Cyber Systems / Information Security Engineer

Employer
advanced resource managers
Location
Leckhampton, UK
Salary
Competitive
Closing date
18 Sep 2020

View more

Sector
Technology & New Media
Contract Type
Permanent
You need to sign in or create an account to save a job.
Cyber Systems Engineer

Cheltenham - with Travel ( Restrictions dependant )

Permanent Position

£55,000 - £75,000

Our client, a leading name within the world of defence, is seeking a Cyber Systems Engineer to provide solutions designed to enhance the overall security posture of our internal and customer systems.

You will need to have an in depth understanding of Cyber Security Methodologies & be familiar with the information security threats facing aerospace defence contractors or Government systems. Please note suitable candidates will also be required to hold UK Security clearance, to highest levels.

This individual will join a team of qualified and diverse individuals, supporting digital transformation. You will become part of a fully engaged high performance team providing Information Security, you will work providing Information Security engineering services.

Application of system security engineering principles is required to provide realistic solutions designed to enhance the overall security posture of internal and customer systems, to include identifying threats, developing appropriate protection measures, reviewing security implications of system changes, recommending solutions and providing support for resolution of complex technical challenges.

Key responsibilities
  • Collaborate with engineering teams and other information security professionals to ensure strong and effective controls are in place to detect and mitigate risks across on-prem and cloud environments to meet business needs and regulatory requirements
  • Perform technical planning, system integration, verification and validation, balancing cost and risk, and supportability and effectiveness analysis across total systems
  • Work collaboratively on multiple concurrent projects, ensuring project and BAU activities remain compliant with ISO20000 & ISO27001
  • Perform system security analysis activities including requirements analysis, gap analysis, and analysis of alternatives
  • Ensure the logical and systematic conversion of security requirements into systems solutions that best mitigate cyber risks within the acknowledged technical, schedule and cost constraints, including activities such as:
  • secure proxy engineering
  • firewall policy management
  • messaging security engineering
  • remote access engineering
  • intrusion prevention engineering
  • network access compliance engineering
  • public key technologies
  • Active Directory services
  • Analyse and provide recommendations for improvements to and enhancements of in-house and external platforms, systems and tools
  • Development of system design artefacts in accordance with established architecture frameworks
  • Support the global team in processing and mitigating cyber threat actor activity
  • Collaborate effectively with information security analysts to co-ordinate a multi-tiered approach to cyber threat mitigation to deny current and future adversary actions
  • Undertake analytical duties in a secondary role to include host- and network-based log analysis, correlation of network threat indicators and PCAP data, analytical triage, incident response and vulnerability scanning
  • Research and draft Cybersecurity white papers as required, presenting findings to both technical teams and management


Person Specification

Preferred Experience

  • In-depth understanding and substantial application of cyber security methodologies
  • Experience in consulting and or working in a complex Enterprise environment
  • Extensive experience working with customers to elaborate requirements in often complex/uncertain environments
  • A proven track record of designing and developing secure solutions that meet customer requirements
  • Experience performing risk assessments of both internally and externally hosted solutions
  • Experience with ISO20000, ISO 270001, GDPR, HMG Security Policy Framework, Cyber Essentials, MCSS, etc.
  • Experience with network architecture, OSI model, and networking protocols
  • Experience with network security and penetration testing
  • Experience in creating and deploying cloud infrastructure solutions
  • Knowledge of security operations and tools
  • Knowledge of compliance regulations in UK, France, Germany, Italy, and other European standards
  • Knowledge of risk management industry principles, including use of a risk-based approach
  • Hands on validation of security control implementation
  • Institute security engineering concepts that , balance cost and risk, and supportability and effectiveness analysis across total systems
  • Work collaboratively on multiple concurrent projects with various program and technical stakeholders
  • Perform system security analysis activities including requirements analysis, gap analysis, and analysis of alternatives
  • Strong presentation and written skills with experience in presenting findings to executive leadership and/or technical teams
  • Experience of conducting analysis of electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
  • Experience with analysis and forensic tools used in a SOC or similar investigative environment
  • Penetration testing experience
  • Knowledge and/or experience in one or more of the following technologies: AD/DNS, Patch Management, PKI, HBSS, ACAS, VMware products, Splunk
  • Familiarity in the Risk Management Framework (RMF) Cybersecurity Lifecycle
  • Experience of UK and European Government working practices and proposals


Preferred Qualifications

Hold one or more of the following technical certifications (or equivalent):

  • International Council on Systems Engineering (INCOSE)
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Forensic Computer Examiner (CFCE)
  • OSCP Offensive Security Certified Professional
  • CEH Certified Ethical Hacker
  • Cloud Certifications


Competency/Skill requirements

  • Current and evolving familiarity with information security threats facing aerospace defence contractors or Government systems
  • Adept at two or more analysis and forensic tools used in a CSIRT or similar investigative environment
  • Able to exercise sound judgment when escalating issues
  • A creative thinker, particularly around remediation and countermeasures to challenging information security threats
  • Highly self-motivated and directed, able to effectively work autonomously and as part of a wider, virtual team
  • Excellent interpersonal skills, able to engage effectively with a wide range of stakeholders
  • Excellent PowerPoint skills, able to clearly present technical content to audiences of mixed technical backgrounds
  • Fluent in written and spoken English, fluency in other European languages advantageous - Italian, French, German.
  • Strong analytical skills, adept at trouble-shooting and problem-solving
  • Flexible and responsive attitude
  • Highly-organised and proficient at multi-tasking, working with and resolving competing priorities
  • Strong customer orientation
  • Excellent attention to detail
  • Advanced knowledge of technology capabilities and trends


Other requirements

Ability to travel up to 60 % within Europe, Middle East, Africa and occasional travel to US

Clearance requirements: Ability to hold and maintain relevant UK Government clearance
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert