The role
We are recruiting within our Security Design and Delivery Assurance Team for an exceptional Cyber Security Design Assurance Architect. The ideal candidate will either have 1-3 years experience in a security operations or engineering role with demonstrable security architecture documentation skills or have 1-2 years of experience in a security architecture role. He/she should be a person comfortable delivering, as part of a team, Security Architecture assurance delivery across several disciplines ideally including Enterprise IT, E-Commerce, Research and Design, and Manufacturing solutions.
The candidate will show a keen interest in market changes in Cyber Security and be keen to stay on top of Cyber New, helping us, as part of a team, to protect from the next bad thing before it lands.
Our business is constantly shifting technology thinking with new products, which means our culture is one of fast paced change with security playing the critical role as an enabler. The business needs to deliver faster and to do so safely in an environment where technologies change rapidly.
The Ideal Candidate
Dyson looks for people with strong technical skills combined with a positive mindset, that seek to find the best solutions for all involved, challenging where things look wrong. We seek individuals that are constantly seeking to improve both themselves and the place where they work. So, whether it is beating a security challenge, or helping to refine and improve the way we deliver security, personal engagement in making things better is vital. You can also expect to learn a lot from collaborating across skills boundaries on projects and from working with all areas of the business all the way through the customer journey from order, through to design, and into manufacturing.
You will ideally have experience with waterfall, agile, and hybrid delivery and be willing to define new approaches that enable Dyson to securely deliver rapid changes in business trajectory. The successful candidate will have technical experience in IT infrastructure (on-prem & cloud-native) hardening, design & delivery of security architectures, establishing & maintaining security best-practice as well as providing security consulting. You’ll need to be conversant with methodologies around DevSecOps, Risk Management, IoT/IIoT/OT Security as well as being able to describe solutions using Enterprise Architecture approaches.
Career Path
Security Assurance job roles contain a number of levels that allow candidates to gain rounded security experience as they progress though levels. Everyone is expected to support the growth of those below them in seniority through knowledge sharing, mentoring, and delegation.
This role is part of the Security Design Assurance career path and links with the Security Delivery Assurance path which can provide entry level architects who bring with them the knowledge and skills they gain. There are two levels to the Security Design Assurance career path: Entry Level; and Practitioner. For each tier there are requisite levels of demonstrable experience and professional accreditations required before progressing to the next level.
For all roles, ongoing learning is part of the deal as well as reading around your subject and anticipating new security measures as markets change. We believe in developing our people so that we can retain experience and move more quickly when change is needed.
Accountabilities:
For each of the levels in the Security Design Assurance role accountabilities are the same, namely:
Work across Dyson’s 5 security realms: Enterprise IT, Research Design and Development, Manufacturing, Retail Stores, and Online Retail.
Be aligned to and actively involved in Cyber Security Communities of Practice and Communities of Interest.
Provide appropriate briefing of ongoing delivery security risk during project deliveries.
Work closely with our Global Cyber Security practice’s multiple disciplines and other IT/Manufacturing/R&D/Digital teams to ensure adequate security solutions are built-in to all the systems and platforms (on-prem & cloud-native).
Pro-actively identify and mitigate risks in both modern & legacy systems helping to protect the Dyson brand as well as meet business objectives and adhere to regulatory requirements (e.g. PCI DSS, GDPR, etc.).
Assist in planning, research, design and build robust security architectures for new IT/Digital and business-led projects.
Help teams to comply with Dyson Security policies, industry regulations, computer forensic investigations and best-practices.
Assist in ensuring that security requirements are identified, represented and met in all projects and initiatives.
Contribute in the designing, coordination and oversight of ongoing security testing (including ASV & Pen Test) to verify the security posture of systems/applications and subsequently help drive the remediation of identified security gaps/vulnerabilities.
Support security risk assessment activities & recommendations to the business, ensuring appropriate security controls are in place to protect the business, and our customers.
Author, under supervision, & maintain security documentation including technical design patterns as well as operations manuals.
Keep abreast of security advisories/alerts/trends/practices as part of the professional development plan.
Communicate with technical and non-technical audiences at various levels up to Senior Leadership, including project managers, delivery teams, the global Cyber Security team, and business risk owners + 3rd parties.
Develop and maintain strong working relationships with key IT, Cyber, Business, and Supplier stakeholders.
Drive your own ongoing skills growth within Dyson and mentor those below you.
Help Dyson Cyber to reduce friction in the delivery value chain.
Identify and help implement cyber related improvements in efficiency within Cyber and the wider business.
Edit and update methodologies that improve Cyber security and efficiency.
Responsibilities:
Actively contributes Cyber Communities of Practice.
Understand solutions and business focus to engage with new business initiatives and deliver more secure and supportable solutions.
Offer security best-practice advice when engaging with IT architects, developers and engineers, legal team, privacy team, programme managers, and business data owners.
Identify improvement opportunities in automation of security and efficiency by finding ways to avoid manual processes - helping to prevent human errors, reduce the cost of ownership and improve overall performance.
Help drive quality, security, and speed by ensuring adequate governance, advocating the approach of “the easy way is the secure way” and helping the business to deliver required solutions both securely and quickly.
Skills
The skills and experience you will ideally need in order to be successful are:
Experience in designing and delivering securely complex cloud-native E-Commerce solutions with the corresponding security services, against a backdrop of major standards / frameworks such as COBIT, PCI-DSS, GDPR, ISO27001, NIST 800 series, ISA/IEC 62443.
Fluency with architectural frameworks such as SABSA and TOGAF.
Experience in designing and delivering securely in one of more of Dyson’s 5 security realms: Enterprise IT, Research Design and Development, Manufacturing, Retail Stores, and Online Retail.
Experience in delivering secure designs against quantified risk as well as defining and escalating business risks uncovered.
Experience of delivering solutions that securely integrate a broad eco-system including 3rd party supply chain and outsourced functions.
Experience of supporting project teams with high and low-level security consultancy, design and delivery, with a wide-ranging understanding of security considerations across key technologies such as Adobe, Magento, Sitecore, ForgeRock, Salesforce/SAP CRM, market-leading cloud (IaaS/PaaS/SaaS) platforms & applications.
Including: designing infrastructure security solutions, architecting secure business applications and integrations, horizon-scanning and keeping abreast of the latest trends and technologies.
Including: setting security requirements, knowledge of relevant regulations (e.g. GDPR, PCI-DSS, other international privacy requirements), adherence to security good practice.
Including: operating system hardening, endpoint security, network security, web and application services, database security, privileged user management, etc.
Cloud Technologies Including: IaaS/PaaS/SaaS platforms & applications with the corresponding security services e.g. WAF, Anti-DDoS, Anti-Bot, SIEM etc.
Awareness of DevSecOps practices and embedding security in the software development lifecycle
Including: Encryption/Tokenization guidelines, Key Lifecycle Management.
Experience of supporting InfoSec Risk Assessments using industry best practice risk assessment and management methodologies.
Awareness of current industry security threats, challenges and mitigation techniques.
Appreciation of the changes to legislation around security and privacy that occur internationally.
Experience with Asian market Cyber security challenges
Strong conceptual thinking and communication skills.
Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.