Sourcing as a channel, not a feature.
hackajob is partnering with Version 1 to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
Role Summary
We are seeking a hands-on Security Consultant who can combine deep technical delivery capability with strong client-facing consulting skills. The ideal candidate will be comfortable assessing, designing, improving and governing security controls across cloud environments, applications, APIs, infrastructure and enterprise security domains. This role requires someone who can challenge customer security assumptions, influence stakeholders, and lead difficult but constructive conversations to drive secure outcomes.
Key Responsibilities
Assess current-state security maturity, identify control gaps, and define pragmatic remediation roadmaps aligned to business priorities.
Lead and support security architecture reviews across cloud, applications, infrastructure, IAM, data protection and detection/response domains.
Provide expert consulting to customers on security strategy, risk reduction, control design, and security operating model improvements.
Challenge weak security assumptions with confidence, using evidence-based recommendations and clear communication with technical and non-technical stakeholders.
Design and review secure cloud landing zones, network segmentation, identity models, logging/monitoring patterns, and guardrails.
Partner with engineering, platform, DevOps and operations teams to embed security into delivery pipelines and infrastructure as code practices.
Support threat detection, incident response readiness, use-case tuning, and post-incident improvement activities.
Contribute to security standards, policies, patterns, reusable accelerators, and client-facing deliverables including assessments, risk registers and executive summaries.
Required Hands-On Experience
1. Cloud Security (preferably AWS or GCP)
Hands-on experience securing cloud environments, preferably AWS or GCP, including core services, networking, identity, logging, encryption and security monitoring.
Experience reviewing or implementing secure cloud architectures, landing zones, account/project structures, and preventative/detective controls.
Knowledge of cloud-native security services and best practices for workload, storage, network and platform protection.
2. Application / API Security
Experience identifying and mitigating application and API security risks across the software delivery lifecycle.
Understanding of secure design principles, common web/API vulnerabilities, authentication/authorization models, secrets management and secure SDLC practices.
Ability to work with development teams to improve application security posture and shift security left.
3. SIEM Experience
Hands-on experience with SIEM platforms for log onboarding, correlation rule creation, alert triage, dashboarding and use-case tuning.
Ability to improve visibility, reduce noise, and align SIEM content to relevant threats and business risks.
4. Organisation / General Security
Broad understanding of enterprise security domains including policy, governance, risk, compliance, awareness, third-party risk and operational security.
Experience translating business and regulatory requirements into practical security controls and improvement plans.
5. Identity & Access Management (IAM)
Hands-on experience with identity and access management principles including RBAC, least privilege, privileged access, federation/SSO, MFA and access governance.
Experience reviewing entitlement models, service identities and access control weaknesses across enterprise and cloud platforms.
6. Data Protection
Experience implementing or advising on data classification, encryption, key management, secrets handling, tokenisation/masking, backup security and data lifecycle protection.
Understanding of how to secure sensitive data in transit, at rest and in use across modern platforms.
7. Infrastructure Security
Experience securing operating systems, virtual machines, containers/Kubernetes, networks and platform services using hardening, segmentation, vulnerability management and secure configuration practices.
Ability to assess infrastructure risks and recommend practical remediation approaches.
8. Threat Detection & Incident Response
Experience in threat detection engineering, incident triage, investigation support, response coordination and lessons-learned improvement activities.
Ability to map telemetry and controls to attack paths, detection scenarios and response playbooks.
9. Infrastructure as Code (IaC)
Hands-on experience with infrastructure as code and automation, including reviewing templates/modules for security risks and embedding policy/compliance checks into delivery pipelines.
Ability to apply security guardrails to repeatable platform provisioning and change delivery.
10. Strong Consulting Skills
Strong consulting and stakeholder management skills, with the confidence to challenge customer assumptions and lead difficult security conversations when needed.
Ability to balance risk, delivery timelines, business context and technical constraints to provide credible, pragmatic recommendations.
Strong written and verbal communication skills, including workshops, assessments, reports and executive-level briefings.
Core Skills & Competencies
Cloud security architecture and control design
Security assessments, gap analysis and remediation planning
Stakeholder engagement and client advisory
Security architecture documentation and reporting
Risk-based decision making and prioritisation
Cross-functional collaboration with engineering, operations and leadership teams
Strong analytical, investigative and problem-solving capability
Preferred Qualifications
Experience working in consulting, professional services, or customer-facing transformation programmes.
Relevant certifications in cloud, security, architecture or incident response are advantageous.
Exposure to regulated environments and security frameworks is beneficial.
Experience with DevSecOps, CI/CD security integration and security automation is desirable.
hackajob is partnering with Version 1 to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.