Product Security Team Lead

Recruiter
Leonardo
Location
Edinburgh
Salary
Negotiable
Posted
07 Oct 2020
Closes
04 Nov 2020
Ref
001710
Contact
Leonardo
Clearance Level
SC
Sector
Engineering
Job Type
Permanent

Leonardo is a global leader in defence electronics and delivers mission critical systems for situational awareness, electronic warfare and surveillance across land, sea and air. The Radar and Advanced Targeting line of business, based in Edinburgh, is uniquely positioned as one of the world's top manufacturers of radars, lasers and infra-red countermeasure systems.

As a Product Security Team Lead at Leonardo, you will support various products through the evaluation and accreditation processes for defence and government customers.

You will build and lead a small team from the ground up, ensuring it can provide Product Security expertise across the Edinburgh business and beyond. You will develop the strategy and roadmap for the team, and liaise with projects to maximise the value the team provides to the wider business.

In conjunction with your team, you will produce technical material, undertake security risk assessments, prepare security risk mitigation plans, develop security requirements and work with product development teams to design and implement appropriate security controls. You will prepare Security Targets and / or TEMPEST Control Plans and work with the external accreditors and evaluators to achieve the necessary certifications.

This vacancy is based in Edinburgh, and will involve occasional travel throughout the UK and potentially abroad.

Key Responsibility Areas

Develop roadmaps (short, medium, and long-term) setting out the scope / responsibility / strategy for the Product Security team

Liaise with Security Accreditors and Security Working Groups, and support projects through the security accreditation process

Prepare Security Target and / or TEMPEST (emissions security) related documents, liaise with NCSC, and support projects through the security evaluation process

Undertake security risk assessments and prepare security risk mitigation plans

Define product security requirements, advise development teams on suitable implementation standards and techniques

Develop Product Security "best practise" design guidelines (hardware, firmware and software)

Modify company standard processes to support compliance with relevant Product Security standards

Develop a plan for deployment of Product Security training within the team, and across the wider Edinburgh business

Skills, Qualifications & Knowledge

Essential

Graduate degree in relevant engineering, computing or related scientific discipline, and/or evidence of further professional study

Possesses or has ability to obtain SC clearance with UK-eyes only caveat

Ability to lead and manage work across a small team, including planning and reporting

Ability to communicate complex concepts to internal and external stakeholders

Ability to understand and develop requirements and design material at levels ranging from complete system to individual SRI

Excellent verbal & written communication skills

Positive attitude and strong desire to improve the business

Desirable

High-level knowledge of Radar / embedded systems domain and associated hardware, firmware, and software architecture

Experience in the development of security solutions for a military and/or commercial products and systems

Good understanding of technical, procedural and administrative security controls and how to apply them

Practical experience of producing documentation to support Security Accreditation of products and systems

Practical experience of NCSC and Common Criteria security evaluation techniques and requirements up to High Grade

Knowledge of UK/NATO Information Assurance standards, procedures & systems, such as HMG Security Policy Framework, HMG IS1&2 , ISO27001, JSP440, JSP604, guidance material provided by NCSC, CPNI and NIST

Knowledge of current Crypto technologies, Key Management Systems & practical COMSEC implementations

Registered NCSC Certified Professional at senior level or above, or NCSC recognised qualification, e.g. ISC2 Certified Information System Security Professional

Similar jobs

Similar jobs