Find your future role
|Job type||Contract 6|
The Security Engineer will be Supporting the Product Security lead on Trinity, providing cyber security advice and guidance to all stakeholders, including systems and software engineers, technical authority, engineering.
Key skills required for this role
TRINITY Role Descriptions
|Product Security Engineer|
|Role Description||Supporting the Product Security lead on Trinity, providing cyber security advice and guidance to all stakeholders, including systems and software engineers, technical authority, engineering and project managers, throughout the design and integration phases leading up to accreditation and System Field Trial.|
|Key activities:||Interpreting security guidance from external sources such as JSP440/604, Federated Mission Network standards, NCSC and NIST.
Performing security risk assessments using recognised methodologies to identify and prioritise cyber security and cyber resilience risks and identifying appropriate controls and mitigations to manage those risks.
Support to achieve security accreditation of Trinity System, up to Secret, including assessing the impact to security of all proposed changes.
Scoping and managing testing by external penetration test companies and ensuring remediation activity is performed to completion.
Supporting security within the supply chain, including meeting the requirements of the Defence Cyber Protection Partnership plus our own company initiatives.
Producing security documentation such as RMADS and SyOPs.
Experience of cyber security engineering delivery and accreditation within the Defence domain, including identifying cyber security risks using a recognised methodology and the commensurate controls and mitigations required to manage those risks
Ability to interact at a technical level with systems, software and hardware engineers and to articulate security advice directly to key stakeholders within both the business and the customer community.
Degree qualified in Information/Cyber Security, IT, Engineering, Mathematics, or Science, or alternatively equivalent qualifications and/or experience
Knowledge and experience in HMG IAS1&2 or similar security risk assessment methodology, JSP440/JSP604/JSP490, NCSC guidance, NIST, ISO 27001 and industry-standard security frameworks.
Experience of electronic and physical security measures, including Tempest
Defence, systems or software engineering background. CCP, CISSP, CISM or similar, GCHQ Certified Degree, ex-CLAS