Job summary

Product Security Analyst: 12m Contract, Surrey, Hybrid

PSA Engineer will be a focal point for security & information risk matters in the Product Security Engineering team

Key skills required for this role

CLAS Consultant, RMADS, CISSP/CISM, Product Security Engineering activities Defence/maritime/similar

Important

CLAS Consultant, RMADS, CISSP/CISM, Product Security Engineering activities Defence/maritime/similar

Job description

Product Security Analyst
12m Contract | Surrey | Hybrid

The PSA Engineer will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team.

Skills & Requirements
The PSA Engineer will be responsible for, or provide input to the following typical key deliverables, dependent on the role and the place the project is in the engineering lifecycle:

• Former CLAS consultant
• Strong experience of developing Risk Management Accreditation Document Set (RMADS)
• Current CISSP or CISM qualification
• Strong background in HMG and MoD Policies, SPF, JSP440, JSP 604, and TEMPEST
• Proven experience of assessing and managing information risk in line with industry good practice
• Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar). Experience of Product Security Engineering activities in the defence, maritime or closely linked domain

Qualifications

• Degree (or equivalent experience) in a relevant STEM subject or Information Security related.
• Holds NCSC CCP SIRA status
• Industry Security Qualifications held, CCNP, MS, CompTIA, SANS

Responsibilities
The following activities are those which are required of the PSA Engineer, in full or part dependent on the role and the place the project is in the engineering lifecycle:

• Developing Risk Management Accreditation Document Set (RMADs)
• Performing risk assessments using multiple methods including IS1, ISO27001, NIST, Mitre, STRIDE
• Selection of security controls, providing guidance on implementation and capture of compliance
• Attendance at Security Working Groups (SWGs), design reviews and gate reviews
• Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness
• Be able to recommend appropriate controls to mitigate identified risks in line with government and MOD policies and good practice, to provide more cost-effective risk mitigation in the longer term

If you meet the minimum requirements, please get in touch so that I can send through the full spec and have a discussion with you.