Cyber Security/Product Security Opportunities
  • United Kingdom Portsmouth
  • BAE Systems
1 year before
31.12.2023
Oversee and Govern
Program/Project Management and Acquisition
Job Description

Cyber Security Engineer/Consultant (Product Security) Opportunities

Location: Portsmouth.

We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role.

Salary: Competitive package.

What You’ll Be Doing

Building a risk based set of cyber security requirements for a system or sub system. Providing technical guidance and support for all aspects of cyber security and resilience.
Conducting cyber security analysis work, developing threat taxonomies, security architectures, security baselines and risk mitigations.
Producing test plans-and schedules together conducting informal and formal cyber security testing.
Supporting engineering gated reviews and design assurance activities.
Production of security artefacts such as risk registers, security assurance cases, plans and schedules.Provide security input into related engineering documentation.

Essential

Your skills and experiences:

Degree (or equivalent experience) in a relevant STEM subject or Information Security related
Recognised Industry Security Qualifications, eg. CCP, CISSP, CISM (or able to achieve)
Proven experience of assessing and managing risk in line with industry good practice (NIST, ISO 27001)
Significant experience with using security baselines, mitigations and controls

Desirable

Experience of Product Security activities in the defence, maritime or closely linked domain
Experience of MOD Policies and regulations such as SPF, JSP 440 and JSP604 and production of Risk Management Accreditation Document Set (RMADS)
Knowledge of the challenges affecting security of Operational Technologies/ Industrial Control Systems and approaches to secure them
Engineering background and or strong familiarity with a life cycle phased approach
Project Management exposure.

Benefits

You’ll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You’ll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts – you may also be eligible for an annual incentive and overtime opportunities (subject to grade).

The Engineering Delivery Team

As a member of the Engineering Delivery Team who design, build, integrate and provide through life support to all the Submarine Platforms in the Royal Naval fleet your role is to ensure the submarine systems and products are developed to support the delivery of an appropriately secure and resilient product. You will be playing your part within this national endeavour.

Through application of your knowledge and experience, you shall identify, analyse, evaluate and manage information security risks associated with the products used on-board the submarine. Speaking knowledgably and credibly with customers, users and internal stakeholders you shall provide advice on the causes of the risks identified, their likelihood and potential operational impacts.

Why BAE Systems?

This is a place where you’ll be able to make a real difference. You’ll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you’ll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments.

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation

Job

Engineering

Primary Location

GB-ENG-SRY-Frimley

Other Locations

GB-ENG-BST-Filton, GB-ENG-HAM-Portsmouth, GB-ENG-DOR-Weymouth, GB-ENG-CMA-Barrow-in-Furness


Quick response

Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0146   Knowledge of the organization's core business/mission processes.
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0165   Knowledge of risk/threat assessment.
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0200   Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0012   Knowledge of capabilities and requirements analysis.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Required Skills
  • S0085   Skill in conducting audits or reviews of technical systems.

Required Abilities
  • A0009  Ability to apply supply chain risk management standards.
  • A0056  Ability to ensure security practices are followed throughout the acquisition process.