QinetiQ
Offering world-class scientific and technological knowledge, proven research capabilities and unique purpose-built facilities to provide global security and defence services and products.
View company page
* Design, develop & apply configuration of security tools/functions to reduce and mitigate vulnerabilities
* Review and investigate security events to identify root cause and required response
* Reverse engineer & analyse attacks to understand their tools, methods and root causes
Key accountabilities
* Design and implement security systems and resilient architectures to meet defined security requirements.
* Analyse and test security systems and architectures at engineering/technology level to identify security vulnerabilities and propose and implement remediation.
* Research attack techniques and malware (including reverse engineering) to inform development of mitigations and resilient design, and to support post incident analysis
* Apply insights from threat intelligence to guide all the above
Key capabilities/Knowledge
Cyber Security
* Understand cyber security, its significance, concepts, threats, vulnerabilities and assurance.
* Understand and able to use cyber management, risk & attack frameworks (e.g. ISO27001, NIST, MITRE ATT&CK, D3FEND, Cyber Kill Chain)
* Understand purpose, role of security technology (e.g. antivirus, firewall, intrusion detection, identity & access management, encryption & key management) and the basics of how they operate to mitigate technical attacks
* Able to describe examples of attack techniques & methods, including where and how they have been successful
* Able to access, use and contribute to OSINT, industry threat databases and intelligence sharing groups
* Aware of approaches to cyber operations including: security management systems, incident response, escalation, investigation & 3rd party involvement
* Knowledge of laws and legal frameworks relevant to computer security, public and commercial security and warfare.
* Knowledge of Security Testing techniques and tactics
* Understand risks of working with simulated attack technology & techniques and how to work responsibly and protect the knowledge & capability effectively
* Able to analyse an incident to reverse engineer and understand an attack considering playbook, physical, social engineering and technical methods
* Aware of forensic investigation techniques (technical nor evidential)
* Able to analyse & reverse engineer malware and obfuscation to understand the attack techniques employed
* Able to test systems to identify security vulnerabilities
* Understand a range of technical mitigations that may be employed to mitigate attack techniques, e.g. defensive programming to achieve malware resistance
* Able to support development of technical solutions
Technology: ability to develop good understanding of a wide range of technology areas, evidenced by established understanding of at least 2 of the following:
* Computer networks and internet protocols (TCP/IP, DNS,
* Web technologies and web applications
* Computer architectures and operating system architectures
* Cloud infrastructure and technology
* Military systems
* Microcontrollers, machine code and cyber-physical systems
* Programming languages & scripting
* Industrial control system (ICS), SCADA, operational technology (OT)
* Digital technology trends
* Secure DevOps principles, tools, approaches, complexity and software engineering.
General professional
* Able to collaborate and work as part of a team
* Able to organise own work schedule, prioritise & work on own initiative unsupervised
* Able to engage and communicate effectively with stakeholders including customers
* Able to apply critical thinking, systems thinking and solve problems
* Able to research topics and propose new & novel approaches
Experience and Qualifications
* STEM degree or equivalent.
* Minimum 3 years’ experience in technology, engineering or analyst role including at least 1 year in a cyber-security role.
* High personal integrity and clear ethical values expected of a security professional.
* UK SC clearance (or willingness to obtain one).
* Developing secure solutions that mitigate malware and virus threats
* Experience of reverse engineering including of malware
* Developing secure solutions in (AWS or Azure) cloud environment
* Experience using cyber security frameworks in defence, national security or critical infrastructure sectors
* Membership of CIISec or equivalent
As we continue to grow into new markets around the world, there’s never been a more exciting time to join QinetiQ. The formula for success is our appetite for innovation and having thecourage to take on a wide variety of complex challenges.
You’ll experience a unique working environment where teams from different backgrounds, disciplines and experience enjoy collaborating widely and openly as we undertake this exciting and rewarding journey. Through effective teamwork, and pulling together, you’ll get to experience what happens when we all share different perspectives, blend disciplines, and link technologies; constantly discovering new ways of solving complex problems in an diverse and inclusive environment where you can be authentic, feel valued and realise your full potential. Read more about our diverse and inclusive workplace culture here .
Joining QinetiQ offers you an opportunity to work on a broad range of interesting defence-based projects with vast career progression across a global organisation in addition to competitive personal and professional benefits. You’ll receive a highly competitive salary and benefits package: our basic salaries are very attractive as we constantly review what’s happening in the market. The range of benefits that we offer include, adaptive and flexible working, generous holiday entitlements, Health Cash Plan, Private Medical Insurance and Dental Insurance and much more.
About QinetiQ
As a company of over 6,000 dedicated professionals, we are a world-centre of excellence in research and development and act as a catalyst for fast-track innovation, offering outstanding experimentation facilities, and technical, engineering and scientific expertise. QinetiQ is made up of dedicated experts in defence, aerospace, security and related markets, all working together to explore new ways of protecting what matters most. Being part of QinetiQ means being central to the safety and security of the world around us. Partnering with our customers, we help to save lives; reduce risks to society; and maintain the global infrastructure on which we all depend. Come and find out how you can play a role.
Please note thatmany rolesin QinetiQ are subject to national security vetting. Applicants that already hold the appropriate level of vetting may be able to transfer it upon appointment, subject to approval. A number of roles are also subject to restrictions on access to information that mean factors such as nationality, previous nationalities held and the country in which you were born may have an effect on the roles that you can be employed in.
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
#J-18808-Ljbffr