Information Assurance Security Engineer
Are you ready for your next career challenge?
The Role:
Leidos have an exciting and challenging opportunity for an Information Assurance Security Engineer to join our expanding Engineering Team. You will be immersed in one of our key programmes, on behalf of one of our high-profile national security clients.
What will I be doing?
Within this role the successful candidate will be required to provide subject matter expertise in design of Security and Assurance within the Information Security Management (ISM) function, helping to set security strategy, policy and standard operating procedures to ensure stakeholder confidence that risk to the confidentiality, integrity and availability of data in storage and in transit is managed pragmatically, appropriately and in a cost-effective manner.
1. Be responsible for the assurance of system designs and infrastructure changes to always maintain adequate levels of information security.
2. Perform Information Assurance (IA) Policy & Procedure development, Information Security Audits, advise on cryptographic security including certificate management.
3. Co-ordinate Information Security activities within the Account. Maintain the Information Security Policy, Standards, and ISMS documentation in line with legislative compliance requirements and advice from Accreditors.
4. Support the maintenance of Risk Management Accreditation Document Sets (RMADS) for the infrastructure.
5. Support delivering the service to the contracted level and ensuring Service Level Agreements conformance.
6. Support the development and operation of the Information Security Management System (ISMS) for the infrastructure and service.
7. Be responsible for the analysis of system security weaknesses and articulate issues to other programme members and department leads.
8. Liaise with teams and organisations to ensure the required level of information security is supported by site security and other third-party providers.
9. Carry out Information Security risk assessments and maintain the Information Security Risk Register.
10. Managing the monthly vulnerability process for the IABS environment, taking appropriate action to ensure that all possible remediation or mitigation measures are implemented and recorded.
11. Making sure all planned security activities are recorded on the Security PoaP which is sent to service before the beginning of each month. This is combined with information regarding all vulnerabilities and patching plans for the month.
12. Attend the weekly Security Working Group (SWG) and address any actions/issues which are related.
13. Scope, coordinate and deliver the annual ITHC (IT Health Check) and all subsequent remediation plans and ensure that remediation efforts are tracked and recorded and reported within the SWG.
You will work in conjunction with the Information Security lead, other members of the ISM team, the client and other programme suppliers. A key element of the role is to act as the initial point of contact for the Client’s Security team to engage with for any security led assurance-based processes which need to be addressed.
What does Leidos need from me?
14. Experience of the IT systems engineering lifecycle.
15. Understanding of the controlling processes for the systems engineering lifecycle (e.g. requirements management, configuration management, testing and assurance) and where cyber assurance fits into these.
16. Understanding of different lifecycles/methodologies (agile, waterfall, incremental, SAFE, DevOps).
17. Managing ITHC activities through the lifecycle from scoping, coordination and remediation management.
18. Solid understanding of Confidentiality, Integrity, Availability and practical experience in applying that understanding in management of risk and response to events and changes.
19. Experience of process involved in gaining and maintaining accreditation for secure/sensitive systems using structured Risk analysis and treatment approaches.
20. Experience of process involved in continuous assurance for information security management systems, e.g. NIST, ISO etc.
21. Experience of Cyber Incident Response capabilities.
22. Experience in tracing through and evaluating responses to security requirements for a system.
23. Experience in maintaining elements of security documentation sets (SyOPS, RMADs, Security Management Plans, ISMS elements, CARBN).
Required Technical Expertise:
24. Understanding of principles of network and boundary protection technologies (firewalls, mail gateways, load balancers, antivirus, IPS, IDS, Diodes)
25. Understanding of Protective Monitoring systems (SIEM/SOC) and the principles of their deployment.
26. Understanding of authentication and authorisation technologies (SAML, LDAP, PKI, etc)
27. Understanding of encryption and protocols and structures in support of deployment, e.g. custodian
28. Understanding of purpose and effectiveness of penetration tests or IT Health Checks
Communication and Soft Skills:
29. Excellent verbal and written communication skills and works well in a team environment
30. Capable of developing and communicating reports to meet defined objectives for intended audience
31. A good level of commercial awareness and project disciplines
Clearance Requirements:
This role requires SC clearance to start which we can obtain.
Discover yourself at Leidos UK! Join our team and we’ll unleash your talents to solve the most challenging technical problems.
What we do for you:
At Leidos we are PASSIONATE about customer success, UNITED as a team and INSPIRED to make a difference. We offer meaningful and engaging careers, a collaborative culture, and support for your career goals, all while nurturing a healthy work-life balance.
We provide an employment package that attracts, develops and retains only the best in talent. Our reward scheme includes:
• Contributory Pension Scheme
• Private Medical Insurance
• 33 days Annual Leave (including public and privilege holidays)
• Access to Flexible benefits (including life assurance, health schemes, gym memberships, annual buy and sell holidays and a cycle to work scheme)
•
Commitment to Diversity:
We welcome applications from every part of the community and are committed to a truly diverse and inclusive culture. We foster a sense of belonging, welcoming all perspectives and contributions, and providing equal access to opportunities and resources for everyone. If you have a disability or need any reasonable adjustments during the application and selection stages please let us know, and we will respond in a way that best fits your needs.
Who We Are:
– we work to make the world safer, healthier, and more efficient through technology, engineering and science.
Leidos is a growing company delivering innovative technology and solutions focused on safeguarding critical capabilities and transformation in frontline services, our work in the United Kingdom includes addressing some of the most complex problems in defence, healthcare, government, safety and security, and transportation.
What Makes Us Different:
Purpose: you can use your passion and abilities at Leidos to keep the people you care about safe. We are at the forefront of machine learning, AI, cyber security and solutions. Using your skills in the technology frontline by helping to build a safer world. You can change.
Collaboration: having to do your job is one of our core benefits, enabling you to become part of our extraordinary team. We have been empowering our people to work flexibly for years. Whether you work from home, the office or on customer sites, we will give you the digital tools and the flexibility to work smarter and align your needs and ours.
People: Leidos people from every background to be themselves and gives you the tools to learn new skills by. We believe that extraordinary people need opportunities to grow, to and to inspire others. At Leidos, we invest in technical academies, career rotations and a career development plans that enhance your future.
Original Posting Date:
2024-08-13
While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.