Information Security Manager - SC Cleared
- Recruiter
- Anonymous
- Location
- Salisbury
- Salary
- 400.00 - 500.00 GBP Annual
- Posted
- 03 Sep 2018
- Closes
- 01 Oct 2018
- Sectors
- Facilities Management
- Contract Type
- Contract
- Hours
- Full Time
Job Title: Information Security Manager
- CV Submission Deadline: Thursday 6th September (Email Removed) 15:15
- Daily Pay Rates: GBP489.85 Umbrella (In Scope)
- Hours: Daily 7.4 / Weekly 37
- Location: South West:Dstl Porton Down
- Contract Length: 17/09/2018 to 16/09/(Apply online only) days
- Security Clearance Level Required: SC
Our client DSTL are seeking an Information Security Manager
Overview:
The candidate will work for the Cyber and Information Systems Division across various defensive projects. Whilst inegrated into the CSTAR team under the line management of the Team Leader, the candidate will be primarily resourced to two projects as a systems engineer and cyber security SME reporting to the respective Project Technical Authority, Project Manager and any Task Leads.
Description:
Main Duties and Responsibilities: Assisting planning and scoping of security engagements; Third party security assurance reviews; Creation and documentation of Security Policies and Procedures; Assisting with the ongoing management and maintenance of the certification and training management system; Performing and maintaining research in current information security areas
Cyber Vulnerability Investigations (CVIs) are being undertaken on various Defence capabilities, platforms, and sites.
Reporting to the CVI leader and following the defined assessment lifecycle, you will review architecture and system design documentation and gather information through visits to sites and platforms.
You will identify potential cyber access vectors, cyber effects and their impact on operational objectives of those sites and platforms.
Assessments of cyber assurance activity maturity shall also be undertaken. Risks and potential mitigations shall be determined.
The assessments shall largely be achieved through review of technical design information and existing security documentation, coupled with supplier and operator discussions.
Vulnerability research or active testing of the systems shall not be undertaken, but recommendations for such follow-on activities, against the prioritised operational risks you identify, will need to be made. Additionally the candidate may be tasked as a theme lead for leading research opportunity in future defensive cyber concepts and solutions.
The candidate will have a sound understanding of and innovative attitude to cyber defence. We are looking for someone who has: Experience of architecting, engineering or assessing complex systems comprised of business enterprise technology (traditional IT devices and networking), combat / mission systems (a mixture of bespoke and traditional programmable elements and networking, vehicle systems (including industrial control systems and vehicle data bus networking) and communication systems (including HF, VHF, UHF, SATCOM, and Tactical Data and Command and Control Links).
Furthermore, an understanding of cyber vulnerabilities and how they may manifest themselves in such systems, and how vulnerability research is undertaken such that a potential adversary may discover and exploit new vulnerabilities, is required In this role you will undertake:
- Socio-Technical Modelling - identify the system architecture and people processes; such as training facility, integration facility, land based command and control site with communications to deployed assets
- Cyber Threat and Mission Impact Assessment - identify the attack surface / potential access vectors, such as RF or physical media, against the architecture, and identifying cyber effects and their mission impact; such as spoofing control data due to encryption enabling replay attack leading to inability to deliver strike capability
- Cyber Security Maturity Assessments - assessing cyber defence controls in place; such as access controls and user training, against a defined list of controls and their level of maturity
- Vulnerability Capture and Recording - documenting risks in an actionable and prioritised way; such as a reduce likelihood of control spoofing risk due to spectrum monitoring and proprietary protocol documented on secure systems and used only within the UK
Experience Required
Knowledge, Skills & Experience Required
An understanding of software, firmware, hardware, networking protocols and other interface definitions is required, as is familiarity with cyber security vulnerabilities, the cyber kill chain and security testing. A computer science background in systems engineering, systems/enterprise/network architecting, software engineering, vulnerability research and / or information assurance (or similar) is therefore preferable.
Personal Qualities
Technical expertise: Practitioner
Has sound technical knowledge and skills which are applied appropriately to CVI tasks. Technical knowledge and skills include system engineering, cyber (knowledge of cyber technologies and protocols), knowledge of CVI tools & techniques, facilitation skills, know how to build IT systems, integrate them into platforms, systems thinking, application of experience - know how to pilot / conduct tests:
- Demonstrates good modelling skills.
- Good technical background and understanding (experience in cyber maturity assessment eg NIST).
- Good core system engineering skills required for the early stages of a CVI and throughout a CVI, for planning and considering complex problems. Technical and practical experience to draw upon.
- Keep up to date with system developments.
- Good cyber technical skills - previous experience in cyber projects - general cyber awareness.
- Knowledge of CVI tools and techniques e.g. red and blue teaming. Deep technical knowledge across cyber domain e.g. pen testing.
- Networking comms, systems.
- Detailed technical knowledge of cyber defence strategies (IDS, IPS, Deception etc)
- Application of systems thinking, appreciation of the techniques and able to apply.
- Application of knowledge to breaking down tasks, knowing where best it is to conduct work.
- Applying knowledge, technical credibility, attention to detail, professionalism, interpreting results.
Knowledge acquisition and judgement: Practitioner
Able to assimilate new domain and technical knowledge quickly, understand its utility and applicability and use it as appropriate. Open to learning, and learns from experience:
- Quick to pick up new knowledge and understand its use/applicability, focus on important aspects, able to apply new knowledge quickly and confidently.
- Able to initiate/conduct reviews lessons learned to ensure continuous improvement in CVI delivery.
- Able to apply judgement to CVI issues such as the relative importance of time v quality.
Pro-active approach: Practitioner
Displays a proactive, agile and professional approach to work:
- Willing to try new approaches/improvise, even in uncertain circumstances.
- Takes the initiative.
- Able to show persistence, even when stakeholder relationships are difficult.
-Able to adapt/deviate from the plan in unforeseen circumstances, or if something is not working.
-Inspires confidence in stakeholders
-Self-awareness: Supervised
-Leadership & management: Supervised
-Stakeholder engagement and professional approach: Supervised
-Communication: Supervised
-Team working: Supervised
-Organisational skills: Supervised
-Process knowledge: Awareness
-Domain knowledge: Awareness
Additional qualifications required for this role
-Bachelors degree or equivalent in a computer science or related discipline.
-Engineering /Computing Charter-ship from a recognised professional body.
-Experience, training or certification in relevant computer security topics (CISSP, CISM, CREST SEC+, ISO27000 series, NIST)
- CV Submission Deadline: Thursday 6th September (Email Removed) 15:15
- Daily Pay Rates: GBP489.85 Umbrella (In Scope)
- Hours: Daily 7.4 / Weekly 37
- Location: South West:Dstl Porton Down
- Contract Length: 17/09/2018 to 16/09/(Apply online only) days
- Security Clearance Level Required: SC
Our client DSTL are seeking an Information Security Manager
Overview:
The candidate will work for the Cyber and Information Systems Division across various defensive projects. Whilst inegrated into the CSTAR team under the line management of the Team Leader, the candidate will be primarily resourced to two projects as a systems engineer and cyber security SME reporting to the respective Project Technical Authority, Project Manager and any Task Leads.
Description:
Main Duties and Responsibilities: Assisting planning and scoping of security engagements; Third party security assurance reviews; Creation and documentation of Security Policies and Procedures; Assisting with the ongoing management and maintenance of the certification and training management system; Performing and maintaining research in current information security areas
Cyber Vulnerability Investigations (CVIs) are being undertaken on various Defence capabilities, platforms, and sites.
Reporting to the CVI leader and following the defined assessment lifecycle, you will review architecture and system design documentation and gather information through visits to sites and platforms.
You will identify potential cyber access vectors, cyber effects and their impact on operational objectives of those sites and platforms.
Assessments of cyber assurance activity maturity shall also be undertaken. Risks and potential mitigations shall be determined.
The assessments shall largely be achieved through review of technical design information and existing security documentation, coupled with supplier and operator discussions.
Vulnerability research or active testing of the systems shall not be undertaken, but recommendations for such follow-on activities, against the prioritised operational risks you identify, will need to be made. Additionally the candidate may be tasked as a theme lead for leading research opportunity in future defensive cyber concepts and solutions.
The candidate will have a sound understanding of and innovative attitude to cyber defence. We are looking for someone who has: Experience of architecting, engineering or assessing complex systems comprised of business enterprise technology (traditional IT devices and networking), combat / mission systems (a mixture of bespoke and traditional programmable elements and networking, vehicle systems (including industrial control systems and vehicle data bus networking) and communication systems (including HF, VHF, UHF, SATCOM, and Tactical Data and Command and Control Links).
Furthermore, an understanding of cyber vulnerabilities and how they may manifest themselves in such systems, and how vulnerability research is undertaken such that a potential adversary may discover and exploit new vulnerabilities, is required In this role you will undertake:
- Socio-Technical Modelling - identify the system architecture and people processes; such as training facility, integration facility, land based command and control site with communications to deployed assets
- Cyber Threat and Mission Impact Assessment - identify the attack surface / potential access vectors, such as RF or physical media, against the architecture, and identifying cyber effects and their mission impact; such as spoofing control data due to encryption enabling replay attack leading to inability to deliver strike capability
- Cyber Security Maturity Assessments - assessing cyber defence controls in place; such as access controls and user training, against a defined list of controls and their level of maturity
- Vulnerability Capture and Recording - documenting risks in an actionable and prioritised way; such as a reduce likelihood of control spoofing risk due to spectrum monitoring and proprietary protocol documented on secure systems and used only within the UK
Experience Required
Knowledge, Skills & Experience Required
An understanding of software, firmware, hardware, networking protocols and other interface definitions is required, as is familiarity with cyber security vulnerabilities, the cyber kill chain and security testing. A computer science background in systems engineering, systems/enterprise/network architecting, software engineering, vulnerability research and / or information assurance (or similar) is therefore preferable.
Personal Qualities
Technical expertise: Practitioner
Has sound technical knowledge and skills which are applied appropriately to CVI tasks. Technical knowledge and skills include system engineering, cyber (knowledge of cyber technologies and protocols), knowledge of CVI tools & techniques, facilitation skills, know how to build IT systems, integrate them into platforms, systems thinking, application of experience - know how to pilot / conduct tests:
- Demonstrates good modelling skills.
- Good technical background and understanding (experience in cyber maturity assessment eg NIST).
- Good core system engineering skills required for the early stages of a CVI and throughout a CVI, for planning and considering complex problems. Technical and practical experience to draw upon.
- Keep up to date with system developments.
- Good cyber technical skills - previous experience in cyber projects - general cyber awareness.
- Knowledge of CVI tools and techniques e.g. red and blue teaming. Deep technical knowledge across cyber domain e.g. pen testing.
- Networking comms, systems.
- Detailed technical knowledge of cyber defence strategies (IDS, IPS, Deception etc)
- Application of systems thinking, appreciation of the techniques and able to apply.
- Application of knowledge to breaking down tasks, knowing where best it is to conduct work.
- Applying knowledge, technical credibility, attention to detail, professionalism, interpreting results.
Knowledge acquisition and judgement: Practitioner
Able to assimilate new domain and technical knowledge quickly, understand its utility and applicability and use it as appropriate. Open to learning, and learns from experience:
- Quick to pick up new knowledge and understand its use/applicability, focus on important aspects, able to apply new knowledge quickly and confidently.
- Able to initiate/conduct reviews lessons learned to ensure continuous improvement in CVI delivery.
- Able to apply judgement to CVI issues such as the relative importance of time v quality.
Pro-active approach: Practitioner
Displays a proactive, agile and professional approach to work:
- Willing to try new approaches/improvise, even in uncertain circumstances.
- Takes the initiative.
- Able to show persistence, even when stakeholder relationships are difficult.
-Able to adapt/deviate from the plan in unforeseen circumstances, or if something is not working.
-Inspires confidence in stakeholders
-Self-awareness: Supervised
-Leadership & management: Supervised
-Stakeholder engagement and professional approach: Supervised
-Communication: Supervised
-Team working: Supervised
-Organisational skills: Supervised
-Process knowledge: Awareness
-Domain knowledge: Awareness
Additional qualifications required for this role
-Bachelors degree or equivalent in a computer science or related discipline.
-Engineering /Computing Charter-ship from a recognised professional body.
-Experience, training or certification in relevant computer security topics (CISSP, CISM, CREST SEC+, ISO27000 series, NIST)