Product Security Engineer

Job title: Security Engineer - Cyber & Physical

Salary: Up to £57,810 per annum

A security engineering role applying the principles of Information Assurance (IA), cyber security and physical security to the entire engineering lifecycle of a system, from requirement definition through to security assurance at acceptance and then following through to system customer support.

What you'll be doing:

Manage the security design and accreditation of a number of maritime products through all phases of the engineering lifecycleLiaise with the system accreditor to ensure that requirements are met and risk is reduced to acceptable levels
• Determine the physical and cyber security strategy and influence and shape the technical design for each product to build security into the design from development conception and throughout the engineering development lifecycle
• Use appropriate tools and techniques to analytically determine the IA, security risks and vulnerabilities associated with a system design
• Provide technical direction for the practical implementation of security mitigation technologies such as encryption and anti-tamper solutions
Define and articulate acceptance strategies used to verify IA, cyber security and physical security requirement compliance at appropriate levels of system design, supporting production of associated customer security assurance evidenceMaintain a good working knowledge of contemporary IA cyber and physical security standards, Industry Security Notices, cyber threat updates, technologies and practices

Your skills and experiences:

Essential:

• Experience of physical and/or cyber security (ideally with UK/NATO/International standards)
• Knowledge and understanding of current legislation, standards, processes and tools used in security engineering
• Knowledge and understanding of physical and cyber security risk assessment, use of risk assessment frameworks, and experience in production of concise technical documentation suitable for RMADS use
• Experience in production and prosecution of security risk remediation plans
• Appreciation of the technical complexities of large system designs with experience as to how this influences security vulnerabilities and the ability to achieve security accreditation
• Further education (or equivalent experience) in a relevant STEM discipline

Desirable:

• Experience of contemporary security frameworks such as NIST, JSP440 or legacy IAS1&2
• Ideally have CCP qualifications or experience of competencies at practitioner level as a Security & Information Risk Advisor or an IA Architect

Benefits:

You'll receive benefits including a competitive pension scheme, enhanced annual leave allowance and a Company contributed Share Incentive Plan. You'll also have access to additional benefits such as flexible working, an employee assistance programme, Cycle2work and employee discounts - you may also be eligible for an annual leave incentive.

Why BAE Systems?

This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals.

We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments."

Please be aware that many roles working for BAE Systems will be subject to both security and export control restrictions. These restrictions mean that factors including your nationality, any previous nationalities you have held, and your place of birth may limit those roles you can perform for the organisation.