Product Security Analyst/Engineer
Recruiter
Listed on
Location
Salary/Rate
Type
This job has now expired please search on the home page to find live IT Jobs.
Product Security Analyst/Engineer x 2Barrow (Currently remote)6 Months Role DescriptionThe PSA Engineer will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team and will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life.They will provide subject matter expertise and advice to other functional and capability areas to support overall project delivery and performance and advice and consultancy to design authorities and interested stakeholders. Skills requiredThe following activities are those which are required of the PSA Engineer, in full or part dependent on the role and the place the project is in the engineering lifecycle:Developing Risk Management Accreditation Document Set (RMADs)Performing risk assessments using multiple methods including IS1, ISO27001, NIST, Mitre, STRIDE.Selection of security controls, providing guidance on implementation and capture of compliance.Attendance at Security Working Groups (SWGs), design reviews and gate reviewsBe able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.Be able to recommend appropriate controls to mitigate identified risks in line with government policies and good practice, to provide more cost effective risk mitigation in the longer term. Knowledge and ExperienceThe PSA Engineer will be responsible for, or provide input to the following typical key deliverables, dependent on the role and the place the project is in the engineering lifecycle:Former CLAS consultantStrong experience of developing Risk Management Accreditation Document Set (RMADS).Current CISSP or CISM qualificationStrong background in GOV Policies, SPF, JSP440, JSP 604, and TEMPESTProven experience of assessing and managing information risk in line with industry good practice.Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar). Experience of Product Security Engineering activities in the defence, maritime or closely linked domain. QualificationsDegree (or equivalent experience) in a relevant STEM subject or Information Security related.Holds NCSC CCP SIRA statusIndustry Security Qualifications held, CCNP, MS, Comptia, SANS
