Skip navigation

Have you considered using our job search? Click here to search our current jobs.

Have you considered using our job search? Click here to search our current jobs.

Cyber Security Design Assurance Architect (practitioner)

Summary

Salary
Competitive
Team
Information Technology
Location
Malmesbury - United Kingdom

About us

Our Cyber Security team
It’s no secret that our intellectual property is critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security works to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats. 
There are four pillars within Dyson Cyber Security: Security Risk & Compliance, Security Design and Delivery Assurarance, Cyber Defence, and Cyber Delivery. Together, they enable the secure and successful delivery of new projects, help existing toolsets remain effective, enable and maintain compliance, balance red (offensive) & blue (defensive) team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
Dyson’s Global Cyber Security, as you would expect, is constantly evolving to address the emerging security needs as we develop new products and the security threat landscape changes. Building an integrated secure business eco-system, means finding new ways to automate security and finding ways to collaborate across time zones and disciplines. This collaboration in turn aims to improve efficiency and reduce costs. We focus not only on the price of the solution and meeting requirements in the short-term, but also the costs of delivering and running it long-term.
The role
We are recruiting within our Security Design and Delivery Assurarance Team for an exceptional Cyber Security Design Assurance Architect (Entry Level).  The ideal candidate will either have 1-3 years experience in a security operations or engineering role with demonstrable security architecture documentation skills or have 1-2 years of experience in a security architecture role. They should be a person comfortable delivering, as part of a team, Security Architecture assurance delivery across several disciplines ideally including Enterprise IT, E-Commerce, Research and Design, and Manufacturing solutions. 
The candidate will show a keen interest in market changes in Cyber Secuirty and be keen to stay on top of Cyber New, helping us, as part of a team, to protect from the next bad thing before it lands.
Our business is constantly shifting technology thinking with new products, which means our culture is one of fast paced change with security playing the critical role as an enabler. The business needs to deliver faster and to do so safely in an environment where technologies change rapidly.

About the role

We are recruiting within our Security Design and Delivery Assurarance Team for an exceptional Cyber Security Design Assurance Architect (Practitioner Level).  The ideal candidate will have around 3-5 years of experience in an architecture role and be a person comfortable with providing Security Architecture assurance across several disciplines ideally including Enterprise IT, E-Commerce, Research and Design, and Manufacturing solutions. The candidate will need to stay abreast of of the market changes in Cyber Security, stay on top of Cyber News, and be able to help us protect from the next bad thing before it lands.
Our business is constantly shifting technology thinking with new products, which means our culture is one of fast paced change with security playing the critical role as an enabler. The business needs to deliver faster and to do so safely in an environment where technologies change rapidly.
Security Assurance job roles contain a number of levels that allow candidates to gain rounded security experience as they progress though levels. Everyone is expected to support the growth of those below them in seniority through knowledge sharing, mentoring, and delegation.This role is part of the Security Design Assurance career path and links with the Security Delivery Assurance path which can provide entry level architects who bring with them the knowledge and skills they gain. There are two levels to the Security Design Assurance career path: Entry Level; and Practitioner. For each tier there are requisite levels of demonstrable experience and professional accreditations required before progressing to the next level.For all roles, ongoing learning is part of the deal as well as reading around your subject and anticipating new security measures as markets change. We believe in developing our people so that we can retain experience and move more quickly when change is needed.
Accountabilities:
For each of the levels in the Security Design Assurance role accountabilities are the same, namely:Work across Dyson’s 5 security realms: Enterprise IT, Research Design and Development, Manufacturing, Retail Stores, and Online Retail.
  • Be aligned to and actively involved in Cyber Security Communities of Practice and Communities of Interest.
  • Provide appropriate briefing of ongoing delivery security risk during project deliveries.
  • Work closely with our Global Cyber Security practice’s multiple disciplines and other IT/Manufacturing/R&D/Digital teams to ensure adequate security solutions are built-in to all the systems and platforms (on-prem & cloud-native).
  • Pro-actively identify and mitigate risks in both modern & legacy systems helping to protect the Dyson brand as well as meet business objectives and adhere to regulatory requirements (e.g. PCI DSS, GDPR, etc.).
  • Plan, research, design and build robust security architectures for new IT/Digital and business-led projects.
  • Serve as a security subject-matter-expert in one or more area including including Enterprise IT, E-Commerce, Research and Design, and Manufacturing solutions.
  • Help teams to comply with Dyson Security policies, industry regulations, computer forensic investigations and best-practices.
  • Ensure that security requirements are identified, represented and met in all projects and initiatives.
  • Design, coordinate and oversee ongoing security testing (including ASV & Pen Test) to verify the security posture of systems/applications and subsequently drive the remediation of identified security gaps/vulnerabilities.
  • Drive or support security risk assessment activities & recommendations to the business, ensuring appropriate security controls are in place to protect the business, and our customers.
  • Produce & maintain security documentation including technical design patterns as well as operations manuals.
  • Keep abreast of security advisories/alerts/trends/practices as part of the professional development plan.
  • Communicate with technical and non-technical audiences at various levels up to Senior Leadership, including project managers, delivery teams, the global Cyber Security team, and business risk owners + 3rd parties.
  • Develop and maintain strong working relationships with key IT, Cyber, Business, and Supplier stakeholders.
  • Drive your own ongoing skills growth within Dyson and mentor those below you.
  • Help Dyson Cyber to reduce friction in the delivery value chain.
  • Identify and help implement cyber related improvements in efficiency within Cyber and the wider business.
  • Help design and build repeatable methodologies that improve Cyber security and efficiency.

Responsibilities:
  • Leads engagement in Cyber Communities of Practice.
  • Understand solutions and business focus to engage with new business initiatives and deliver more secure and supportable solutions.
  • Offer security best-practice advice when engaging with IT architects, developers and engineers, legal team, privacy team, programme managers, and business data owners.
  • Provide consultancy, where required, throughout the IT/Manufacturing/R&D/Digital delivery lifecycles, namely assure designs, define / draft patterns, and engage with delivery stakeholders by following the Agile and DevSecOps methodologies.
  • Identify improvement opportunities in automation of security and efficiency by finding ways to avoid manual processes - helping to prevent human errors, reduce the cost of ownership and improve overall performance.
  • Drive quality, security, and speed by ensuring adequate governance, advocating the approach of “the easy way is the secure way” and helping the business to deliver required solutions both securely and quickly.

About you

The skills and experience you will ideally need in order to be successful are:
  • Experience in designing and delivering securely complex cloud-native E-Commerce solutions with the corresponding security services, against a backdrop of major standards / frameworks such as COBIT, PCI-DSS, GDPR, ISO27001, NIST 800 series, ISA/IEC 62443.
  • Understanding of the shared responsibility model between a Cloud Service Provider (CSP) and a Cloud Service Customer (CSC).
  • Fluency with architectural frameworks such as SABSA and TOGAF.
  • Experience in designing and delivering securely in one of more of Dyson’s 5 security realms: Enterprise IT, Research Design and Development, Manufacturing, Retail Stores, and Online Retail.
  • Experience in delivering secure designs against quantified risk as well as defining and escalating business risks uncovered.
  • Experience of delivering solutions that securely integrate a broad eco-system including 3rd party supply chain and outsourced functions.
  • Experience of supporting project teams with high and low-level security consultancy, design and delivery, with a wide-ranging understanding of security considerations across key technologies such as Adobe, Magento, Sitecore, ForgeRock, Salesforce/SAP CRM, market-leading cloud (IaaS/PaaS/SaaS) platforms & applications.
  • High level of knowledge across several security topics, ideally across the following categories:
  • Security Architecture
  • Including: designing infrastructure security solutions, architecting secure business applications and integrations, horizon-scanning and keeping abreast of the latest trends and technologies.
  • Security Consultancy
  • Including: setting security requirements, knowledge of relevant regulations (e.g. GDPR, PCI-DSS, other international privacy requirements), adherence to security good practice.
  • System-level Security 
  • Including: operating system hardening, endpoint security, network security, web and application services, database security, privileged user management, etc.
  • Cloud Technologies Including: IaaS/PaaS/SaaS platforms & applications with the corresponding security services e.g. WAF, Anti-DDoS, Anti-Bot, SIEM etc.
  • Awareness of DevSecOps practices and embedding security in the software development lifecycle.
  • Data Security
  • Including: Encryption/Tokenization guidelines, Key Lifecycle Management.
  • Experience of supporting InfoSec Risk Assessments using industry best practice risk assessment and management methodologies.
  • Awareness of current industry security threats, challenges and mitigation techniques.
  • Appreciation of the changes to legislation around security and privacy that occur internationally.
  • Experience with Asian market Cyber security challenges
  • Strong conceptual thinking and communication skills.
  • Ability to work well under minimal supervision, and across multiple suppliers.
  • Team-oriented interpersonal skills, with the ability to communicate effectively with a broad range of people and roles globally, including vendors, IT and business personnel.

Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.

Benefits

  • 27 days holiday plus eight statutory bank holidays
  • Pension scheme
  • Performance related bonus
  • Private medical insurance
  • Life assurance
  • Sport centre
  • Free on-site parking
  • Subsidised café and restaurants
  • Discounts on Dyson machines

Interview guidance

We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate.