Principal Engineer – Product Security Analyst
PRINCIPAL ENGINEER – PRODUCT SECURITY ANALYST
We have an exciting new contract opportunity based in Weymouth as a Principal Engineer – Product Security Analyst.
The role will be an initial 12 month contract and will provide you with the opportunity to provide end-to-end expert information security input, from inception to decommissioning on systems destined for submarines.
- Provide advice on Product Security matters for programmes to a wide range of stakeholders which will include; System Engineers, Engineering Managers and Technical Authorities as required.
- Gain sufficient understanding of a system, its concept of use and architectures to provide an accurate assessment of Product Security in terms of possible threats, potential avenues of attack and to advise on the application of secure development practices.
- Be able to select appropriate Product Security techniques which are consistent and repeatable for use across a programme.
- Understand and be able to provide relevant guidance on the threat environment for a programme.
- Ensure that Product Security analysis of a project, system or equipment, is delivered and is managed using recognised risk analysis techniques.
- Ensure that Product Security analysis work is fully documented, enabling the management of risk throughout the product lifecycle.
- Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.
- Be able to recommend appropriate controls to mitigate identified risks in line with government and MOD policies and good practice, to provide more cost effective risk mitigation in the longer term.
- Present risks and proposed controls to internal and external stakeholders, to achieve agreement and buy-in.
- Provide regular updates on project status/progress in accordance with project specific reporting cycles.
- Represent the Product Security group at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle.
- Undertake peer reviews as directed.
- Provide technical guidance and supervision to other Product Security engineers and support the management and planning of specialist activities.
- Provide technical guidance and support in relation to product incident management.
Key skills & qualifications
- Good understanding of information security principles and is able to advise on the potential impact to Product Systems.
- Proven experience of assessing and managing information risk in line with industry good practice.
- Knowledge of ISO 27000 series, NIST Frameworks, CIS Benchmarks/controls, ISF Standard of Good Practice for Information Security or similar industry standards.
- Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar).
- Holds CISSP or CISM certification
What we’re looking for in you
- Excellent verbal and written communication skills.
- Well-developed analytical/ problem solving/ decision making skills.
- Strong organisational skills who is adaptable in a fast-paced environment.
- Stakeholder management skills.
Rate: £81.23 per day (Inside IR35)
AAP3 is acting as an Employment Business in relation to this vacancy.