Cyber Security Engineer

Purpose of the Job

As cyber threats continue to diversify and grow, so too do we need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems we are delivering for the Elizabeth Line.

The cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our future customers as they travel across the capital’s network, and ultimately helping to realise the Government’s ambition to make the UK the safest place in the world to be online and do business.

The role of Cyber Security Analyst / Engineer is a technical role within the Technical Directorate reporting to the Chief Information Security Officer. In this role you will provide comprehensive advisory, technical and consultancy services in relation to the protection of Industrial Control Systems (ICS) and Operational Technology (OT).

The ideal candidate would have experience working with control systems or in a related industrial field and be able to demonstrate their ability to rise to new challenges through continuous professional development. They will possess excellent written and verbal communication skills and be looking to develop their career in cyber security. Prior experience in cyber security would be advantageous but is not essential. Successful candidates will receive a combination of formal and on-the-job training to develop their cyber security skillset.

Principal Accountabilities

• Developing a cyber security culture and capabilities within our delivery and engineering teams.
• Supporting programmes and projects across the company to deliver secure solutions.
• Reviewing and collaborating on the development of technical designs and architecture to assure delivery of solutions that align with our cyber security policies and standards.
• Developing security standards and architectural patterns to facilitate a consistent approach to the secure design of ICS/OT systems.
• Supporting and developing our incident response capability within our ICS/OT environments.
• Supporting internal stakeholders in understanding and meeting regulatory obligations.
• Supporting internal stakeholders in assessing, understanding and managing cyber security risk within existing ICS/OT environments.
• Continuous improvement of CSIRT’s internal processes and tools.
• Take reasonable care of your own and others’ health and safety and of those who may be affected in the day-to-day delivery of this role by taking personal responsibility for working to Target Zero principles
• Co-operate with in all matters relating to health and safety, including following safe working procedures at all times
• Act as a role model for vision and values, behaving in ways that are in alignment with Ways of Working. Encourage and support others to do so too
• Promote equality in the workplace and adopt appropriate behaviour when interacting with colleagues
• Take necessary care to properly protect the confidentiality, integrity and availability of corporate information from unauthorised disclosure, modification or destruction. Never knowingly put information or information systems at risk

Main challenges of the job

• Provide cyber security support ensuring that technical standards are being applied through critical examination of contractor’s assurance evidence submissions.
• Ensure contractors compliance with applicable standards, specifications and procedures
• Provide technical advice to project teams within area of expertise.
• Contribute to successful system integration through involvement of relevant disciplines and parties.

Required Knowledge, Skills and Experience:

• Substantial ICS/OT experience, both hands on and from a design perspective (e.g. PLCs, HMIs, SCADA & DCS, Industrial Networking and Telecommunications)
• Experience operating in time critical, complex, interconnected technical environments
• Experience creating and reviewing engineering designs and enhancing solutions against company standards
• A working understanding of telecommunications and IP networking in an IT or OT environment
• Experience configuring and administering Windows systems
• Highly effective written and verbal communications skills, employing appropriate methods of persuasion when soliciting agreement and demonstrating both empathy and assertiveness when communicating a need or defending a position
• Relevant analytical thinking skills, identifying many possible causes for a problem based on prior experience and current research

Desirable Knowledge, Skills and Experience:

• Experience configuring and administering Linux, Unix, or real-time operating systems
• Experience working with safety-rated control systems
• Applied and theoretical knowledge of cyber security industry standards such as NIST 800-82, CIS Critical Security Controls, and ISA99/IEC62443
• Experience working with different security technologies
• An understanding of cyber security threats and common vulnerabilities within ICS/OT environments
• Experience conducting cyber security risk assessments on complex interconnected systems

Desirable Qualifications:

• A bachelor’s or above degree in science, engineering, or a related field.
• ISA Certification
• GIAC Certification
• CompTIA Certification
• ISACA Certification
• (ISC)2 Certification
• Any other cyber security-related certifications