Job Title: Senior Cyber Security Engineer (Assurance, Architecture and Test)

Contract Dates: ASAP - 31/12/29

Location: York

*OUTSIDE IR35*

Job Description:

We have an exciting opportunity for a Senior Cyber Security Engineers (Assurance, Architecture and Test) to join our Rail Infrastructure CIS business. This role would preferably be located out of our York office.

Our Team and what we do:

This role is for a Cyber Security Engineer with both product & whole solution security expertise within an Operation Technology environment. The candidate shall be capable of technically specifying, leading, and consulting on Cyber Security related activities including architecture development, security testing and compiling assurance evidence against evolving industry standards.

The Cyber Security Engineer will play a lead role across the whole delivery lifecycle, including: Security requirements management, security risk assessment, system security zoning and protection, development of security test strategies. The Cyber Security Engineer shall be expected to engage across the whole engineering lifecycle, working alongside product and solution development and project delivery teams. This role will help play a major part in delivering the safe and secured signalling and control systems that the business demands.

Responsibilities:

• Engaging with our clients’ security teams to understand their wider security strategy, including process and assurance evidence and risk appetite.

• Specification and maintenance of security requirements for projects. Support for meeting international and regional security standards and regulations (like NIS, IEC62443, WIB, NERC-CIP) in the project.

• Developing architectures that compartmentalise systems into zones and conduits and identifying security controls required to provide adequate protection.

• Evaluation of third-party components regarding product & solution security.

• Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organisation.

• Compilation and review of artefacts produced during the development and engineering process regarding product & solution security.

• Verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test).

• Validation (e.g., penetration testing) to ensure that implementation fulfils security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures).

• Support to build up required competencies for product & solution security within the project team

• Representing security engineering within project milestone and stage gate reviews.

• Collection of security related lessons learned to feed into in continuous improvement activities

• Involvement in the analysis and response to security vulnerabilities & incidents.

• The candidate will also be expected to maintain an appreciation of new technologies, emerging risks, and standards, together with their application to support ongoing deliveries.

What Qualifications, Skills and Experience do I need?

• Educated to degree level (or equivalent) in an engineering, scientific or numerate discipline.

• Experience in providing security engineering leadership in a demanding Operational Technology environments

• Proven practical experience of applying IEC 62443 standard series.

• Understanding and practical experience of applying CENELEC standards.

• Preferably have at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or CESG Certified Professional (CCP)

• Experience in mentoring and developing other engineers

• Excellent communication skills and the ability to influence both internal and external stakeholders.