Back to Job Search

Principal Engineer - Product Security Analyst

  • Location: Barrow
  • Salary: Up to £63.21 per hour per hour
  • Job Type:Contract

Posted almost 2 years ago

  • Sector: Engineering
  • Contact: Defence Team
  • Contact Email: defence@jamrecruitment.co.uk
  • Duration: 6 Months
  • Start Date: 11/10/2021
  • Client: BAE Systems
  • Expiry Date: 28 June 2022
  • Job Ref: BAE084245_1652767214

Role Description

The PSA Principal Engineer will be a focal point for security and information risk matters within the Product Security Engineering (PSyE) team and will be able to apply their deep level of subject matter expertise and experience to ensure that submarine systems and products are delivered and can be managed and supported through-life. They will be able to support the appropriate authorities/management to ensure the delivered solutions meet the specified contractual and regulatory requirements and can be operated securely, correctly and safely. They will provide subject matter expertise and advice to other functional and capability areas to support overall project delivery and performance.

The PSA Principal Engineer will have a good understanding of the applicable regulations, standards, policies and guidance on information risk management, to be able to identify, analyse and evaluate information risks. They will be able to speak knowledgably and credibly with customer, user and internal stakeholders to explain the causes of information risks, their likelihood and potential operational and business impacts. They will be able to document and present risk management options to the business and participate in discussions.

The PSA Principal Engineer will have a working knowledge of the cyber security and information assurance marketplace, including products, suppliers and key threats, and will also have an understanding of the direction of potential future technologies.



Main Responsibilities

  • Provide advice on Product Security matters for programmes to a wide range of stakeholders which will include; System Engineers, Engineering Managers and Technical Authorities as required.
  • Gain sufficient understanding of a system, its concept of use and architectures in order to provide an accurate assessment of Product Security in terms of possible threats, potential avenues of attack and to advise on the application of secure development practices.
  • Be able to select appropriate Product Security techniques which are consistent and repeatable for use across a programme.
  • Understand and be able to provide relevant guidance on the threat environment for a programme.
  • Ensure that Product Security analysis of a project, system or equipment, is delivered and is managed using recognised risk analysis techniques.
  • Ensure that Product Security analysis work is fully documented, enabling the management of risk throughout the product lifecycle.
  • Be able to contribute and influence the development of Product Security strategies, policies, guidance, good practices and awareness.
  • Be able to recommend appropriate controls to mitigate identified risks in line with government and MOD policies and good practice, to provide more cost effective risk mitigation in the longer term.
  • Present risks and proposed controls to internal and external stakeholders, to achieve agreement and buy-in.
  • Be able to plan and manage work concurrently across multiple security work programmes.
  • Provide regular updates on project status/progress in accordance with project specific reporting cycles.
  • Represent the Product Security group at Design Reviews and other various engagements, to ensure that Product Security is appropriately considered at each stage of the design lifecycle.
  • Undertake peer reviews as directed.
  • Provide technical guidance and supervision to other Product Security engineers and support the management and planning of specialist activities.
  • Provide technical guidance and support in relation to product incident management.

Desirable skills

  • Holds NCSC CCP SIRA status (or able to achieve)
  • Good understanding of information security principles and is able to advise on the potential impact to Product Systems.
  • Experience of Product Security Engineering activities in the defence, maritime or closely linked domain.
  • Knowledge of security related activities required to support the engineering lifecycle with experience of operating in the phase relevant to the role.
  • Proven experience of assessing and managing information risk in line with industry good practice.
  • Experience of assessing and advising on controls to support Product Safety.
  • Proven experience of applying Product Security/Information Security concepts to applicable technologies within the environment (or similar).
  • Supports and contributes to information security professional bodies and industry forums.
  • Can demonstrate experience of mentoring and/or providing support to others.
  • Is a member of a professional institute
  • Can demonstrate continuous improvement, professional development and awareness of current industry good practice.

JAM Recruitment is acting as an employment business with regards to this position.

View our latest jobs today on our website and follow us on Facebook, Twitter & LinkedIn