Cybersecurity analyst with a focus on GRC and setting up as well as running a SOC Job summary We’re offering an exciting opportunity to join our rapidly growing Cyber Security Practice as a Cyber Security Analyst specialising in Governance, Risk, and Compliance (GRC) and in Security Operations Centre (SOC) activities. You’ll work on a project in the energy sector. With over a decade of industry experience, you’ll help build trusted relationships and play a key part in strengthening our client’s security postures. This job contains a GRC part and a SOC part. What you’ll be doing for the GRC part of this job: Delivering high-quality consultancy in NIST CSF, ISO 27001, GDPR, and Cyber Essentials/Cyber Essentials Plus and other Cyber Security Frameworks. Performing risk assessments, gap analyses, and maturity reviews aligned to recognised security frameworks. Develop a risk assessment framework for a client. Providing advisory and hands-on support in developing and improving clients’ Information Security Management Systems (ISMS) and Cyber Security Posture. Supporting clients with certification readiness, internal audits, and remediation activities. Leading client engagements and building long-term relationships with key stakeholders. What you’ll be doing for the SOC part of this job: Be able to setup the client with an external and / or internal SOC. Be responsible for monitoring, analyzing, and responding to security incidents. · Monitoring and responding to alerts. · Escalating alerts where necessary. · Proposing tuning requests. · Producing reports. · Maintaining awareness of the latest threats and vulnerabilities. Here's what we're looking for: Demonstrable experience in a GRC consultancy or senior security role, ideally within a service provider or large organisation. Proven knowledge and application of NIST CSF, ISO 27001, GDPR, and Cyber Essentials frameworks. ISO 27001 Lead Auditor and/or Implementer certification (desirable). Strong client-facing communication and stakeholder engagement skills. CISM certification and experience with risk management practices. Proficiency in managing security compliance programmes and driving improvement initiatives. Experience chairing client workshops and desktop exercises, ISO meetings, or team calls. · A good understanding of computer networks, operating systems, software, hardware and security. · An understanding of cyber security risks associated with various technologies and ways to manage them. · A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and antivirus. · Any relevant academic or industry specific training. Must be able to attend a weekly 1-hour client meeting every Thursday at 5 pm UK time. Must be able to commit to 10 hours of flexible part-time work per week. Set yourself apart: · Understanding of basic cybersecurity principles and concepts · Knowledge of common attack vectors and malware types. · Awareness of security tools and technologies. · Basic understanding of incident response principles. · Networking fundamentals. · Analytical and problem-solving skills. Educational Qualification: Bachelor’s or above degree in a related field or equivalent full-time course CISSP or a combination of the following: CompTIA A+ CompTIA Network+ CompTIA Security+ CySA+ Pentest+ CASP+ Industry Type: IT Services & Consulting Functional Area: Information Security and Cybersecurity Employment Type: Part-Time, Contract Languages: English Location: Remote Salary: 35.000 (thirty-five thousand) INR per month for 40 hours of work per month (10 hours of work per week). Payment will be made based on “outside IR35”, meaning that the successful candidate is expected to take care of any tax payments independently after having received the payment from the company. Show more Show less
Job Title: Cryptography and Networking Consultant Location: Remote (as per project requirements) Employment Type: Contract Reports To: Head of Cybersecurity Consultancy Job Overview: We are seeking a highly skilled Cryptography Consultant specializing in Cryptography Bill of Materials (CBOM) creation and cryptographic audits. The ideal candidate will leverage Static Application Security Testing (SAST) tools to analyze extensive codebases, identify cryptographic vulnerabilities, and help organizations prepare for post-quantum cryptographic challenges. This role will play a critical part in bridging traditional cryptographic practices and future quantum-safe security solutions. Key Responsibilities: CBOM Creation: Employ SAST tools to generate a detailed Cryptography Bill of Materials (CBOM). Design abstract models within SAST tools to represent cryptographic components and adapt these for various application-specific APIs. Catalogue cryptographic libraries and algorithms across diverse codebases to identify high-risk areas. Comprehensive Cryptographic Audits: Conduct in-depth audits of cryptographic algorithms used across on-premises and cloud systems. Develop and execute custom queries in SAST tools to detect legacy cryptographic methods vulnerable to quantum attacks. Provide clear insights into cryptographic dependencies and vulnerabilities within large code repositories. Variant Analysis: Perform multi-repository variant analysis using SAST tools to uncover obscure cryptographic dependencies. Analyse software supply chains, particularly for risks stemming from open-source components and complex dependency structures. Strategic Recommendations for Cryptographic Agility: Deliver actionable recommendations to transition organizations to quantum-resistant cryptography. Collaborate with stakeholders to develop strategic plans for cryptographic agility and resilience. Integration and Continuous Monitoring: Integrate SAST-based auditing into client workflows to ensure continuous compliance with post-quantum cryptographic standards. Establish monitoring processes for new code and periodic reassessments to detect emerging vulnerabilities. Client Engagement & Reporting: Provide detailed and clear reporting on findings, including CBOM, vulnerability assessments, and remediation plans. Communicate complex technical concepts to non-technical stakeholders in an accessible manner. SAST Query Development and Execution: Write and run custom queries within Visual Studio Code using SAST tools. Download and install the required SAST tool extensions in VS Code. Obtain and integrate SAST databases for target open-source projects: Search GitHub.com for relevant open-source projects to research. Download and add the project’s SAST database to VS Code or create one using the tool’s CLI. Clone and utilize the starter workspace provided by the SAST tool to run queries efficiently. Execute queries to identify and report vulnerabilities. Key Qualifications: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Applied Mathematics, or a related field. Proven experience in cryptography, software security analysis, and cryptographic library assessments. Proficiency in SAST tools (or equivalent static analysis tools) for codebase analysis and custom query development. Strong understanding of cryptographic algorithms, including symmetric/asymmetric encryption, hashing, and digital signatures. Familiarity with quantum computing risks and post-quantum cryptographic standards (e.g., NIST PQC algorithms). Experience with analysing large codebases across multiple programming languages (e.g., C, C++, Java, Python). Knowledge of software supply chain security, including open-source dependency management. Strong problem-solving and analytical skills. Excellent written and verbal communication for technical documentation and client reporting. Preferred Skills: Certifications such as CISSP, CCSP, or GIAC Cryptography certifications. Hands-on experience with tools such as SonarQube, SAST tools, or similar. Prior experience with infrastructure and code audits in cloud environments (AWS, Azure, GCP). Exposure to secure coding practices and cryptographic agility frameworks. Why Join Us? Opportunity to work at the forefront of quantum-safe cryptography. Collaborate with leading experts and leverage cutting-edge tools like SAST tools. Flexible work environment with opportunities for professional growth. Contribute to projects that secure the future of global organizations against emerging quantum threats. Benefits: Project-based payments. Remote-friendly working environment. Flexible working How to Apply: Via Linkedin. Equal Opportunity Employer: We welcome candidates from diverse backgrounds and are committed to fostering an inclusive workplace. Show more Show less
Senior GRC cybersecurity consultant Job summary We’re offering an exciting opportunity to join our rapidly growing Cyber Security Practice as a Senior GRC cybersecurity consultant specialising in Governance, Risk, and Compliance (GRC). You’ll work on a project in the energy sector. With over a decade of industry experience, you’ll help build trusted relationships and play a key part in strengthening our client’s security postures. What you’ll be doing as part of this job: You will own every facet of the GRC process and be the GRC lead for the client. Delivering high-quality consultancy in NIST CSF, ISO 27001, GDPR, and Cyber Essentials/Cyber Essentials Plus and other Cyber Security Frameworks. Performing risk assessments, gap analyses, and maturity reviews aligned to recognised security frameworks. Develop a risk assessment framework for a client. Providing advisory and hands-on support in developing and improving clients’ Information Security Management Systems (ISMS) and Cyber Security Posture. Supporting clients with certification readiness, internal audits, and remediation activities. Leading client engagements and building long-term relationships with key stakeholders. Here's what we're looking for: You must have completed Information Security Risk assessments for clients or your organisation Demonstrable experience in a GRC consultancy or senior security role, ideally within a service provider or large organisation. Proven knowledge and application of NIST CSF, ISO 27001, GDPR, and Cyber Essentials frameworks. ISO 27001 Lead Auditor and/or Implementer certification (desirable). Strong client-facing communication and stakeholder engagement skills. CISM certification and experience with risk management practices. Proficiency in managing security compliance programmes and driving improvement initiatives. Experience chairing client workshops and desktop exercises, ISO meetings, or team calls. · A good understanding of computer networks, operating systems, software, hardware and security. · An understanding of cyber security risks associated with various technologies and ways to manage them. · A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and antivirus. · Any relevant academic or industry specific training. Must be able to attend a weekly 1-hour client meeting every Thursday at 5 pm UK time. Must be able to commit to 10 hours of flexible part-time work per week. Set yourself apart: · Understanding of basic cybersecurity principles and concepts · Knowledge of common attack vectors and malware types. · Awareness of security tools and technologies. · Basic understanding of incident response principles. · Networking fundamentals. · Analytical and problem-solving skills. Educational Qualification: Bachelor’s or above degree in a related field or equivalent full-time course CISSP or a combination of the following: CompTIA A+ CompTIA Network+ CompTIA Security+ CySA+ Pentest+ CASP+ Industry Type: IT Services & Consulting Functional Area: Information Security and Cybersecurity Employment Type: Part-Time, Contract Languages: English Location: Remote Salary: 35.000 (thirty-five thousand) INR per month for 40 hours of work per month (10 hours of work per week). Payment will be made based on “outside IR35”, meaning that the successful candidate is expected to take care of any tax payments independently after having received the payment from the company. Show more Show less
Project Duration: Short-term Contract (estimated 6–8 weeks) Location: Remote Reporting To: Information Security Lead / Project Manager Purpose of the Role To support a high-level cryptographic risk assessment for a client organization. The project aims to establish a baseline cryptographic posture, assess key management practices, prioritize cryptographic risks, and outline a strategic roadmap for post-quantum cryptography readiness. Key Responsibilities · Baseline Assessment & Discovery · Facilitate kickoff meetings and gather information from key stakeholders. · Conduct a high-level encryption checklist to assess current state. · Review group-level standards, prior audits, and reports. · Assist in the identification and documentation of the existing cryptographic inventory and services (e.g., internal data storage, cloud encryption, PKI, DRM). · Key Management · Collaborate with the client to assess the current use of Azure Key Vault and other key management tools. · Contribute to the development of a formal Key Management Plan. · Deliver or support 1:1 training sessions for relevant stakeholders. · Cryptographic Assurance · Identify process gaps related to cryptographic review and assurance. · Help define and document processes to evaluate cryptographic systems regularly, beyond external penetration tests. · Risk Prioritization · Assist in defining cryptographic risk assessment criteria. · Support the development of a risk prioritization matrix and associated mitigation strategies. · Post-Quantum Cryptography Readiness · Collaborate on the creation of a high-level PQC readiness roadmap. · Define key milestones, resource requirements, and timelines to achieve PQC compliance in the future. · Executive Engagement · Support the preparation and delivery of executive summary materials. · Contribute to the design and facilitation of a 2-hour tabletop exercise for board-level stakeholders, focused on quantum threat scenarios and decision-making. Required Skills and Experience · Strong understanding of cryptographic technologies and controls (e.g., PKI, key management, encryption in transit/at rest). · Experience with Azure Key Vault or similar cloud key management platforms. · Familiarity with cryptographic standards and risk assessment frameworks. · Knowledge of quantum computing threats and post-quantum cryptography (preferred). · Strong communication and documentation skills. · Experience working with cross-functional teams, including technical and executive stakeholders. · Ability to translate technical risks into business impacts and mitigation strategies. Desirable Qualifications · CISSP, CISM, CCSP, or similar certifications. · Background in cybersecurity consulting, compliance, or security architecture. · Experience delivering executive presentations and tabletop exercises.