£36000 - £50000 per annum + Excellent
12 months ago
Information Security (Infosec) Engineer
Salary: £36,000 - £50,000pa
A global aerospace and defence organisation are seeking an Information Security Engineer to join a highly-skilled Combat Systems team, to work with advanced technology to minimise the risk of both cyber threats and social attacks.
As an Information Security Engineer, you will be tasked with ensuring our products across the Maritime Sector are secure by design, achieve security accreditation and maintain security through-life.
This role will provide you with the opportunity to liaise with stakeholders, influence engineering design, produce documentation in support of accreditation, provide advice and guidance to shape technical solutions and support embedding our security culture across the business.
Responsibilities - Information Security Engineer
Designing and shaping the technical security architecture of a number of strategically important products to ensure they are secure by design
Liaising with the system accreditor(s) and stakeholders to manage expectations and ensure that security requirements are met and risk is reduced to acceptable level
Determining of the security principles for the project solution to work within
Producing documentation such as product security architecture and Risk Management Accredited Document Set - (RMADS) for support of accreditation. Collecting evidence for the security case
Inputting security sections of bid proposal documents and producing estimates, and security principle frameworks
Contributing to the wider Product Security Function - delivering training, presenting at Special Interest groups, improving processes
Keeping up to date in relevant security standards, process and technologies, develop skills and capabilities to be able to provide more effective services
Supporting the product security Special Interest Group by sharing best practice
Skills and qualifications - Information Security Engineer
Fundamental understanding of computer technologies, how they are networked together, different protocols, operating systems and applications
Good knowledge and understanding of security risk assessments and RMADS (Risk Management Accredited Document Set) or alternatively other formal security risk assessments or audits such as ISO 27000 family of standards, JSPs, NIST (National Institute of Standards in Technology) etc.
Systems engineering experience and background
Ability to identify and investigate technology to understand the security flaws and how to mitigate them
Good technical understanding of systems and how their security aspects are applied and affect performance
An understanding of Defence Standards/Security Regulations