The Role and Responsibilities

Your key responsibilities will encompass the following:

• Consulting with clients to identify the security resilience requirements needed to safeguard their organisations mission and business activities.

• The application of architectural and cyber resilience principles to develop appropriate models, standards, policies and solutions that support the client in their security resilience.
• Identify effective human, procedural and technical controls to reduce the effectiveness of a cyber-attack and minimise the organisation’s cyber risks.
• Work with engineering teams to embed security design principles and activities in the engineering development lifecycle.
• Evaluate security architectures and designs to understand the effectiveness of these designs from a security perspective. Provide advice and support in remedying any gaps. 
• Provide Cyber Security advice and guidance for clients in ‘business as usual’, technical refresh and new project environments.
• Identify critical business functions and the cyber effects that may be created to adversely impact them.  Create client centric solutions to address these cyber risks. 
• Be able to apply technical knowledge, with creative and innovative thinking in a broad range of complex and non-routine contexts.
• Build successful working relationships with team members, key customers and stakeholders that improves the value of the security services being performed.

The Requirements

Essential:

• Experience of delivering technical Cyber Security consultancy in multi-disciplined environments.
• Awareness of the various business drivers different organisations may have.
• An awareness of the Ability to work alongside enterprise architecture and the systems engineers.
• Experience of conducting cyber risk assessments/management and the deployment of appropriate controls.
• An excellent communicator, verbal (active listener) and written (able to write concisely).
• Ability to articulate and pitch Cyber Security advice both at a technical and non-technical level, directly to key customer stakeholders.
• Ability to work on multiple projects and tasks concurrently, successfully balancing business and client priorities.
• Ability to provide high-quality work under pressure that delivers security outcomes to tight deadlines and manage client stakeholder expectations.
• Ability to work both effectively individually and within a team in a multi-discipline environment and in a matrix organisation.
• A wide awareness of Cyber Security across Government and Industry to include; HMG Information Assurance Policies, Standards and Guidelines, including the Security Policy Framework, the CESG IA Portfolio and JSP440 (plus other standard MOD Information Assurance methods).
• An interest in maintaining and enhancing technical and consultancy skills.
• Ambition to work in a challenging and rewarding role that provides real benefit to clients.

Desirable:

• Experience of applying SABSA or equivalent security architecture approaches.
• Experience of using cyber kill chain analysis to identify practical interventions to reduce the effectiveness of an attack, stop or it’s propagation throughout the system/s in question.
• CESG Certified Professional (Security and Information Risk Advisor or Security Architect).
• Understanding of the different approaches and technologies used in identifying and addressing cyber threats on the network.
• Awareness of how the cyber analyst integrates with network operations including using and applying Security incident and event management.
• Awareness of data analytics and how they can be used in cyber security.
• Certified Information Systems Security Professional (CISSP) or equivalent.
• Associate/Full Membership of recognised security professional body such as the Institute of Engineering Technology (IET), Institute of Information Security Professionals (IISP) or the British Computer Society (BSC).
• A keen interest in the latest technology with a focus on security technologies.
• Experience within programme and project environments.