Technical Advisory Security Consultant
Role: Technical Advisory Security Consultant
Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.
Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business…
This is a Technical Advisory Cyber Security consultancy role with specific focus on assisting clients with Security Improvement and Remediation and Transformation programmes. Which may contain the following:
Understanding the Security needs and aspirations of a client Delivering Technical Security Improvement and Remediation programs Guiding Design and Implementation of Cyber controls
The C&I SIR practice works with NCC Group clients to deliver prioritised programs of security improvements: in close collaboration with NCC Group security audit, Incident Response, Penetration and Red Teams.
Security Consultants play key roles in these client assignments: as recognised security experts they drive change, as well as advising clients and their service providers on changes they will make.
Key to this role is assessing and enhancing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews.
As part of a project team, they help to identify priorities, ensure delivery is happening at pace, and validate that improvements are properly implemented. They work with SMEs across NCC Group to ensure the right expertise is delivered for each requirement.
This is a role which requires strong technical skills with a need to understand how the enhancement delivered can mitigate a part of the attack life cycle, some situations may require hands-on skills or over the shoulder guidance throughout the implementation of security principles for clients, as well as advising clients and their service providers on changes they will make in collaboration. This role also needs a clear understanding of how the root cause of issues can also be a procedural or governance issue. Programmes also need to be completed with the empathy and understanding of the client requirements to continue BAU operations.
Acting as a technical cyber authority for clients.
Ensuring that a client Security Posture is materially impacted in a positive manner over the duration of an engagement.
Assessing pre-existing risk and security information including incident reports, red team findings, penetration tests and security audits, augmenting those where appropriate with additional security reviews
Providing technical input for work plans and project costings. During the lifetime of a project provide technical input to the prioritisation and planning processes.
Creating technical content for project documents
Collaborating with project managers on project status, resource allocation and project risk – preferably using Agile approaches
Working closely with NCC Group colleagues, client and third-party technical staff to deliver prioritised improvements at pace, and delivering the workload themselves hands-on
Reviewing improvements delivered to ensure they deliver the expected risk mitigations.
Working with NCC Group colleagues where appropriate to ensure all relevant factors are being considered and appropriate resources are engaged.
Championing the SIR practice with colleagues across NCC Group and acting as the key conduit to additional NCC services where these are needed by a client.
Clear knowledge of cyber security principles and the understanding of an attack chain lifecycle, though it is not essential to come from a pure play cyber security background.
Demonstrate understanding of Cyber security frameworks, i.e. NIST, CIS or Mitre.
Ability to consume security reports and to recommend appropriate steps to mitigate concerns
Well-rounded knowledge of IT roles and responsibilities which support security. Network engineering and support, Infrastructure engineering, Information security management and IT compliance
Knowledge and understanding of modern Windows, Active Directory, Entra ID and Microsoft 365
Knowledge of the basics and advantages of Azure, AWS, GCP.
Working collaboratively with team members
Writing clear and accurate documentation
Recognised expertise and qualification in IT information security management, or IT compliance
Experience of working in an agile environment
Experience of a service management based organization
Experience in some of the following, in an enterprise context
Windows, Active Directory, Entra ID (Azure AD) and Microsoft 365
Azure, AWS, GCP
DevOps, CI/CD, software development and testing, infrastructure as code
Network engineering and support
Infrastructure engineering and support
Information security management, IT compliance
Blue team, network defense, protective monitoring engineering
Understanding of DevOps, CI/CD, software development and testing, infrastructure as code
A cyber security qualification such as CISSP or CISM
Experience of working to recognised industry standards such as PCI-DSS, ISO27001 or ISAE 3402 SOC
Experience of working in a consultancy
The following additional attributes would be advantageous:
Technical certifications in any of the above technologies
A technical cyber security qualification such as CEH
In-depth knowledge of cyber security frameworks such as MITRE ATT&CK – which have heavy technical elements and the ability to relate those to Key controls in less technically focused frameworks.
Experience of working in a consultancy
Experience creating solution architectures and designs
Client-Focused: Prioritizes client needs and expectations, ensuring that all actions and decisions lead to client satisfaction and success.
Collaborates as ‘One NCC’: Works in unison with all departments and teams, fostering a united front and shared objectives across the entire organisation.
Adds Value: Goes beyond the minimum requirements to provide solutions and contributions that enhance the customer’s success and growth.
Enables and Empowers: Provides tools, resources, and support to team members, fostering an environment where they can thrive and excel.
Personal Responsibility: Takes ownership of actions, decisions, and outcomes, acknowledging successes as well as areas for improvement.
Communicates Openly and Respectfully: Shares information transparently while maintaining
respect and consideration for all stakeholders.
Open Mindset: Embraces new ideas, diverse perspectives, and is willing to adapt in response to evolving situations or feedback.
Growth and Development: Actively seeks opportunities for personal and professional growth, championing learning and evolution for oneself and the organisation.
Analytical Thinking: Demonstrates a systematic approach to resolving issues and identifying
About NCC Group
The NCC Group family has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates.
We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business.
Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect.
We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best.
About your application
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.