Description
Security Engineer is required to lead the security engineering effort required to establish, achieve and maintain security accreditation for a system currently being developed.
The successful candidate will be responsible for the below tasks:
Assessment of security risks and specification of security requirements.
Compilation and production of a variety of security documentation, including HMG Risk Management Accreditation Document Set (RMADS) to support MoD security accreditation.
Investigation, assessment and documentation of potential security impacts surrounding changes to systems, product design and requirements.
Assessment of proposed technology options and security approaches.
Production of Secure configuration documentation.
Evaluation of potential security control mechanisms and products.
The provision of focused security advice/guidance to customers, systems engineers and developers.
Secure configurations of systems and software.
Prepare the accreditation evidence and manage the accreditations process.
The successful candidate will have the below skills:
A good understanding of the Military and Government security accreditation processes.
Knowledge and understanding of Defence and Government security standards and requirements.
Experience in production RMADS and a variety of other security related documentation.
Understanding of the security aspects of Operating Systems; familiar with hardening approaches and techniques primarily for Microsoft Windows based systems.
Conversant with the security aspects of communications networks and protocols, including security of wireless network implementations in accordance with MoD and HMG Standards, guidance and policy.
Experience in implementing secure systems configuration approaches.
The ability to review, assess and document proposed hardware, software applications and infrastructure for potential security impacts.
A confident, practical and accomplished team member who is capable of working autonomously.
Formal Security Qualifications (focused degree, CISSP, CISM or ITPC Infosec competencies).
Familiar with Systems Engineering Processes, Documentation and Development environments.
Conversant with a variety of secure applications and network security tools.
Candidates must be willing to undergo a security vetting proceedure.