Technical Advisory Security Consultant

Role: Technical Advisory Security Consultant

Location: Remote

Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business…

https://www.nccgroup.com/uk/

The Opportunity:

This is a Technical Advisory Cyber Security consultancy role with specific focus on assisting clients with Security Improvement and Remediation and Transformation programmes.  Which may contain the following:

Understanding the Security needs and aspirations of a client Delivering Technical Security Improvement and Remediation programs Guiding Design and Implementation of Cyber controls

The C&I SIR practice works with NCC Group clients to deliver prioritised programs of security improvements: in close collaboration with NCC Group security audit, Incident Response, Penetration and Red Teams. 

Security Consultants play key roles in these client assignments: as recognised security experts they drive change, as well as advising clients and their service providers on changes they will make.   

Key to this role is assessing and enhancing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews.

As part of a project team, they help to identify priorities, ensure delivery is happening at pace, and validate that improvements are properly implemented. They work with SMEs across NCC Group to ensure the right expertise is delivered for each requirement.

This is a role which requires strong technical skills with a need to understand how the enhancement delivered can mitigate a part of the attack life cycle, some situations may require hands-on skills or over the shoulder guidance throughout the implementation of security principles for clients, as well as advising clients and their service providers on changes they will make in collaboration. This role also needs a clear understanding of how the root cause of issues can also be a procedural or governance issue.  Programmes also need to be completed with the empathy and understanding of the client requirements to continue BAU operations.

Key Accountabilities:

Acting as a technical cyber authority for clients.   

• Ensuring that a client Security Posture is materially impacted in a positive manner over the duration of an engagement.  

• Assessing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews

• Providing technical input for work plans and project costings.  During the lifetime of a project provide technical input to the prioritisation and planning processes.

• Creating technical content for project documents

• Collaborating with project managers on project status, resource allocation and project risk – preferably using Agile approaches

• Working closely with NCC Group colleagues, client and third-party technical staff to deliver prioritised improvements at pace, and delivering the workload themselves hands-on

• Reviewing improvements delivered to ensure they deliver the expected risk mitigations.

• Working with NCC Group colleagues where appropriate to ensure all relevant factors are being considered and appropriate resources are engaged.

• Championing the SIR practice with colleagues across NCC Group and acting as the key conduit to additional NCC services where these are needed by a client.

Minimum Requirements:

• Clear knowledge of cyber security principles and the understanding of an attack chain lifecycle, though it is not essential to come from a pure play cyber security background. 

• Demonstrate understanding of Cyber security frameworks, i.e. NIST, CIS or Mitre.

• Ability to consume security reports and to recommend appropriate steps to mitigate concerns

• Well-rounded knowledge of IT roles and responsibilities which support security. Network engineering and support, Infrastructure engineering, Information security management and IT compliance

• Knowledge and understanding of modern Windows, Active Directory, Entra ID and Microsoft 365

• Knowledge of the basics and advantages of Azure, AWS, GCP.

• Working collaboratively with team members

• Writing clear and accurate documentation

Desirable Requirements:

• Recognised expertise and qualification in IT information security management, or IT compliance

• Experience of working in an agile environment

• Experience of a service management based organization

• Experience in some of the following, in an enterprise context

• Windows, Active Directory, Entra ID (Azure AD) and Microsoft 365

• Azure, AWS, GCP

• DevOps, CI/CD, software development and testing, infrastructure as code

• Network engineering and support

• Infrastructure engineering and support

• Information security management, IT compliance

• Blue team, network defense, protective monitoring engineering

• Understanding of DevOps, CI/CD, software development and testing, infrastructure as code

• A cyber security qualification such as CISSP or CISM

• Experience of working to recognised industry standards such as PCI-DSS, ISO27001 or ISAE 3402 SOC

• Experience of working in a consultancy

• Agile certification

The following additional attributes would be advantageous:

• Technical certifications in any of the above technologies

• A technical cyber security qualification such as CEH

• In-depth knowledge of cyber security frameworks such as MITRE ATT&CK – which have heavy technical elements and the ability to relate those to Key controls in less technically focused frameworks.

• Experience of working in a consultancy

• Agile certification

• Experience creating solution architectures and designs

Behaviours:

• Client-Focused: Prioritizes client needs and expectations, ensuring that all actions and decisions lead to client satisfaction and success.

• Collaborates as ‘One NCC’: Works in unison with all departments and teams, fostering a united front and shared objectives across the entire organisation.

• Adds Value: Goes beyond the minimum requirements to provide solutions and contributions that enhance the customer’s success and growth.

• Enables and Empowers: Provides tools, resources, and support to team members, fostering an environment where they can thrive and excel.

• Personal Responsibility: Takes ownership of actions, decisions, and outcomes, acknowledging successes as well as areas for improvement.

• Communicates Openly and Respectfully: Shares information transparently while maintaining

• respect and consideration for all stakeholders.

• Open Mindset: Embraces new ideas, diverse perspectives, and is willing to adapt in response to evolving situations or feedback.

• Growth and Development: Actively seeks opportunities for personal and professional growth, championing learning and evolution for oneself and the organisation.

• Analytical Thinking: Demonstrates a systematic approach to resolving issues and identifying

About NCC Group

The NCC Group family has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.

We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.

Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.

We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.