Cyber Systems Engineer - Cyber Vulnerability Investigations (CVI) - DV / SC Cleared

Recruiter
Nexere Consulting Ltd
Location
Porton Down
Posted
31 Oct 2018
Closes
15 Nov 2018
Contract Type
Permanent
Hours
Full Time

Cyber Systems Engineer - Cyber Vulnerability Investigations (CVI) - DV / SC Cleared

Cyber Systems Engineer will work for the Cyber and Information Systems Division across various defensive projects as a systems engineer and cyber security SME. Cyber Vulnerability Investigations (CVIs) are being undertaken on various Defence capabilities, platforms, and sites. Reporting to the CVI leader and following the defined assessment lifecycle, you will review architecture and system design documentation and gather information through visits to sites and platforms. You will identify potential cyber access vectors, cyber effects and their impact on operational objectives of those sites and platforms. Assessments of cyber assurance activity maturity shall also be undertaken.

Experience of architecting, engineering or assessing complex systems comprised of business enterprise technology (traditional IT devices and networking), combat / mission systems (a mixture of bespoke and traditional programmable elements and networking, vehicle systems (including industrial control systems and vehicle data bus networking) and communication systems (including HF, VHF, UHF, SATCOM, and Tactical Data and Command and Control Links). Furthermore, an understanding of cyber vulnerabilities and how they may manifest themselves in such systems, and how vulnerability research is undertaken such that a potential adversary may discover and exploit new vulnerabilities, is required In this role you will undertake: • Socio-Technical Modelling - identify the system architecture and people processes; such as training facility, integration facility, land based command and control site with communications to deployed assets • Cyber Threat and Mission Impact Assessment – identify the attack surface / potential access vectors, such as RF or physical media, against the architecture, and identifying cyber effects and their mission impact; such as spoofing control data due to encryption enabling replay attack leading to inability to deliver strike capability • Cyber Security Maturity Assessments – assessing cyber defence controls in place; such as access controls and user training, against a defined list of controls and their level of maturity • Vulnerability Capture and Recording – documenting risks in an actionable and prioritised way; such as a reduce likelihood of control spoofing risk due to spectrum monitoring and proprietary protocol documented on secure systems and used only within the UK

Knowledge, Skills & Experience Required :

An understanding of software, firmware, hardware, networking protocols and other interface definitions is required, as is familiarity with cyber security vulnerabilities, the cyber kill chain and security testing. A computer science background in systems engineering, systems/enterprise/network architecting, software engineering, vulnerability research and / or information assurance (or similar) is therefore preferable. Demonstrates good modelling skills. • Good technical background and understanding (experience in cyber maturity assessment eg NIST). • Good core system engineering skills required for the early stages of a CVI and throughout a CVI, for planning and considering complex problems. Technical and practical experience to draw upon. • Keep up to date with system developments. • Good cyber technical skills – previous experience in cyber projects – general cyber awareness. • Knowledge of CVI tools and techniques e.g. red and blue teaming. Deep technical knowledge across cyber domain e.g. pen testing. • Networking comms, systems. • Detailed technical knowledge of cyber defence strategies (IDS, IPS, Deception etc).

Cyber Systems Engineer - Cyber Vulnerability Investigations (CVI) - DV / SC Cleared

Similar jobs

Similar jobs