Principal Engineer - Product Security
  • United Kingdom Filton
  • BAE Systems
1 year before
31.12.2023
Oversee and Govern
Program/Project Management and Acquisition
Job Description

Job Title: Cyber Security Opportunities

Location: Bristol, Weymouth, Frimley, Barrow-in-Furness - hybrid

Salary: Competitive

What You’ll Be Doing

Gain sufficient understanding of the programme and the systems, including their concept of use in order to lead on security architecture and requirement derivation and definition
Leading on the development and maintenance of the security strategies and policies to ensure that security is built into the programme from the outset
Identifying and selecting the most appropriate security techniques which are consistent and repeatable for use across the programme
Directing, developing and maintaining security documentation and engineering artefacts in support of evidence for assurance and certificates of design and conformity
Leading the through life security risk management, presenting risks and proposed controls to internal and external stakeholders, to achieve agreement and buy-in
Acting as the focal point for security matters within the programme and providing advice and guidance to a wide range of stakeholders

Essential

Your skills and experiences:

Degree (or equivalent experience) in a relevant STEM subject or Information Security related subject
Recognised Industry Security Qualifications eg CCP, CISSP, CISM or similar
Proven experience of assessing and managing security information risk in line with industry good practice (NIST, ISO 27001) at board level

Desirable

Experience of MOD Policies and regulations such as SPF, JSP 440 and JSP604 and production of Risk Management Accreditation Document Set (RMADS)
Experience of Engineering lifecycle management (preferably within the defence, maritime or closely linked domain)

Benefits

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive

The Engineering Security Team

You will work as part of a team who design, build, integrate and provide through life support to all the Submarine Platforms in the Royal Navy fleet.

Using your skills and experience you will lead on security and information risk matters to ensure the submarine systems are designed and built to be secure and resilient.

This role requires use of a deep level of subject matter expertise to drive security requirements, identify possible threats and avenues of attack and advise on the application of secure development practices.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation

Job

Engineering

Primary Location

GB-ENG-BST-Filton

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0090   Knowledge of system life cycle management principles, including software security and usability.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0165   Knowledge of risk/threat assessment.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0059   Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • K0150   Knowledge of enterprise incident response program, roles, and responsibilities.
Required Skills
  • S0038   Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
Required Abilities
  • A0009  Ability to apply supply chain risk management standards.
  • A0039  Ability to oversee the development and update of the life cycle cost estimate.
  • A0056  Ability to ensure security practices are followed throughout the acquisition process.