Cloud Security Architect
London, England
5d ago

OneWeb's mission is to enable Internet access for everyone, everywhere. We want to see the next generation even more connected than the last, and to create opportunities for people today to access the opportunities made possible through the Internet.

To fulfill our mission, OneWeb is revolutionizing the satellite industry and building a global communications network with a constellation of Low Earth Orbit satellites that will provide connectivity to people around the world.

OneWeb is creating business solutions for Broadband, Government and Cellular Backhaul. Its high speed, low latency network will offer game-

changing Mobility solutions to industries that rely on global connectivity, such as Aviation, Maritime, Automotive, Trains, and more.

We have more than $3 billion invested from incredible partners including SoftBank, Qualcomm, Grupo Salinas, Airbus, Virgin, Coca-

Cola and more. We have signed our first customer contracts, we have ground infrastructure in Canada, Italy, Norway with more on the way and in February of 2019, we successfully launched our first six satellites into space.

OneWeb is making incredible progress toward reaching our mission and we are looking for more, very talented individuals to help make it a reality.

If building the infrastructure to connect people everywhere is something you would like to make happen, then joining OneWeb may be a great personal and career move.

We can provide an intellectually challenging workplace and fast growing opportunity with a clear purpose. Come join the team that is making communication ubiquitous on a global scale.

Working as a key member of the Chief Security Architect’s (CSA) team, this person will be working closely alongside key members of the CIO & CISO’s team, to develop an Enterprise wide Cloud based business capability that utilises secure cloud architecture principles and patterns.

The Cloud Security Architect will be responsible for the design and development of innovative cloud security architectures used to protect systems and data deployed into different types of cloud and cloud / hybrid environments or applications.

The OW Cloud environments are expected to include both public and private IaaS / PaaS deployments such as AWS, Azure, as well as third party SaaS solutions like ServiceNow, Salesforce, and Office365.

The Cloud Architect will be required to make significant contributions to the enterprise cloud security vision and strategy.

This person should have a good familiarity with agile working practices, DevOps methodologies and Continuous Integration / Development / Testing.

This role is key in managing residual risk, especially in the context of the OneWeb Cloud and our SaaS first ongoing strategic business deployment model.

Responsibilities :

  • Work closely with the CSA to develop a cohesive security architecture framework and operating model to ensure that each system, cloud service and business segment has appropriate, approved technical security controls to detect and defend against attacks which may include APT.
  • Strong understanding of cloud infrastructure, and security design
  • Have a detailed understanding of cloud platforms like AWS and Azure (AWS is preferential for OneWeb)
  • Strong knowledge of networking concepts (ex : VPN, ACLs, VLANs, Security Groups, proxy, CASB)
  • Have detailed knowledge and deployment experience in SaaS, PaaS rollout and hybrid integration activities
  • Must be able to ensure that implementation of all identified cloud based technical controls are appropriate as part of a consistent and repeatable cloud delivery model or pattern.
  • Able to support business programmes utilising agile working practices, DevOps methodologies and Continuous Integration / Development / Testing
  • Have strong understanding or experience in dealing with containerisation workloads, including Docker, Kubernetes, OpenStack etc
  • Familiar with Data Protection law requirements including US ITAR and support any other relevant legislation and / or regulation required.
  • Can clearly identify any conflicts of interest, legal exposure, ethical challenges and possible internal / external malpractice as part of their core work activities.
  • Can explain issue in a clear way to the appropriate internal governance forum or Senior Management Team affected.

  • Delivery of specific projects and initiatives as agreed by the CSA
  • Review Change Proposals (CPs) / Requests for Change (RFCs) for security considerations, ensuring peer reviews are conducted for all Delivery Assurance Reviews (DARs) / Solution Assurance Reviews (SARs) for alignment with wider security strategy and architecture
  • Actively support the Security Improvement Programme (SIP) initiatives within the organisations wider business areas
  • Input into a programme of certification and the actions necessary to maintain these certifications across the organisation, providing regular progress reports and guidance to the CSA and CISO as required.
  • Keep their technical skills current in the context of the technical cloud security infrastructure and applications used within the organisation, as well as surveying the future technical landscape to advise on countermeasures required to mitigate risks in future operating model architectures.
  • Must be willing to attend cloud security seminars and events and actively enhance their skillset through training and certification
  • Build and maintain a core network of contacts so that questions can be answered quickly, ensuring that the organisation benefits from the wider IA knowledge within Government, commercial or industry bodies which in turn contributes to a wider body of knowledge.
  • Deliver the contractual obligations of Security and IA, as set out in any Cloud Contracts and be able to input or improve them where needed
  • Develop and support the Security Architecture frameworks used and risk documentation for any security controls across the wider business and work closely with others to achieve this.
  • Support the CSA in defining the standards for the cloud security controls
  • Must be prepared to travel globally on a regular basis as and when required due to the nature of the business operational landscape
  • Information Security (SCTY)

  • Ability to evaluate information security risk assessments using SOC reports and other cloud supplier provided information
  • Maintain up-to-date knowledge of emerging threats, vulnerabilities, and technology trends and developments relevant to IT security.
  • Maintain and develop the Enterprise Security Architecture.
  • Direct investigation of specific IT security technologies, products, methods and techniques to assess their potential benefit to the business.
  • Produce and contribute to policy, IT security technical standards, processes and architectures required to support the implementation of secure systems and services at acceptable cost and risk.
  • Influence major change programmes, so that they align to and meet policy and requirements.
  • Maintain awareness of Information Assurance and Security regulations and related legislation.
  • Develop and implement PKI and Protective Monitoring Solutions, and other appropriate technical controls in support of ISO27001, ISAE3402, NIST and PCI DSS and operational imperatives to safe guard systems against highly motivated and well-funded threat actors
  • Be a member of a professional IT or security body (e.g. IISP, BCS)
  • Hold a current CISSP (Ideally must have been held for more than 3 years to prove CPD development and experience)
  • AWS Certified for Security or have similar cloud-based security qualification
  • Strong technical background (Specifically security design principles for applications, networks and supporting infrastructure)
  • Excellent communication skills, both written and verbal
  • Excellent analytical and problem-solving skills
  • Need to be a Self-Starter and someone who can work without the need for constant supervision or guidance but can recognise when advice should be sought and from whom, should their work efforts necessitate it.
  • Ability to prioritise workload and work well under pressure to meet firm deadlines and manage business expectations
  • Excellent presentation skills with the ability to present complex ideas to technical and non-technical audiences. It is particularly important to be able to express security risks in business terms to a business skilled audience.
  • Strong negotiation skills to influence cost and risk based decisions within either a business or technical audience
  • Experience of business and technical information security concepts including risk management, defence in depth, and accreditation
  • Have a Strong technical background, with ability if required to undertake hands on delivery in areas such as Active Directory, PKI, Microsoft, Unix environments and Protective Monitoring etc.
  • Ability to organise and coordinate technical team efforts in a logical and consistent way to support operational business objectives
  • Must have a good understanding of security incident response and forensic level activities related to the architectures delivered
  • Ideally be qualified in a recognised Architecture methodology (i.e. TOGAF)
  • Have an understanding and appreciation of PCI DSS standards, AoC / RoC and typical compensating controls
  • Have a networking architecture skillset and background
  • Integrated or setup a security architecture toolset within a large organisation
  • Information Assurance (INAS)

  • Provides authoritative advice and guidance on Information assurance strategy to manage risk, especially in relation to control measures.
  • Develops and maintains Information Assurance processes and procedures that apply IA standards in the organisation business context.
  • Monitor compliance against IT security requirements and policy.
  • Ensure that all systems conform to NIST / ISO27001 standards or are appropriately risk managed.
  • Stakeholder Relationship Management (RLMT)

  • Present a professional image of self and organisation, to manage, develop and facilitate open, constructive, pro-active communication with key IA stakeholders
  • fully understand and disseminate wide range of information (technical, business and IA) to facilitate and ensure that the IA components of the decision-
  • making processes are business enabler.

    Technology Audit (TAUD)

  • Identifies audit requirements of existing and planned information system evaluating areas of risk to assess the adequacy and effectiveness of organisation's approach to risk in use of Information.
  • You will be able to communicate associated risk cases of a complex nature to middle and senior manager and recommend changes in processes and control procedures based on audit findings.
  • This will include discussions with providers of other IT Assurance such as Penetration testers, IT Health check teams, 27001 auditors and other technical specialists).

  • Clear understanding of the requirements for 3rd parties to meet the full security flow downs from all / any existing contractual obligations of the business and be able to audit against these requirements if asked to do so.
  • Service Planning (SRVPL)

  • Understand and support Continuous Process / Service Improvement works.
  • Review continuous improvement initiatives and encourage innovative thinking to resolve challenges
  • Identify areas where service cost can be reduced, or user behaviour can be changed to reduce overall IT spend
  • Recommend service improvements and can demonstrate benefits
  • Help to develop and execute the OneWeb Security improvement strategy
  • Preferably from a TelCo background with any of the following would be advantageous

  • Ideally be qualified in a recognised Architecture methodology (i.e. TOGAF)
  • Have an understanding and appreciation of PCI DSS standards, AoC / RoC and typical compensating controls
  • A networking architecture skillset and background
  • Integrated or setup a security architecture toolset within a large organisation

    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form