Overview
Leidos has an exciting opportunity for a Principal Cyber Security Architect to join its successful and expanding National Security and Defence division. This role will shape and define security architectures across new captures, spearhead our approach to Secure by Design and develop security strategies, documentation and approaches. As the Principal Cyber Security Architect, you will be able to work with minimal direction on a specific MOD programme or bid or across a range of bids. You will ensure that the solution security design meets the customer functional and non-functional security requirements and provides the necessary assurance to our client, highly likely to be backed up by rigorous assurance and certification processes. You will have responsibility for interfacing to security design partners across the programme or bid, both customer and supplier representatives, and colleagues within our engineering, service, and business development teams. You will ensure that Leidos can establish and maintain an effective and efficient security architecture for the programme or bid solution, and that the designs will be able to adapt as customer requirements, legislation and assurance standards change over the programme lifespan. Within the programme or bid, the role will primarily be responsible to a solution architect and Chief Engineer for developing and delivering the relevant elements of the solution, whilst understanding the whole. You will have a complete understanding of cyber risk and treatment approaches. Based on a strong ability to communicate risk and its proportionate management, you will know how this issue is addressed both in traditional \'on-premise\' highly sensitive platforms, and in private and public cloud technologies. You will be experienced and accomplished in meeting the challenges associated with assuring systems in public and private cloud environments. You will be required to develop high- and low-level security architecture designs for systems intended for secure/sensitive environments, with appropriate security based on detailed risk analysis.
Due to the sensitive nature of the work, sole British National and DV clearance are a must, along with significant experience in similar roles across Cloud/IT based solutions for Defence customers. Deep knowledge of HMG standards (including MOD-specific JSP), NCSC and NIST 800 standards is a given, along with how to apply these across a variety of different solution spaces. This role will be a key leadership position, interacting with senior levels of internal, supplier and customer stakeholders. You will be required to hold security clearance under National Security Vetting processes.
Responsibilities
* Develop and deliver high- and low-level security architecture designs for secure/sensitive environments.
* Interface with security design partners, customers, suppliers, and internal teams to ensure architecture aligns with requirements and assurance standards.
* Maintain an effective and adaptable security architecture across programme or bid lifecycles.
* Lead or contribute to security documentation sets and assurance activities as part of the MOD programme or bid.
* Communicate cyber risk and management decisions to diverse audiences.
Qualifications and Experience
* Excellent understanding of Confidentiality, Integrity and Availability (CIA) and practical application.
* Experience in defining derived security requirements and managing traceability.
* Experience gaining and maintaining accreditation or assurance for secure/sensitive systems.
* Experience of security infrastructure in Public and Private cloud (virtual networks, hybrid IaaS/PaaS/SaaS).
* Understanding of MOD ISN 23/09 Secure by Design.
* Experience producing security assurance documentation (SyOPS, Security Management Plan, ISMS, etc.) and supporting DART submissions.
* Experience producing security bid artefacts (security responses to PQQ/ITN questions, Project Security Management Plan, System Security Architecture Design, Through Life Security Management Plan, Cyber Risk Assessments).
* Experience with network and boundary protection technologies (firewalls, mail gateways, load balancers, anti-virus), including cross-domain technologies.
* Experience with authentication and authorisation technologies (SAML, LDAP, PKI, etc).
* Experience securing microservice architectures within a cloud environment.
* Experience with virtualization technologies.
* Understanding of the implementation, operation and maintenance of SIEM products.
* The ideal candidate will hold CISSP certification and other industry qualifications such as Risk or Public/Private Cloud certifications.
Communication and Soft Skills
* Excellent verbal and written communication skills and works well in a team environment.
* Capable of developing and communicating a vision to meet the System Requirements.
* Ability to communicate complex technical ideas across a wide range of audiences.
* A good level of commercial awareness to support bid and delivery environments.
* Strong bid response writing skills.
Benefits and Company Information
* Leidos UK & EUROPE - we work to make the world safer, healthier, and more efficient through technology, engineering and science.
* Leidos is a growing company delivering innovative technology and solutions focused on safeguarding critical capabilities and transformation in frontline services.
* We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, with a healthy work-life balance.
* Contributory Pension Scheme
* Private Medical Insurance
* 33 days Annual Leave (including public and privilege holidays)
* Access to Flexible benefits (including life assurance, health schemes, gym memberships, annual buy and sell holidays and a cycle to work scheme)
* Dynamic Working
#J-18808-Ljbffr