Core is a Microsoft 365 partner that helps our clients improve the way they work through digital transformation. We put them back in control of their IT, and help them drive their business forward using IT.
We are proud of our rich history of technical achievements, dating back to 2001, when we implemented the UK’s first Microsoft SharePoint system.
Manage the security needs of Cores Managed Service clients including maintenance of ISO27001 certification. Heavily focused on Microsoft Security products, the role includes monitoring and management of pre and post breach incidents and overall service improvement and growth planning for the security dept.
Objectives of the Roles
Provide a secure managed environment for Core and Cores customers
Provide pre-sale expertise around Security solutions.
Conduct client security assessments and workshops.
Develop High and Low Level Design documentation as follow up to the assessments
Hands-on participation in building secure client environments based on Microsoft E3 & E5 365 solutions including Azure Identity, Azure ATP, Azure Information Protection and Azure Sentinel
Duties and Responsibilities
Work closely with enterprise architects, other functional-area architects, engineering, and security specialists to ensure adequate security solutions and controls are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements;
Assess and understand Core’s current security posture and future architecture, providing recommendations for improvement and risk reduction
Develop the business, information, and technical artefacts that constitute the enterprise information security architecture and solutions
Serve as a security expert in application development, database design, network and / or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices
Contribute to the alignment of security governance with ISO27001 and contribute to the development and maintenance of the information security strategy in accordance with the standard
Researches, designs, and advocates modern technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners, and vendors
Analyses business impact and exposure, based on emerging security threats, vulnerabilities and risks
Communicates security risks and solutions to business partners and IT staff
Design security configuration guideline for information technology devices and systems, as well as mechanisms for assessing compliance with the guidelines
Design and build controls to address security risks and events as identified
Embrace a culture of continuous service improvement and service excellence
Stay up to date on security industry trends
5-10 years in the Information Security industry
Strong experience with security strategy, with a passion to make security realistic, achievable and interwoven with the business fabric
Strong experience with a broad range of Microsoft security technologies, including Defender, DLP, EOP, NAC, IDS / IPS, IDAM, Certificate Management, SIEM, Endpoint Protection, Anti-malware, vulnerability management;
Exposure to Office 365 E3 and EMS E3 security features such as;
Azure Multi Factor Auth
Conditional Access Control
Self Service Password Reset configuration
Microsoft Cloud App Security
Azure Information Protection
Azure AD P1 & P2
Advanced Data Governance
Service Encryption with Customer Key (nice to have)
Office 365 Privileged Access Management
PowerShell scripting skills
Strong oral, written, and presentation abilities -able to convey risk to all levels of the business, from C-level executives to operations and development teams
Strong experience in migrating enterprise companies from traditional data centre infrastructure, application and data designs to hybrid or fully-cloud enabled practices
Strong experience with cloud provider ecosystems, including Microsoft Office 365 E5 SKUs and Microsoft Azure.
Some experience with Unix / Linux and Windows system administration
Some experience with logging and alerting platforms, including SIEM integration
Some proven ability in security process and organizational design
Current understanding of Industry trends and emerging threats
Knowledge of incident response methodologies and technologies.
Well-rounded background in network, host, database, and application security;
Formal training in and experience using an enterprise architecture methodology (for example, the Zachman Framework or TOGAF);
Experience driving a culture of security awareness
Experience with the Data Protection Act 1998 and the new GDPR regulation
Experience administering network devices, databases, and / or web application servers
Professional IT Accreditations in at least one of these (CISM, CCSA, CCSE, JNCIA, CCNA, CISSP, CCIE Security).
Competencies and Behaviours
Working within an international environment
Builds networks with customers, other team members and other relevant teams is essential
Keeps all relevant people appropriately informed
Very good communications, presentation and negotiations skills
Able to express technical and non-technical concepts in clear verbal and written English
Very good written skills to document complex concepts in a comprehensive, yet readable manner
Considers a range of options that meet the needs of all stakeholders
Ability to use own initiative to solve technical problems
Takes responsibility for targets
Drive efficacy into all solutions delivered, demonstration clear and measurable results through the development of KPIs
Ambitious and competitive
Drive innovation and best practice
Strive for standardisation and simplification in all aspects of work
Always cost conscious balancing the needs of the business against the provision of the best solutions possible
BSc 2 : 1 or better
Azure Administrator Associate
SSCP - Systems Security Certified Practitioner OR CCSP - Certified Cloud Security Professional
AZ-103 Microsoft Azure Administrator
MS-500 Microsoft 365 Security Administration
MS-101 Microsoft 365 Mobility and Security
MS-100 Microsoft 365 Identity and Services
Full-time position start as soon as possible. You will be based in our offices in Aldgate, London. This role will involve occasional travel to customer sites for workshops.
Company pension scheme, Life assurance policy, Healthcare plan, interest free season ticket loan, cycle to work scheme and childcare vouchers.
Training courses, seminars and social events