- Information Technology
- United Kingdom - Malmesbury Office
At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.
Dyson IT is mid-transformation. Our aim, to create robust IT architecture, to manage data effectively and efficiently and continue to grow our world-class team. A team who is strategic, enabling business acceleration, growth and success.
About the team
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys?
Dyson’s Global Cyber Security team works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. They take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
About the role
As Associate Principal Security Architect, you’ll be responsible for consulting on and designing the cyber security elements of business and IT-led initiatives, as well as directly supporting customer facing retail and ownership experience security initiatives.
Key responsibilities will include:
- Working closely with our global Cyber Security practice’s multiple disciplines and other IT teams, to ensure adequate security solutions are in place throughout all systems and platforms.
- Identifying and mitigating any risks in legacy systems.
- Planning, researching, designing and building robust security architectures for new IT and business-led projects.
- Serving as a security expert in application development, database design and network and/or platform projects.
- Designing, coordinating and overseeing security testing to verify the security of systems and applications, and driving the remediation of identified vulnerabilities.
- Providing security risk assessment and recommendations to the business.
- Writing and maintaining security documentation, including technical designs and operations manuals.
- Providing consultancy throughout the delivery lifecycle - producing designs, defining/drafting patterns, and engage with delivery (Waterfall, Agile and DevSecOps).
- Engaging with IT Architects, Developers and Engineers, Legal team, Privacy team, Programme Managers and business data owners.
This role will be based on-site, either at our state-of-the-art technology campus in Malmesbury, Wiltshire, or our offices in Bristol city centre.
You’ll have a solid background in the security architecture of enterprise, OT or IOT platforms, including the engineering of core, best-in-class security products.
Your technical experience will ideally include end point technology, connected devices, core infrastructure / cloud and / or business applications.
Other key requirements include:
- Experience in designing and delivering secure eCommerce, Ownership Experience, Retail against a backdrop of major standards / frameworks such as PCI-DSS, ISO27001, NIST 800 series, ISA/IEC 62443.
- Experience supporting project teams with high and low-level security consultancy, design and delivery.
- Good understanding of security considerations across key technologies such as Cisco, Microsoft, SAP, Oracle, market-leading SaaS applications, public cloud, etc.
- Awareness of DevOps practices and embedding security in the software development lifecycle.
- Data Security knowledge including Encryption/Tokenization guidelines, Key Lifecycle Management.
- Experience of supporting InfoSec Risk Assessments using industry best practice risk assessment and management methodologies.
- Awareness of current industry security threats, challenges and mitigation techniques.
- Strong conceptual thinking and exceptional communication skills.
Knowledge across some/all of the following general security topics:
- Designing infrastructure security solutions.
- Architecting secure business applications and integrations.
- Horizon-scanning and keeping abreast of latest trends and technologies.
- Setting security requirements.
- Security regulations e.g. GDPR, PCI-DSS, other international privacy requirements.
- Adherence to security good practice.
Knowledge across some/all of the following system-level security topics:
- Operating system hardening
- Endpoint security
- Network security
- Web and application services
- Database security
- Privileged user management
- Cloud Technologies such as PaaS, IaaS, Content Delivery Networks (CDN), Web Application Firewall
- Performance-related bonus scheme
- Competitive pension scheme
- Life assurance and income protection
- Discounts on Dyson machines
- Free bus (coach) travel to and from Malmesbury campus from Bristol, Bath, Chippenham and Swindon
- 27 days’ holiday (plus public holidays)
- Ability to purchase additional holidays
- Free parking on-site
- On-site hair salon, sports centre and gym – all free
- Free lunch and free, (unlimited) hot drinks and fruit
- Free on-site Lifestyle Assist service (concierge)
- Electric vehicle salary sacrifice scheme
Health & Wellbeing
- Private medical insurance
- Dental insurance
- Health Assessments
- Employee Assistance Programme
- Free GP service (both on-site and digital)
- Free gym, fitness classes and wellbeing centre on-site
- Fertility treatment and menopause support
Dyson is an equal opportunity employer. We know that great minds don’t think alike, and it takes all kinds of minds to make our technology so unique. We welcome applications from all backgrounds and employment decisions are made without regard to race, colour, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other any other dimension of diversity.