Product Security Team Lead
Leonardo is a global leader in defence electronics and delivers mission critical systems for situational awareness, electronic warfare and surveillance across land, sea and air. The Radar and Advanced Targeting line of business, based in Edinburgh, is uniquely positioned as one of the world's top manufacturers of radars, lasers and infra-red countermeasure systems.
As a Product Security Team Lead at Leonardo, you will support various products through the evaluation and accreditation processes for defence and government customers.
You will build and lead a small team from the ground up, ensuring it can provide Product Security expertise across the Edinburgh business and beyond. You will develop the strategy and roadmap for the team, and liaise with projects to maximise the value the team provides to the wider business.
In conjunction with your team, you will produce technical material, undertake security risk assessments, prepare security risk mitigation plans, develop security requirements and work with product development teams to design and implement appropriate security controls. You will prepare Security Targets and / or TEMPEST Control Plans and work with the external accreditors and evaluators to achieve the necessary certifications.
This vacancy is based in Edinburgh, and will involve occasional travel throughout the UK and potentially abroad.
Key Responsibility Areas
Develop roadmaps (short, medium, and long-term) setting out the scope / responsibility / strategy for the Product Security team
Liaise with Security Accreditors and Security Working Groups, and support projects through the security accreditation process
Prepare Security Target and / or TEMPEST (emissions security) related documents, liaise with NCSC, and support projects through the security evaluation process
Undertake security risk assessments and prepare security risk mitigation plans
Define product security requirements, advise development teams on suitable implementation standards and techniques
Develop Product Security "best practise" design guidelines (hardware, firmware and software)
Modify company standard processes to support compliance with relevant Product Security standards
Develop a plan for deployment of Product Security training within the team, and across the wider Edinburgh business
Skills, Qualifications & Knowledge
Graduate degree in relevant engineering, computing or related scientific discipline, and/or evidence of further professional study
Possesses or has ability to obtain SC clearance with UK-eyes only caveat
Ability to lead and manage work across a small team, including planning and reporting
Ability to communicate complex concepts to internal and external stakeholders
Ability to understand and develop requirements and design material at levels ranging from complete system to individual SRI
Excellent verbal & written communication skills
Positive attitude and strong desire to improve the business
High-level knowledge of Radar / embedded systems domain and associated hardware, firmware, and software architecture
Experience in the development of security solutions for a military and/or commercial products and systems
Good understanding of technical, procedural and administrative security controls and how to apply them
Practical experience of producing documentation to support Security Accreditation of products and systems
Practical experience of NCSC and Common Criteria security evaluation techniques and requirements up to High Grade
Knowledge of UK/NATO Information Assurance standards, procedures & systems, such as HMG Security Policy Framework, HMG IS1&2 , ISO27001, JSP440, JSP604, guidance material provided by NCSC, CPNI and NIST
Knowledge of current Crypto technologies, Key Management Systems & practical COMSEC implementations
Registered NCSC Certified Professional at senior level or above, or NCSC recognised qualification, e.g. ISC2 Certified Information System Security Professional