Social network you want to login/join with:
Leonardo is seeking to recruit an experienced security engineer with expertise in developing and maintaining product security management systems for defence and government customers.
This role will be responsible for all security aspects of product design, development, verification, and maintenance throughout the product lifecycle. The focus will be on conducting security risk assessments, preparing mitigation plans, deriving security requirements, and working with product development teams to implement security controls.
The security engineer will collaborate with customer security accreditors, SMEs, and project engineering teams to ensure product compliance with security policies and that residual risks are managed.
What you will do
The successful candidate will provide security advice in areas including:
* Producing Security Management Plans, work package descriptions, and cost estimates for bids and proposals.
* Conducting security risk assessments, developing mitigation plans, and preparing security documentation for accreditation.
* Defining security requirements, advising on implementation standards, and overseeing development activities.
* Liaising with Security Accreditors and Assurance Coordinators for security approval.
* Preparing Protection Profiles, Security Targets, Evaluation Plans, and coordinating with evaluation teams.
* Developing TEMPEST Control Plans and advising on implementation techniques.
* Supporting platform lockdown, configurations, and penetration testing activities, including analyzing results and planning remediations.
* Managing product security through lifecycle, including vulnerability and patch management.
* Leading security incident response teams during crises.
* Reviewing and updating corporate security policies.
* Delivering security training to engineering teams.
What we are looking for:
* Experience in security solutions development for military and/or commercial products.
* Degree in engineering, computing, or related sciences, or evidence of professional development.
* Registered NCSC certified professional at senior level or equivalent qualification.
* Knowledge of UK/NATO Information Assurance standards, including GovS 007, HMG IS1&2, ISO27000, NIST SP800, JSP440, JSP604, and guidance from NCSC, CPNI, NIST.
* Experience in producing Security Accreditation documentation.
* Experience with NCSC and Common Criteria evaluation techniques.
* Knowledge of cryptography and key management systems.
* Knowledge of MBSE principles.
* Understanding of OS, firmware, and software security controls.
* Familiarity with emerging technologies like cloud, virtualization, and web security.
* Team player with influencing and motivating skills.
* Positive attitude and drive for business improvement.
* Ability to obtain SC clearance with UK-only caveat.
* Knowledge of Enterprise Security Architectures such as SABSA and MODAF.
#J-18808-Ljbffr