Senior Cyber Security Engineer (Assurance) – Contractor (12 months)
An exciting opportunity has arisen for a Senior Cyber Security Engineer (Assurance) to join a Rail Infrastructure Communication and Information Systems (CIS) business. Location is flexible, but face-to-face time on a weekly basis in Chippenham or Ashby de la Zouch, England, United Kingdom is required.
Our Team and what we do:
As market leaders across rail and logistics, the business is pursuing the goal of networking various transportation systems with one another to move people and goods efficiently — delivering complete mobility.
What will be my role?
This role is for a Senior Cyber Security Engineer (Assurance) with both product and whole-solution security expertise within an Operational Technology environment. The candidate shall be capable of technically specifying, leading, and consulting on cyber security–related activities including architecture development, risk assessment, security testing, and compiling assurance evidence against evolving industry standards.
The Cyber Security Engineer will play a lead role across the whole delivery lifecycle from bidding to commissioning and support, including security requirements management, security risk assessment, system security zoning and protection, and development of security test strategies. The Cyber Security Engineer shall be expected to engage across the full engineering lifecycle, working alongside product and solution development and project delivery teams. This role will play a major part in delivering safe and secure rail signalling and control systems, electrification, SCADA, and station information and security systems.
What will be my Responsibilities?
*
Engaging with clients’ security teams to understand their wider security strategy, including processes, assurance evidence, and risk appetite.
*
Specification and maintenance of security requirements for projects, including support for meeting international and regional security standards and regulations (NIS, NIS2, EU CRA, IEC 62443, TS 50701).
*
Creating clear and efficient Cyber Security Management Plans and monitoring progress against those plans (time, budget, and quality).
*
Developing architectures that compartmentalise systems into zones and conduits and identifying security controls required to provide adequate protection.
*
Planning and performing threat and risk analysis and defining countermeasures in line with organisational risk acceptance criteria.
*
Evaluation of third-party components against product and solution security requirements.
*
Compilation and review of security-related artefacts produced during development and engineering activities.
*
Verification of implementation against security requirements (e.g., system testing, factory acceptance testing, site acceptance testing).
*
Validation activities (e.g., penetration testing) to ensure implementations meet customer security expectations, identify vulnerabilities, and assess remediation effectiveness.
*
Supporting the development of product and solution security competencies within project teams.
*
Representing security engineering at project milestones and stage-gate reviews.
*
Collecting security-related lessons learned to support continuous improvement.
*
Involvement in the analysis and response to security vulnerabilities and incidents.
The candidate will also be expected to maintain awareness of new technologies, emerging risks, and evolving standards, and apply this knowledge to ongoing deliveries.
What Qualifications, Skills and Experience do I need?
*
Educated to degree level (or equivalent) in an engineering, scientific, or numerate discipline.
*
Experience providing security engineering leadership in demanding Operational Technology environments.
*
Proven practical experience applying the IEC 62443 standard series.
*
Understanding and practical experience of applying CENELEC standards.
*
Preferably holding at least one of the following certifications: CISSP, CSSLP, or CESG Certified Professional (CCP).
*
Experience mentoring and developing other engineers.
*
Excellent communication skills with the ability to influence both internal and external stakeholders