Information Security Consultant

Technology is our how. And people are our why. For over two decades, we have been harnessing technology to drive meaningful change.

By combining world-class engineering, industry expertise and a people-centric mindset, we consult and partner with leading brands from various industries to create dynamic platforms and intelligent digital experiences that drive innovation and transform businesses.

From prototype to real-world impact - be part of a global shift by doing work that matters.

Role Purpose

The Security Consultant will support Endava's Operational Security (SecOps) team during the FY25/26 transition from the CISO Office to full SecOps ownership of operational security services. The role will provide expertise across vulnerability management, security risk assessments, awareness initiatives, and management reporting.

Key Responsibilities

• Vulnerability Management
  • Support design and rollout of SecOps VM governance model.
  • Validate SLA enforcement workflows, exception management, and dashboard development.
  • Coordinate between CSCoE (scanning/triage) and InTech (remediation) to ensure compliance with defined timelines.
• Risk Assessment
  • Contribute to redesign of the Security Risk Assessment (Vendor + Technical) process.
  • Work with SecOps, IA, and Architects to define standard templates, risk scoring models, and mitigation workflows.
  • Provide technical insight for Detailed SRAs, including threat modelling and contextual risk assessments.
• Security Awareness Program
  • Support transition of and assume responsibility for MetaCompliance administration from CSCoE.
  • Contribute to awareness campaign design, phishing simulations, and user engagement reporting.
• Integrated Management Reporting
  • Assist in defining KPI requirements and reporting workflows for SecOps dashboards.
  • Liaise with BI teams to consolidate data pipelines from ServiceNow, Nessus, and risk tools.

Skills & Experience

• Essential:
  • 5+ years' experience in security operations or consultancy.
  • Strong knowledge of vulnerability management workflows and tooling (Nessus, Defender, Tenable).
  • Familiarity with Security Risk Assessment methodologies (vendor & technical).
  • Strong communication and stakeholder management skills (with CSCoE, IA, GRC).
• Desirable:
  • Experience with Power BI or ServiceNow reporting.
  • Familiarity with security awareness platforms (MetaCompliance or equivalent).
  • Understanding of AI/GPT applications in security processes (desirable for Special Projects).

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus;   
• Career Development: Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences;
• Work-Life Balance: Hybrid work and flexible working hours, employee assistance programme;
• Health: Global internal wellbeing programme, access to wellbeing apps;
• Community: Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations.

At Endava, we're committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.