Security Assurance Contractor

Active SC clearance required

Location: Warminster (50% Home working, 50% onsite)

Duration: 3 month initial contract (potential extension)

Inside IR35

Role details:

Our client, a notable entity within the Defence & Security sector, is seeking a seasoned Security Contractor to join their team on a contract basis. The client is located in Warminster and the role will be a split of 50% home working and 50% onsite.

This role supports the OMNIA Security Assurance Lead by carrying out a comprehensive Initial Security Risk Assessment for the MOD CTTP programme-analysing risks, threats, vulnerabilities, architectures and compliance requirements, and producing the formal assessment report. It also supports stakeholder engagement by participating in workshops, coordinating with delivery partners, and helping present the final assessment.

Key Responsibilities:

• Working closely with the OMNIA Security Assurance Lead to conduct Initial Security Risk Assessment Report activities in alignment with MOD Secure by Design (ISN2023/09) assurance activities.
• Attending workshops and meetings, both in-person and virtually, to review progress and agree on actions against deliverable timelines.
• Liaising with OMNIA partner delivery stakeholders to understand the architecture and associated security risks, threats, vulnerabilities, and opportunities within the scope defined by the OMNIA Security Assurance Lead.
• Conducting formal Initial Security Risk Assessments using the NIST 800-37 Risk Management Framework and associated guidelines.
• Ensuring alignment of security risk assessments to UK Defence policies and standards, such as GovS 007: Security and DEFSTAN norms.
• Performing threat modelling and assessment utilising STRIDE-LM and MITRE ATT&CK frameworks, integrating results into risk assessment reports.
• Conducting Business Resilience and Single Point of Failure (SPoF) assessments across the supply chain, compiling results in the risk assessment report.
• Compiling a comprehensive Initial Security Assessment Report and assisting the presentation to stakeholders.
• Maintaining strict security integrity when processing and handling classified information.

Job Requirements:

• Experience in conducting Security Risk Assessments for UK classified technical solutions, particularly in Information Security and Risk Management.
• Proficiency in delivering against MOD policies and procedures specific to information security.
• Experience with the NIST 800-37 Risk Management Framework and other NIST guidelines like 800-30 and 800-53.
• Solid understanding and experience with UK Defence security frameworks and relevant policies.
• Experience in conducting threat modelling and assessments using frameworks such as MITRE ATT&CK and STRIDE-LM.
• Experience in reconciling information security risk against critical asset and service lists.
• Ability to prioritise and plan complex work in a fast-paced environment.
• Strong report writing skills with the ability to convey technical information to non-technical audiences.

Desirable skills:

• A secondary knowledge of the Physical Security field/domain in relation to Information Security and GovS007: Security would be desirable.
• Understanding/knowledge of the Cabinet Office Technology Code of Practice (TCoP)
• Understanding/knowledge of Army Command Standing Orders (ACSO)
• Understanding/knowledge of the Government Service Standards for ACT Services
• Understanding of formulating, recording and managing security risk and applying risk methodologies via a security risk register.
• Good understanding of a technical domain in addition to existing Information Security Risk Assessment e.g. Network, Cloud, Application, Infrastructure.
• Able to insightfully derive security requirements from an established solution.
• Experience of delivering MoD Secure by Design operational solutions.
• Understanding/experience of waterfall and agile delivery methodologies.
• Strong knowledge of system architectures. Able to understand and articulate the impact of vulnerabilities on existing and future designs, systems and how easy or difficult it will be to exploit these vulnerabilities.

If you are an experienced Security Contractor looking to make a significant impact within the Defence & Security sector, we invite you to apply now. Experience the unique challenges and rewards of ensuring security in one of the most dynamic fields.