Product Security Engineer
Description✓ARM are recruiting for a Product Security Engineer for a Contract or Permanent opportunity with a market leading Defence Client offering a Hybrid working model from Dorset.
✓As a Product Security Engineer, you will be working on key defence project and be responsible for:
✓* Interpreting security guidance from external sources such as JSP440/604, Federated Mission Network standards, NCSC and NIST.
✓* Performing security risk assessments using recognised methodologies to identify and prioritise cyber security and cyber resilience risks and identifying appropriate controls and mitigations to manage those risks.
✓* Support to achieve security accreditation, including assessing the impact to security of all proposed changes.
✓* Scoping and managing testing by external penetration test companies and ensuring remediation activity is performed to completion.
✓* Supporting security within the supply chain, including meeting the requirements of the Defence Cyber Protection Partnership plus our own company initiatives.
✓* Producing security documentation such as RMADS and SyOPs
✓Skills required:
✓Essential
✓* Experience of cyber security engineering delivery and accreditation within the Defence domain, including identifying cyber security risks using a recognised methodology and the commensurate controls and mitigations required to manage those risks
✓* Ability to interact at a technical level with systems, software and hardware engineers and to articulate security advice directly to key stakeholders within both the business and the customer community.
✓* Degree qualified in Information/Cyber Security, IT, Engineering, Mathematics, or Science, or alternatively equivalent qualifications and/or experience
✓Desirable
✓* Knowledge and experience in HMG IAS1&2 or similar security risk assessment methodology, JSP440/JSP604/JSP490, NCSC guidance, NIST, ISO 27001 and industry-standard security frameworks.
✓* Experience of electronic and physical security measures, including Tempest
✓* Defence, systems or software engineering background
✓CCP, CISSP, CISM or similar, GCHQ Certified Degree, ex-CLAS
✓Due to the nature of the sector, you will need to hold current and active UK Security Clearance or at least be eligible to gain it.
✓If you are interested in the role; please submit your application to Jason Parish via this vacancy.
✓Disclaimer:
✓This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ["ARM"]
✓ARM is a specialist talent acquisition and management consultancy
✓We provide technical contingency recruitment and a portfolio of more complex resource solutions
✓Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today
✓We will never send your CV without your permission
✓Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change Show more →
✓As a Product Security Engineer, you will be working on key defence project and be responsible for:
✓* Interpreting security guidance from external sources such as JSP440/604, Federated Mission Network standards, NCSC and NIST.
✓* Performing security risk assessments using recognised methodologies to identify and prioritise cyber security and cyber resilience risks and identifying appropriate controls and mitigations to manage those risks.
✓* Support to achieve security accreditation, including assessing the impact to security of all proposed changes.
✓* Scoping and managing testing by external penetration test companies and ensuring remediation activity is performed to completion.
✓* Supporting security within the supply chain, including meeting the requirements of the Defence Cyber Protection Partnership plus our own company initiatives.
✓* Producing security documentation such as RMADS and SyOPs
✓Skills required:
✓Essential
✓* Experience of cyber security engineering delivery and accreditation within the Defence domain, including identifying cyber security risks using a recognised methodology and the commensurate controls and mitigations required to manage those risks
✓* Ability to interact at a technical level with systems, software and hardware engineers and to articulate security advice directly to key stakeholders within both the business and the customer community.
✓* Degree qualified in Information/Cyber Security, IT, Engineering, Mathematics, or Science, or alternatively equivalent qualifications and/or experience
✓Desirable
✓* Knowledge and experience in HMG IAS1&2 or similar security risk assessment methodology, JSP440/JSP604/JSP490, NCSC guidance, NIST, ISO 27001 and industry-standard security frameworks.
✓* Experience of electronic and physical security measures, including Tempest
✓* Defence, systems or software engineering background
✓CCP, CISSP, CISM or similar, GCHQ Certified Degree, ex-CLAS
✓Due to the nature of the sector, you will need to hold current and active UK Security Clearance or at least be eligible to gain it.
✓If you are interested in the role; please submit your application to Jason Parish via this vacancy.
✓Disclaimer:
✓This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ["ARM"]
✓ARM is a specialist talent acquisition and management consultancy
✓We provide technical contingency recruitment and a portfolio of more complex resource solutions
✓Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today
✓We will never send your CV without your permission
✓Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change Show more →