Senior Cyber Security Operational Assurance Specialist
  • United Kingdom Preston
  • BAE Systems
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

Job title: Senior Cyber Security Operations Assurance Specialist

Location: Preston

We offer a range of hybrid and flexible working arrangements – please speak to your recruiter about the options for this particular role.

Salary: Up to 62k

What You’ll Be Doing

Develop and deliver the Operational Assurance services to assure the technical compliance and effectiveness of applicable Cyber security controls to meet NIST (DFARS), DEFSTAN, Accreditation requirements and / or Group Cyber Security Standards (GCSS)
Develop, plan and implement a risk-based pen testing programme across EIT enterprise managed networks / systems / services aligned with the BAE Systems plc testing strategy
Assess the Performance / Health of applicable security controls to assure compliance and effectiveness aligned with the relevant Accreditation requirements and Standards
Ensure Operational Assurance activities are aligned with the Group IM&T Cyber Security Assurance Framework and Group Cyber Security Standards to ensure compliance

Your Skills And Experiences

Extensive experience of IT Security experience and additionally Service management
Strong track records of assuring the security of services in the Government sector
Strong analytical background with the ability to analyse and interpret large and complex data sets and articulate observations, conclusions and recommendations to senior audiences
In-depth knowledge of HMG and industry standard security policy, standards and good practice guidance
Wide ranging knowledge of application, infrastructure and security technologies and in-depth knowledge of implementing them in a secure configuration
CISSP or CISM IT Security qualification

Benefits

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual leave incentive.

The Cyber Assurance Team

The Cyber Assurance Team with Shared Services are part of Enterprise IT (EIT) with responsibility for assuring all enterprise managed systems and services, spanning UK/RoW. The team ensure systems / services are built and configured in-line with applicable Cyber Security Standards.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.”

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.

Job

IT

Primary Location

GB-ENG-LAN-Preston

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0074   Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
  • K0290   Knowledge of systems security testing and evaluation methods.
  • K0297   Knowledge of countermeasure design for identified security risks.
  • K0342   Knowledge of penetration testing principles, tools, and techniques.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0036   Skill in evaluating the adequacy of security designs.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0167   Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).