Cyber Security Engineer in Chippenham

We have an exciting opportunity for a Senior Cyber Security Engineer (Assurance) to join our Rail Infrastructure Communication and Information Systems (CIS) business. Location is flexible but face to face time on a weekly basis in Chippenham or Ashby de la Zouch, England, United Kingdom is required.

As market leaders across rail and logistics, we are pursuing the goal of networking various transportation systems with one another to move people and goods efficiently.

This role is for a Senior Cyber Security Engineer (Assurance) with both product and whole solution security expertise within an Operation Technology environment. The candidate shall be capable of technically specifying, leading, and consulting on Cyber Security related activities including architecture development, risk assessment, security testing and compiling assurance evidence against evolving industry standards.

The Cyber Security Engineer will play a lead role across the whole delivery lifecycle from bidding to commissioning and support, including:

• Security requirements management
• Security risk assessment
• System security zoning and protection
• Development of security test strategies

The Cyber Security Engineer shall be expected to engage across the whole engineering lifecycle, working alongside product and solution development and project delivery teams. This role will help play a major part in delivering the safe and secured rail signalling and control systems, electrification, SCADA and station information and security systems that the business demands.

What Qualifications, Skills and Experience do I need?

• Educated to degree level (or equivalent) in an engineering, scientific or numerate discipline.
• Experience in providing security engineering leadership in demanding Operational Technology environments.
• Proven practical experience of applying IEC 62443 standard series.
• Understanding and practical experience of applying CENELEC standards.
• Preferably have at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), or CESG Certified Professional (CCP).
• Experience in mentoring and developing other engineers.
• Excellent communication skills and the ability to influence both internal and external stakeholders.

What will be your Responsibilities?

• Engaging with our clients’ security teams to understand their wider security strategy, including process and assurance evidence and risk appetite.
• Specification and maintenance of security requirements for projects. Support for meeting international and regional security standards and regulations (NIS, NIS2, EU CRA, IEC62443, TS 50701) in the project.
• Creating efficient and clear Cyber Security Management Plans and monitoring progress against that plan (include delivery to time, budget and quality).
• Developing architectures that compartmentalise systems into zones and conduits and identifying security controls required to provide adequate protection.
• Planning and performing threat and risk analysis and definition of countermeasures in line with risk acceptance criteria of organisation.
• Evaluation of third-party components against product and solution security requirements.
• Compilation and review of artefacts produced during the development and engineering process regarding product and solution security.
• Verification of implementation regarding security requirements (e.g., as part of system test, factory, or site acceptance test).
• Validation (e.g., penetration testing) to ensure that implementation fulfils security expectations of customers (e.g., to identify security vulnerabilities, and to evaluate the effectiveness of remediation measures).
• Support to build up required competencies for product and solution security within the project team.
• Representing security engineering within project milestone and stage gate reviews.
• Collection of security related lessons learned to feed into continuous improvement activities.
• Involvement in the analysis and response to security vulnerabilities and incidents.

The candidate will also be expected to maintain an appreciation of new technologies, emerging risks, and standards, together with their application to support ongoing deliveries.