10 months ago
Security System Design Authority
SC Clearance required
11 Month Contract
1st Sept start
Due to Covid 19: starting remote then will be on site in Corsham once safe to do so
The System Design Authority (SDA) is responsible for the coherence and assurance of the design activity for the entirety of the OpNet Platform. The primary focus of the Security Service is to advise and assure the OpNet design is conformant with civil and defence legislation relating to IT security, with a focus on how confidentiality, integrity and availability is achieved. This service reports directly to the SDA Lead. The Security Service's principle responsibilities include:
o Acting as the point of contact for security architecture and threat mitigation on behalf of the SDA Lead.
o Interacting with programme, project, and engineering team leads to ensure cross team, cross technology coherence to satisfy the security requirements of the OpNet system.
o Supporting design vision creation, design decisions and design review as part of the end to end assurance process.
o Supporting Programme and Project Stakeholder engagement and RAIDO management specific to current and emerging security threats.
o Liaising with team leads across the NSoIT(D) Programme and wider defence digital organisations to ensure a robust solution is delivered within Time, Cost and Performance.
o Identifying and communicating solution intent across programme teams and the SDA Lead, and support the review of all high, intermediate, and low-level designs for coherence, technical content, and quality.
o Align standards, frameworks, and security with overall business and technology strategy.
o Creating solutions that balance business requirements with information and cyber security requirements.
o Ensuring that standards, frameworks and security postures align with overall business and technology strategies and policies e.g. Defence as a Platform, Federated Mission Networking and JSPs.
o Identifying capability gaps in existing architectures and recommend changes or enhancements in line with Agile and continuous improvement methods.
Essential skills, qualifications, and experience
In order to deliver this service, it is essential that individuals have:
· A minimum of 10 years demonstrable experience in the following:
o Architecture and development of secure Hardware and Software solutions with successful delivery on complex, large scale programmes utilising emerging technologies where possible.
o Strong Security Engineering background with experience working with an Engineering team to ensure compliance.
o Operating both as a Security Engineer and Security Architect.
· Detailed knowledge and understanding of JSP 440, 604 and over-arching HMG policy.
· Security architecture, demonstrating solutions delivery, principles and emerging technologies.
· Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
· Consulting and engineering in the development and design of security best practices and implementation of solid security principles across the project to meet business goals along with customer and regulatory requirements.
· Identity access management (IAM) - the framework of security policies and technologies that limit and track the access of those in an organization to sensitive technology resources.
· An understanding of Defence Lines of Development and MOD Capability Integration.
· Comprehensive knowledge of UK Defence deployed network architectures, federations with coalition partners, security enforcing gateways and modern techniques for enforcement of security principles including micro-segmentation, VPN, VDI, hardware encryption and information flow handling.
· Experience in reviewing engineering designs and enhancing security solutions against business requirements and Industry Best Practices.
· Experience in delivering to a least privilege security model.
· Competency in MS Office Suite.
· Hold a current SC clearance and be prepared to undergo DV clearance.
Desirable skills, qualifications, and experience
In order to deliver this service, it is desirable that individuals have:
· Knowledge and experience with Audit tooling such as Splunk and SolarWinds.
· Knowledge of Cloud and/or Datacentre based Security Architectures.
· Experience of:
o Working within the public sector, preferably Defence, and ideally with Defence Digital (formerly ISS).
o Performing Vulnerability Assessments against secure networks and systems.
o Production of Risk Management & Accreditation Document Set (RMADS).
o Delivering in Agile and Waterfall project management environments delivering of software-based programmes and projects.
· Security related qualifications, such as:
o Certified Information Systems Security Professional (CISSP),
o Certified Information Security Manager (CISM),
o Certified Information Systems Auditor (CISA),
o Information Systems Security Architecture Professional (ISSAP)
o Information Systems Security Engineering Professional (ISSEP)
o CCP SIRA Certification at Practitioner or above,
o ISO27001 Auditor related qualification.