Cyber Security Engineer

Senior Cyber Security Engineer (Assurance) Contract (12 months)

We have an exciting opportunity for a Senior Cyber Security Engineer (Assurance) to join our Rail Infrastructure Communication and Information Systems (CIS) business.

Location is flexible but face to face time on a weekly basis in Chippenham or Ashby de la Zouch, England, United Kingdom is required.

Our Team and what we do:

As market leaders across rail, and logistics, we are pursuing the goal of networking various transportation systems with one another to move people and goods efficiently.

What will be my role?

This role is for a Senior Cyber Security Engineer (Assurance) with both product & whole solution security expertise within an Operation Technology environment. The candidate shall be capable of technically specifying, leading, and consulting on Cyber Security related activities including architecture development, risk assessment, security testing and compiling assurance evidence against evolving industry standards.

The Cyber Security Engineer will play a lead role across the whole delivery lifecycle from bidding to commissioning and support, including:

  • Security requirements management

  • Security risk assessment

  • System security zoning and protection

  • Development of security test strategies

The Cyber Security Engineer shall be expected to engage across the whole engineering lifecycle, working alongside product and solution development and project delivery teams. This role will help play a major part in delivering the safe and secured rail signalling and control systems, electrification, SCADA and station information & security systems that the business demands.

What Qualifications, Skills and Experience do I need?

  • Educated to degree level (or equivalent) in an engineering, scientific or numerate discipline.

  • Experience in providing security engineering leadership in a demanding Operational Technology environments

  • Proven practical experience of applying IEC 62443 standard series.

  • Understanding and practical experience of applying CENELEC standards.

  • Preferably have at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or CESG Certified Professional (CCP)

  • Experience in mentoring and developing other engineers

  • Excellent communication skills and the ability to influence both internal and external stakeholders.

What will be your Responsibilities?

  • Engaging with our clients security teams to understand their wider security strategy, including process and assurance evidence and risk appetite.

  • Specification and maintenance of security requirements for projects. Support for meeting international and regional security standards and regulations (NIS, NIS2, EU CRA, IEC62443, TS 50701) in the project.

  • Creating efficient and clear Cyber Security Management Plans and monitoring progress against that plan (include delivery to time, budget and quality).

  • Developing architectures that compartmentalise systems into zones and conduits and identifying security controls required to provide adequate protection.

  • Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organisation.

  • Evaluation of third-party components against product & solution security requirements

  • Planning and preforming threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of the organisation.

  • Compilation and review of artefacts produced during the development and engineering process regarding product & solution security.

  • Verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test).

  • Validation (e.g., penetration testing) to ensure that implementation fulfils security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures).

  • Support to build up required competencies for product & solution security within the project team

  • Representing security engineering within project milestone and stage gate reviews.

  • Collection of security related lessons learned to feed into in continuous improvement activities

  • Involvement in the analysis and response to security vulnerabilities & incidents.

Apply Now
Apply Now

Job Details

Company
VGC
Location
Wiltshire, United Kingdom
Employment Type
Contract
Salary
GBP Annual
Posted