Job Description:
Have an Engineering/Science background and an interest in cyber security? Are you a security architect or security risk advisor, but looking challenge beyond the same old Enterprise IT problems? Perhaps you already work in a Product Security role ?
#Cyber #Security #NIST #ISO27001 #Embedded #Radar #Safety #Risk #LCM #Qualification #Accreditation #Certification #DO178 #DO254 #ARP4754
For a challenge that will yield the reward of guiding product developments with national and international importance, then read on……
Leonardo has an exciting opportunity to contribute at a senior level, to the design and certification of an expanding portfolio of world class Mission Critical and Flight Safety Involved Airborne Systems. As part of the Engineering Governance organisation, you would be responsible for determining a basis of certification appropriate to the security threat. Ideally, you will have practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Knowledge of UK/NATO Information Assurance/Accreditation frameworks; Familiarity with the application of cyber resilience controls to embedded systems.
Working across the product lines of the Radar and Advanced Targeting line of business. You will support the relevant Head of Engineering Projects to develop security and engineering management plans, leading to qualification and accreditation for service. You will guide the engineering teams within the IPTs through the product lifecycle, managing the basis of certification and/or accreditation on behalf of the System Design Authority, to achieve acceptance of the integrated product. You will also and supply subject matter advice into the product maturity reviews, following the principles of Secure by Design.
A significant intrinsic factor of the role is the requirement for continuous improvement of the cyber resilience of Leonardo products. Leonardo will support you to develop yourself and the process capability of the business. Many Leonardo products exist at the “bleeding edge”, applying innovative technologies such as AI/ML, Autonomy, High-assurance multicore processing, Electro-Optics and Model Based Systems Engineering. You will have the opportunity to contribute to and learn from these innovations.
The Leonardo RATS Line-of-Business (LoB) products cover sensor and defensive applications such as Laser Directed Energy Weapons (LDEW), Infrared Countermeasure (IRCM), Integrated Sensing Radar, Surveillance Radar plus other Non-Kinetic Effects products.
You’ll be involved in major UK and Global programmes such as Eurofighter Typhoon and Global Combat Air Program, together with many other Crewed and Un-Crewed Airborne Platforms around the globe.
What you will do:
Reporting to the relevant Head of Engineering Projects, you’ll be responsible for the provision of specialist, subject matter advice to the Integrated Product Teams within the line of business, whilst collaborating with your fellow Product Cyber Resilience Managers (PCRMs) across the enterprise.
You will be responsible for determining product cyber resilience objectives through security risk management techniques in regards to the Integrated Sensing products and then working with the engineering teams to achieve those objectives through the architecture and design the solution. You’ll also support the product assurance activities to verify compliance to those objectives and the transition to operations and ongoing through-life support.
The role will also include a focus on training and mentoring of RATS engineering staff of the internal IPTs in responsible roles to increase the awareness of cyber resilience as an issue.
As a key expertise to the RATS business and an associate of the Design Integrity function, you may be asked to undertake independent reviews and assessments of the outputs of your fellow PCRMs and IPTs of the other product sectors within RATS and potentially across Leonardo Electronics Division Lines-of-Business (LoB).
You’ll be working closely with supportive, talented and innovative engineers across the engineering delivery disciplines, contributing to continual improvement of the engineering capability of the RATS LoB, whilst also building strong relationships with our customers, partners and the specialist agencies within the UK and globally.
Day to day, you will be working closely with the Integrated Sensing Sector engineering delivery disciplines and IPTs, satisfying the contractual and regulatory cyber resilience requirements of systems supporting and delivering the assurance activities necessary for airborne systems, including Mission Critical and Flight Safety involved systems, often with demanding safety and security requirements themselves.
You will:
1. Undertake the production of Security Managements Plans, work package descriptions and cost estimates in support of product bids, services and proposals.
2. Review and provide guidance of security risk assessments, risk mitigation plans, mitigation gap analysis and preparation of security management documentation for system Accreditation, such as solution hardening guidance and security operating procedures.
3. Defining product security requirements, advising development teams on suitable implementation standards and techniques and overseeing product development activities.
4. Liaison with Security Accreditors and Security Assurance Coordinators in support of security Accreditation.
5. Participate in internal and external discipline working groups and with academic partners covering Product Cyber Resilience and Product Security for various established and emerging standards.
6. Contribute to continual improvement of the engineering capability within the RATS LoB.
Location of the role:
The RATS IPTs are mainly located in Edinburgh and Newcastle, but the Leonardo Electronics Division also has office facilities in Basildon, Luton, Southampton, Yeovil, Bristol and Lincoln.
Leonardo operates a system of “Custom Working” whereby remote or home working can be recognised from 0% to 100% depending upon role and business needs. As part of this, there may be a requirement for occasional travel to other locations within the UK and internationally.
Skill, Qualifications & Knowledge - What we are looking for?
In broad terms, you should have as many of the following as possible:
7. Practical experience of developing a security or safety risk management system for complex products based on a recognised framework in a highly regulated industry such as aerospace, nuclear, automotive, rail or oil & gas;
8. Practical experience of the System Development Life Cycle, Software Development Life Cycle, V-Models and Agile frameworks;
9. Effective and flexible communication and interpersonal skills;
10. Ability to interact with subject matter experts on a wide range of technical and operational topics;
11. Excellent written and verbal communication skills, with the ability to coach and develop others;
12. Ability to obtain SC security clearance and work within UKEO and US ITAR TAA restrictions;
13. The ability to understand complex engineering processes and the inter-dependency of the process components;
14. A passion for promoting and improving the safety and security of complex systems.
It would be desirable, but not essential, if you also had one or more of:
15. Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF);
16. Knowledge of UK/NATO Information Assurance/Accreditation frameworks;
17. Familiarity with the application of cyber resilience controls to embedded systems.