Product Security Analyst/Engineer

Location:
Barrow-in-Furness District
Job Type:
Contract
Industry:
Cyber Security
Job reference:
BBBH146394_1634909344
Posted:
over 2 years ago

Product Security Analyst/Engineer x 2

Barrow (Currently remote)

6 Months

Role Description

The PSA Engineer will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team and will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life.

They will provide subject matter expertise and advice to other functional and capability areas to support overall project delivery and performance and advice and consultancy to design authorities and interested stakeholders.

Skills required

The following activities are those which are required of the PSA Engineer, in full or part dependent on the role and the place the project is in the engineering lifecycle:

  • Developing Risk Management Accreditation Document Set (RMADs)
  • Performing risk assessments using multiple methods including IS1, ISO27001, NIST, Mitre, STRIDE.
  • Selection of security controls, providing guidance on implementation and capture of compliance.
  • Attendance at Security Working Groups (SWGs), design reviews and gate reviews
  • Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.
  • Be able to recommend appropriate controls to mitigate identified risks in line with government policies and good practice, to provide more cost effective risk mitigation in the longer term.

Knowledge and Experience

The PSA Engineer will be responsible for, or provide input to the following typical key deliverables, dependent on the role and the place the project is in the engineering lifecycle:

  • Former CLAS consultant
  • Strong experience of developing Risk Management Accreditation Document Set (RMADS).
  • Current CISSP or CISM qualification
  • Strong background in GOV Policies, SPF, JSP440, JSP 604, and TEMPEST
  • Proven experience of assessing and managing information risk in line with industry good practice.
  • Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar). Experience of Product Security Engineering activities in the defence, maritime or closely linked domain.

Qualifications

  • Degree (or equivalent experience) in a relevant STEM subject or Information Security related.
  • Holds NCSC CCP SIRA status
  • Industry Security Qualifications held, CCNP, MS, Comptia, SANS
Back job search
Back to Search Results
.