Information Assurance Engineer

Security Cleared or be prepared to undergo a Security Clearance.

Security Expert for current and future requirements relating to cyber security solutions.

KEY ACCOUNTABLILTES

• This is a role for an Information Assurance candidate who is required to work in an HMG environment with experience of defence services.
• The role will provide support to design teams in both HMG project and Commercial areas
• This role needs to have a demonstrable working knowledge of HMG Technology and

Information Risk Management guidance and standards.

• This will also include open and best practice standards such as ISO 27001.
• The candidate will be involved in the gathering of qualitative and quantitative data, generating relevant project documentation and client interfacing at a senior level for formal accreditation of systems.
• Implementation and configuration of Windows components for operation in a high-security environment according to programme requirements
• Software configuration management
• Operating system deployment and upgrade
• Installer and build scripting, including application installation and drive imaging
• Security and system testing in co-operation with IST and Integration teams
• Documentation of procedures and compliance
• Full lifecycle support for product change requests (including analysis, design, implementation and test)
• Occasional liaison with internal and external stakeholders, potentially including Government, CESG and related suppliers
• Occasional travel within the UK
• To be aware of and comply with Company Standards of Conduct and all relevant statutory requirements
• To carry out any other reasonable management requests

INCLUDING: DECISION MAKING AUTHORITY, BUDGET CONSTRAINTS, KPI’s

TECHNICAL/JOB SPECIFIC SKILL

• Ability to use HMG Standards, including Information Assurance Standard 1 and 2 for technical risk assessment and creation of Accreditation documentation.
• Have worked with and implemented:

- HMG Departmental Policies and Publications such as MoD Joint Service Publications.

- CESG Good Practice Guides and other CESG guidance.

- Cabinet Office Policies such as the Security Policy Framework.

- Systems in high impact level environments, including achieving full IA Accreditation.

• Used HMG Approved hardware devices such as Data Diodes and Enhanced grade encryption devices.
• Familiarity with personal computer lockdown techniques using domain based technologies.

This role would be suitable for:

• An experienced Security Architect who was also a CESG Listed Advisor Scheme (CLAS) member and is now a CESG Certified Professional (CCP).
• Information Assurance (IA) practitioner.
• Experienced ISO27001 practitioner, including creating Statement of Applicability's.
• Someone who has an understanding of Cryptographic techniques and technologies.

Ideally, the candidate would be:

• A member of an IA group such as the Trusted Security Advisor Register (TSAR).
• A member of an IA related professional body such as IISP, APM Group or BCS.
• Familiar with Network Penetration Testing using manual or automatic methods including tools such as the US DoD Cyber Security Evaluation Tool.
• Experienced in a maritime environments.
• Experienced in Industrial Control Systems environments.