Social network you want to login/join with:
Security Engineer Role at Leonardo
Leonardo is seeking an experienced security engineer with expertise in developing and maintaining product security management systems for defence and government customers.
This role involves responsibility for all security aspects of product design, development, verification, and maintenance throughout the product lifecycle. The focus will be on conducting security risk assessments, preparing mitigation plans, deriving security requirements, and working with product development teams to implement security controls.
The security engineer will collaborate with customer security accreditors, SMEs, and project engineering teams to ensure product compliance with security policies and manage residual risks.
What you will do
1. Provide security advice to product development teams, including producing Security Management Plans, work package descriptions, and cost estimates.
2. Undertake security risk assessments, mitigation plans, gap analysis, and prepare security documentation for accreditation.
3. Define security requirements, advise on implementation standards, and oversee development activities.
4. Coordinate with security authorities for accreditation processes.
5. Prepare Protection Profiles, Security Targets, Evaluation Management Plans, and liaise with evaluation teams.
6. Develop TEMPEST Control Plans and advise on implementation and testing.
7. Guide platform lockdown and configurations, support penetration testing, analyze results, and plan remedial actions.
8. Manage security throughout the product lifecycle, including vulnerability and patch management.
9. Lead security incident response teams and manage security policies.
10. Deliver security training to engineering teams.
Requirements
1. Experience in security solutions for military or commercial products and systems.
2. Degree in engineering, computing, or related fields, or equivalent professional study.
3. Registered NCSC certified professional or recognized qualification like ISC CISSP.
4. Knowledge of UK/NATO Information Assurance standards, ISO27000, NIST, JSP standards, and guidance from NCSC, CPNI, NIST.
5. Experience in producing security accreditation documentation and conducting evaluations.
6. Knowledge of cryptography and key management systems.
7. Familiarity with Model-Based System Engineering (MBSE).
8. Understanding of operating systems, firmware, and software security controls.
9. Awareness of current and emerging technologies including cloud and virtualization.
10. Strong teamwork, influencing, and motivation skills.
11. Positive attitude and drive for business improvement.
12. Ability to obtain SC clearance with UK-eyes only caveat.
13. Experience with enterprise security architectures like SABSA and MODAF.
#J-18808-Ljbffr