AddressCandidates will be required to undergo SC clearance.
Job Description
Supporting the Product Security lead on Trinity, providing cyber security advice and guidance to all stakeholders, including systems and software engineers, technical authority, engineering and project managers, throughout the design and integration phases leading up to accreditation and System Field Trial.
Responsibilities
Interpreting security guidance from external sources such as JSP440/604, Federated Mission Network standards, NCSC and NIST.
Performing security risk assessments using recognised methodologies to identify and prioritise cyber security and cyber resilience risks and identifying appropriate controls and mitigations to manage those risks.
Support to achieve security accreditation of Trinity System, up to Secret, including assessing the impact to security of all proposed changes.
Supporting security within the supply chain, including meeting the requirements of the Defence Cyber Protection Partnership plus our own company initiatives.
Producing security documentation such as RMADS and SyOPs.
Experience Requirements
Experience of cyber Security Engineering delivery and accreditation within the Defence domain, including identifying cyber security risks using a recognised methodology and the commensurate controls and mitigations required to manage those risks
Scoping and managing testing by external penetration test companies and ensuring remediation activity is performed to completion.
Desirably a Defence, systems or software engineering background.
Technical Skills/Knowledge
Ability to interact at a technical level with systems, software and hardware engineers and to articulate security advice directly to key stakeholders within both the business and the customer community.
Qualifications/Certifications Requirements
Essential
Degree qualified in Information/Cyber Security, IT, Engineering, Mathematics, or Science, or alternatively equivalent qualifications and/or experience
Desirable
Knowledge and experience in HMG IAS1&2 or similar security risk assessment methodology, JSP440/JSP604/JSP490, NCSC guidance, NIST, ISO 27001 and industry-standard security frameworks.
Experience of electronic and physical security measures, including Tempest.
-CCP, CISSP, CISM or similar, GCHQ Certified Degree, ex-CLAS
