Leidos have an exciting and challenging opportunity for an Information Assurance Security Engineer to join our expanding Engineering Team. You will be immersed in one of our key programmes, on behalf of one of our high-profile national security clients. What will I be doing? Within this role the successful candidate will be required to provide subject matter expertise in design of Security and Assurance within the Information Security Management (ISM) function, helping to set security strategy, policy and standard operating procedures to ensure stakeholder confidence that risk to the confidentiality, integrity and availability of data in storage and in transit is managed pragmatically, appropriately and in a cost-effective manner. • Be responsible for the assurance of system designs and infrastructure changes to always maintain adequate levels of information security. • Perform Information Assurance (IA) Policy & Procedure development, Information Security Audits, advise on cryptographic security including certificate management. • Co-ordinate Information Security activities within the Account. Maintain the Information Security Policy, Standards, and ISMS documentation in line with legislative compliance requirements and advice from Accreditors. • Support the maintenance of Risk Management Accreditation Document Sets (RMADS) for the infrastructure. • Support delivering the service to the contracted level and ensuring Service Level Agreements conformance. • Support the development and operation of the Information Security Management System (ISMS) for the infrastructure and service. • Be responsible for the analysis of system security weaknesses and articulate issues to other programme members and department leads. • Liaise with teams and organisations to ensure the required level of information security is supported by site security and other third-party providers. • Carry out Information Security risk assessments and maintain the Information Security Risk Register. • Managing the monthly vulnerability process for the IABS environment, taking appropriate action to ensure that all possible remediation or mitigation measures are implemented and recorded. • Making sure all planned security activities are recorded on the Security PoaP which is sent to service before the beginning of each month. This is combined with information regarding all vulnerabilities and patching plans for the month. • Attend the weekly Security Working Group (SWG) and address any actions/issues which are related. • Scope, coordinate and deliver the annual ITHC (IT Health Check) and all subsequent remediation plans and ensure that remediation efforts are tracked and recorded and reported within the SWG. You will work in conjunction with the Information Security lead, other members of the ISM team, the client and other programme suppliers. A key element of the role is to act as the initial point of contact for the Client’s Security team to engage with for any security led assurance-based processes which need to be addressed. What does Leidos need from me? • Experience of the IT systems engineering lifecycle. • Understanding of the controlling processes for the systems engineering lifecycle (e.g. requirements management, configuration management, testing and assurance) and where cyber assurance fits into these. • Understanding of different lifecycles/methodologies (agile, waterfall, incremental, SAFE, DevOps). • Managing ITHC activities through the lifecycle from scoping, coordination and remediation management. • Solid understanding of Confidentiality, Integrity, Availability and practical experience in applying that understanding in management of risk and response to events and changes. • Experience of process involved in gaining and maintaining accreditation for secure/sensitive systems using structured Risk analysis and treatment approaches. • Experience of process involved in continuous assurance for information security management systems, e.g. NIST, ISO etc. • Experience of Cyber Incident Response capabilities. • Experience in tracing through and evaluating responses to security requirements for a system. • Experience in maintaining elements of security documentation sets (SyOPS, RMADs, Security Management Plans, ISMS elements, CARBN). Required Technical Expertise: • Understanding of principles of network and boundary protection technologies (firewalls, mail gateways, load balancers, antivirus, IPS, IDS, Diodes) • Understanding of Protective Monitoring systems (SIEM/SOC) and the principles of their deployment. • Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc) • Understanding of encryption and protocols and structures in support of deployment, e.g. custodian • Understanding of purpose and effectiveness of penetration tests or IT Health Checks Communication and Soft Skills: • Excellent verbal and written communication skills and works well in a team environment • Capable of developing and communicating reports to meet defined objectives for intended audience • A good level of commercial awareness and project disciplines Clearance Requirements: This role requires SC clearance to start which we can obtain. Discover yourself at Leidos UK Join our team and we’ll unleash your talents to solve the most challenging technical problems. What we do for you: At Leidos we are PASSIONATE about customer success, UNITED as a team and INSPIRED to make a difference. We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance. We provide an employment package that attracts, develops and retains only the best in talent. Our reward scheme includes: • Contributory Pension Scheme • Private Medical Insurance • 33 days Annual Leave (including public and privilege holidays) • Access to Flexible benefits (including life assurance, health schemes, gym memberships, annual buy and sell holidays and a cycle to work scheme) • Dynamic Working