate and govern our cloud infrastructure architecture and operational security. Reporting to the Head of Information Security and partnering with our accomplished Engineering team, you’ll have the opportunity to transform our development and operational practices using DevSecOps techniques and this could be your opportunity to re-cast our entire approach to our cloud infrastructure. If you have experience in applying these techniques in a collaborative manner and want to join an organisation committed to security that supports rather than inhibits, then this could be a great opportunity for you.
- Provide reference architecture designs and technical recommendations for hosting SaaS products.
- Enable development teams by training and collaborating to spec new infrastructure. Create a norm where secure infrastructure concerns are included into the earliest possible phase of the SDLC.
- Perform due diligence reviews of 3rd party solutions.
- Perform risk assessments on existing and new systems.
- Provide operational guidance for the infrastructure team.
- Streamline operational procedures through efficient designs and tool choices.
- SME on cloud technologies, keeping up to date with industry trends.
- Advise partners and integrators on securing their services.
- Monitor and govern the infrastructure layer for threats, vulnerabilities, and deviations from best practice.
Technical Skills –
- Not everyone follows the same route to this type of role. We’re happy to hear from you whether you have a Bachelor’s Degree in Computer Science, Information Security, Systems Engineering or related field or equivalent experience.
- Professional certification or working towards certification in information technology and cloud security:
- CISSP, CISM or similar.
- AWS Certification (Security Speciality).
- 4+ years in cloud security, including experience designing secure systems.
- 7+ years in the security field or technical operations.
- Advanced understanding of information security, network security, incident response, forensics, endpoint protection & encryption.
- Advanced knowledge of TCP/IP and Internet protocols as well as network infrastructure systems.
- Experience working with IaC tools.
- Comfortable working in Agile and DevOps environments.
- Experience with container security concepts and enforcement, particularly in relation to the Kubernetes ecosystem.
- Working knowledge of secrets management technologies and configuration for cloud and services.
Ways of working –
- Enjoys working with others, both teaching and learning, to deliver positive outcomes that help us to achieve our shared goals.
- Able to articulate security concepts and methods based on standards, policies and best practices to both technical and non-technical teams.
- Excellent organisational skills and attention to detail, with proven ability to prioritise based on business needs and security relevance, and deliver high quality on time.
- Tenacity to keep projects progressing through to completion, and works collaboratively to seek the way forward when unexpected challenges arise.
- Manage change in a positive way, and help others to understand the rationale and buy into the change.
Not essential but ideally you’ll have –
- Experience working to compliance criteria (SOC 2, ISO 27001 etc.).
- Working knowledge of the ITIL framework.
Ensuring a diverse and inclusive workplace where we collaborate and learn from each other is core to Brightpearl’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a supportive place to work.